You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At some point in the last 7 days (build cache time), the hashes for Gunicorn appear to have changed.
ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
gunicorn==20.1.0 from https://files.pythonhosted.org/packages/e4/dd/5b190393e6066286773a67dfcc2f9492058e9b57c4867a95f1ba5caf0a83/gunicorn-20.1.0-py3-none-any.whl (from -r /tmp/pipenv-g7_1pdnq-requirements/pipenv-d64a8p6k-hashed-reqs.txt (line 32)):
Expected sha256 e0a968b5ba15f8a328fdfd7ab1fcb5af4470c28aaf7e55df02a99bc13138e6e8
Got 9dcc4547dbb1cb284accfb15ab5667a0e5d1881cc443e0677b4882a4067a807e
Our Pipefile and Pipefile.lock haven't changed since 2021.
Is this something anyone has come across or could this be a valid security concern? I wouldn't have expected the SHA256 hash to change and pipenv doesn't like it when running.
At some point in the last 7 days (build cache time), the hashes for Gunicorn appear to have changed.
Our
Pipefile
andPipefile.lock
haven't changed since 2021.Is this something anyone has come across or could this be a valid security concern? I wouldn't have expected the SHA256 hash to change and pipenv doesn't like it when running.
pipefile.lock.txt
pipfile.txt
The text was updated successfully, but these errors were encountered: