From 27092f981ec2521c12c4ca98e99830f018e3b2dd Mon Sep 17 00:00:00 2001 From: Diogo Teles Sant'Anna Date: Tue, 4 Jul 2023 15:15:38 -0300 Subject: [PATCH] ci: rebuild the requirement.txt files using `--allow-unsafe` The flag is needed to create hash-pinned requirements for pip and setup-tools. Find more information about this at these issues from [pip-tools](https://github.com/jazzband/pip-tools/issues/806) and from [pip](https://github.com/pypa/pip/issues/6459). Signed-off-by: Diogo Teles Sant'Anna --- .github/workflows/build-requirements.in | 2 +- .github/workflows/build-requirements.txt | 21 +++++++++++++-------- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-requirements.in b/.github/workflows/build-requirements.in index b6a491474240..1cf85187d835 100644 --- a/.github/workflows/build-requirements.in +++ b/.github/workflows/build-requirements.in @@ -1,4 +1,4 @@ pip wheel cffi -setuptools-rust +setuptools-rust \ No newline at end of file diff --git a/.github/workflows/build-requirements.txt b/.github/workflows/build-requirements.txt index 2f5abdd1eab9..a165d34770a3 100644 --- a/.github/workflows/build-requirements.txt +++ b/.github/workflows/build-requirements.txt @@ -2,7 +2,7 @@ # This file is autogenerated by pip-compile with Python 3.10 # by the following command: # -# pip-compile --generate-hashes build-requirements.in +# pip-compile --allow-unsafe --generate-hashes requirements.in # cffi==1.15.1 \ --hash=sha256:00a9ed42e88df81ffae7a8ab6d9356b371399b91dbdf0c3cb1e84c03a13aceb5 \ @@ -69,7 +69,7 @@ cffi==1.15.1 \ --hash=sha256:ed9cb427ba5504c1dc15ede7d516b84757c3e3d7868ccc85121d9310d27eed0b \ --hash=sha256:fa6693661a4c91757f4412306191b6dc88c1703f780c8234035eac011922bc01 \ --hash=sha256:fcd131dd944808b5bdb38e6f5b53013c5aa4f334c5cad0c72742f6eba4b73db0 - # via -r build-requirements.in + # via -r requirements.in pycparser==2.21 \ --hash=sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9 \ --hash=sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206 @@ -81,7 +81,7 @@ semantic-version==2.10.0 \ setuptools-rust==1.6.0 \ --hash=sha256:c86e734deac330597998bfbc08da45187e6b27837e23bd91eadb320732392262 \ --hash=sha256:e28ae09fb7167c44ab34434eb49279307d611547cb56cb9789955cdb54a1aed9 - # via -r build-requirements.in + # via -r requirements.in typing-extensions==4.7.1 \ --hash=sha256:440d5dd3af93b060174bf433bccd69b0babc3b15b1a8dca43789fd7f61514b36 \ --hash=sha256:b75ddc264f0ba5615db7ba217daeb99701ad295353c45f9e95963337ceeeffb2 @@ -89,9 +89,14 @@ typing-extensions==4.7.1 \ wheel==0.40.0 \ --hash=sha256:cd1196f3faee2b31968d626e1731c94f99cbdb67cf5a46e4f5656cbee7738873 \ --hash=sha256:d236b20e7cb522daf2390fa84c55eea81c5c30190f90f29ae2ca1ad8355bf247 - # via -r build-requirements.in + # via -r requirements.in -# WARNING: The following packages were not pinned, but pip requires them to be -# pinned when the requirements file includes hashes. Consider using the --allow-unsafe flag. -# pip -# setuptools +# The following packages are considered to be unsafe in a requirements file: +pip==23.1.2 \ + --hash=sha256:0e7c86f486935893c708287b30bd050a36ac827ec7fe5e43fe7cb198dd835fba \ + --hash=sha256:3ef6ac33239e4027d9a5598a381b9d30880a1477e50039db2eac6e8a8f6d1b18 + # via -r requirements.in +setuptools==68.0.0 \ + --hash=sha256:11e52c67415a381d10d6b462ced9cfb97066179f0e871399e006c4ab101fc85f \ + --hash=sha256:baf1fdb41c6da4cd2eae722e135500da913332ab3f2f5c7d33af9b492acb5235 + # via setuptools-rust \ No newline at end of file