My build suddenly (after the holidays) started to fail because the hash of swagger-spec-validator==2.1.0 changed. Is this a legitimate change, or has someone tampered with the published version?
Virtualenv location:/--redacted--/.venv
Installing dependencies from Pipfile.lock (3ec315)…
An error occurred while installing swagger-spec-validator==2.1.0! Will try again.
...
Installing initially–failed dependencies…
Collecting swagger-spec-validator==2.1.0 — 00:00:00
Using cached swagger_spec_validator-2.1.0-py2.py3-none-any.whl
THESE PACKAGES DO NOT MATCH THE HASHES FROM Pipfile.lock!. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
swagger-spec-validator==2.1.0 from https://pypi.python.org/packages/44/02/bcc0122d561d9727b8ca476058f2c57a37a1c86d0f7c9aec5543f3219cd0/swagger_spec_validator-2.1.0-py2.py3-none-any.whl#md5=bc8fb6e9f29bc36dc050330f7ac184db (from -r /var/folders/12/vzps3jhs0pz8z_phldh9pz180000gn/T/pipenv-qfwotfvp-requirement.txt (line 1)):
Expected sha256 dc9219c6572ce0def6e1c160ca253c0e7fcde75812628f0c0199334f85bd138e
Got aedacb6c6b475026a1b5ac218fb590382d08064e227da254eb961d17cfd2b7c1
I've uploaded a wheel for version 2.1.0, which wasn't present before. I'm not sure why the sha wouldn't match, as the wheel is built from the same version, but I assume that is the reason.
My build suddenly (after the holidays) started to fail because the hash of swagger-spec-validator==2.1.0 changed. Is this a legitimate change, or has someone tampered with the published version?
This is the change in my Pipfile: