Comments (3)
svetlyak40wt
commented on July 20, 2024
Well, after further investigation, I found, that pip (1.4.1), by default, sets allow_all_insecure and allow_all_external on PackageFinder during pip install. Although such simple patch fixes the issue:
diff --git a/piptools/package_manager.py b/piptools/package_manager.py
index 7b3125a..56da428 100644
--- a/piptools/package_manager.py
+++ b/piptools/package_manager.py
@@ -260,6 +260,8 @@ class PackageManager(BasePackageManager):
index_urls=['https://pypi.python.org/simple/'],
use_mirrors=True,
mirrors=[],
+ allow_all_external=True,
+ allow_all_insecure=True,
)
link = finder.find_requirement(requirement, False)
self._link_cache[specline] = linkI think it is not best idea, to hardcode these parameters. It is better to add ability to pass any unknown command line option down to pip's package manager.
from pip-tools.
nvie
commented on July 20, 2024
Agreed, passing down options makes sense.
from pip-tools.
nvie
commented on July 20, 2024
I'm closing old issues. If this issue still applies and requires my attention, I ask you kindly to re-open it or file a new issue. Thanks.
from pip-tools.
Related Issues (20)
- Eventually implement support for the PEP 735 "dependency groups" HOT 6
- Request: leave environment variable references as-is in requirements.txt output. HOT 10
- [FR] Offer an example usage command in the default header comment HOT 2
- flag in COMPILE_EXCLUDE_OPTIONS showing up in header HOT 1
- pip-sync crashes (and is uninstalled) on reinstall of `pip-tools` HOT 3
- Add an option to track source file changes HOT 1
- Make it possible to figure out why packages conflict HOT 9
- pip-compile slow and wasteful caching behavior for large packages (eg pytorch) HOT 3
- [TODO][research] Possibly integrate `pyproject-metadata` HOT 1
- Using pip-compile with --build-deps-for or --all-build-deps gives error when using multiple source files. HOT 3
- [TODO][CI][pip upstream changes] Fix failing nightlies running against `pip`'s `main` branch HOT 4
- [TODO][CI] Add macOS 14 ARM 64 to the matrix
- Research ways to support verifying the PEP 740 digital attestations early
- Output --no-binary and --only-binary options to preserve pip behavior HOT 4
- pip-compile is taking forever for python3.13 HOT 4
- Make it possible to avoid yanked versions of packages in the compiled requirements HOT 2
- Use src-layout instead of flat-layout HOT 4
- pip-sync should respect pip-compile's output_file configuration HOT 1
- pip-compile should not generate a command with --output-file if the output file matches the configuration HOT 2
- Config file discovery doesn't work as intended HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pip-tools.