Installation of dependencies (requirements.txt) not completing due to dependency of django not pinned

[Natsec]

This is opensource and you getting free support so be friendly!

• Wants to say thanks -> buy me a beer

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• I checked to make sure that this issue has not already been filed
• I'm reporting the issue to the correct repository (for multi-repository projects)
• I read my log of instalation, all issues will be closed if you don't do your part of work
• I understand that reporting issue related to any instalation script without instalation log is useless and will be closed

Expected Behavior

When installing python dependencies at line 953 : CRYPTOGRAPHY_DONT_BUILD_RUST=1 pip3 install -r /opt/CAPEv2/requirements.txt, installation should complete.

Current Behavior

Hello 🙂
The installation fails because a dependency of django (backports.zoneinfo) is not pinned, and this causes the failure of the command.

I get the following error :

ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
    backports.zoneinfo; python_version < "3.9" from https://files.pythonhosted.org/packages/1a/ab/3e941e3fcf1b7d3ab3d0233194d99d6a0ed6b24f8f956fc81e47edc8c079/backports.zoneinfo-0.2.1-cp38-cp38-manylinux1_x86_64.whl#sha256=7b0a64cda4145548fed9efc10322770f929b944ce5cee6c0dfe0c87bf4c0c8c9 (from django==4.0.4->-r /opt/CAPEv2/requirements.txt (line 203))

This may be related to the update of django to version 4 in the CAPEv2 repo.

Reading https://stackoverflow.com/questions/58843905/what-is-the-proper-way-to-decide-whether-to-allow-unsafe-package-versions-in-pip, they suggest to use --allow-unsafe when launching pip-compile to generate requirements.txt (also see jazzband/pip-tools#806).

[doomedraven]

closing here due to crossposting, cape repo is correct place for this, but thank you for you report