PyPI hash mismatch on version 2.6.3

[alexmathewsbatfast]

Hi,

Bumped into this issue today, previously all had been OK on the 21/12/2022.

I'm using pipenv as a package manager, which relies on file hashes. I've been using verion 2.6.3 of livereload for a while, but experienced the following error today (28/12/2022):

ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
    livereload==2.6.3 from https://files.pythonhosted.org/packages/e3/05/ed67ccf462fff0b559e6ea7b3e3fcb20dec9d57bf90b5c5e72a6f316183e/livereload-2.6.3-py2.py3-none-any.whl (from -r /tmp/pipenv-yhwv6r61-requirements/pipenv-4vae3ow2-hashed-reqs.txt (line 19)):
        Expected sha256 776f2f865e59fde56490a56bcc6773b6917366bce0c267c60ee8aaf1a0959869
             Got        ad4ac6f53b2d62bb6ce1a5e6e96f1f00976a32348afedcb4b6d68df2a1d346e4

Is it possible that the file on the python package index has changed? I couldn't work out why it would have though as it looks like 2.6.3 is the latest release still.

Thanks,

Alex

[pradyunsg]

A new .whl file was uploaded, see #240. Both those hashes are valid.

[th0ger]

We experienced this as well. Really a pain since this breaks all historic branches/release pipelines that used to pass.

FYI, here's a nice blogpost on the issue with pipenv hashes when adding wheels to existing sdit releases: A not so unfortunate sharp edge in Pipenv