Allow unsafe packages when compiling depdencies

pip-compile considers several packages "unsafe" for pinning. However, we would like to be able to pin the pip version itself in requirements-dev ("pip" is one of these unsafe packages). Adding "--allow-unsafe" tells pip-compile to pin versions of "unsafe" packages. Despite the warning, there's no evidence of any unsafe effects from this, and pip-tools is considering deprecating this flag and making it the default behaviour anyway [1]. I've tested this locally and it seems to work without issue. [1]: jazzband/pip-tools#806 (comment)
Ableton · Jan 18, 2021 · 2f5d876 · 2f5d876
1 parent b4eec7f
commit 2f5d876
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/Makefile b/Makefile
@@ -4,5 +4,5 @@ sync:
 	pip-sync requirements.txt
 
 update:
-	pip-compile --quiet requirements.in --output-file requirements.txt
-	pip-compile --quiet requirements-dev.in --output-file requirements-dev.txt
+	pip-compile --allow-unsafe --quiet requirements.in --output-file requirements.txt
+	pip-compile --allow-unsafe --quiet requirements-dev.in --output-file requirements-dev.txt
diff --git a/requirements-dev.txt b/requirements-dev.txt
@@ -2,7 +2,7 @@
 # This file is autogenerated by pip-compile
 # To update, run:
 #
-#    pip-compile --output-file=requirements-dev.txt requirements-dev.in
+#    pip-compile --allow-unsafe --output-file=requirements-dev.txt requirements-dev.in
 #
 appdirs==1.4.3            # via black
 astroid==2.4.0            # via pylint

diff --git a/requirements.txt b/requirements.txt
@@ -2,7 +2,7 @@
 # This file is autogenerated by pip-compile
 # To update, run:
 #
-#    pip-compile --output-file=requirements.txt requirements.in
+#    pip-compile --allow-unsafe --output-file=requirements.txt requirements.in
 #
 certifi==2019.9.11        # via requests
 chardet==3.0.4            # via requests