Log file Viewer
#pypa logs for Friday the 16th of April, 2021
[16:43:56] <jmcarp> Hey, I'm running into a confusing behavior with pip, and I'm not sure whether it's a bug or if I'm doing something wrong. I made a simple case to reproduce the problem: I have a requirements.in file that just includes botocore and urllib3[secure], and I'm compiling a lockfile at requirements.txt with `pip-compile --generate-hashes`. When I install
[16:43:58] <jmcarp> ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
[16:43:58] <jmcarp> urllib3<1.27,>=1.25.4 from https://pypi.<REDACTED>.com/simple/urllib3/urllib3-1.26.4-py2.py3-none-any.whl (from botocore==1.20.53->-r requirements.txt (line 10))
[16:43:59] <jmcarp> Every library in requirements.txt is pinned with "==". Also, I don't get an error if I don't use the private registry, or if I do use the private registry but drop "[secure]" from urllib3 in the lockfile. As far as I can tell, the wheels I'm downloading from the private registry and the usual pypi are identical. Any ideas about what's going on?