On my own, I've confirmed using pipx that 2.1.143 works fine, and 2.1.144 is broken which matches their conclusion:
pex3_2_1_144 lock create --interpreter-constraint $'CPython==3.10.*' --style=universal --pip-version=23.1.2 --resolver-version pip-2020-resolver --find-links=https://download.pytorch.org/whl/torch_stable.html "torch==2.0.1+cpu" -o tmp/tmp.lock
pid 32047 -> /home/ts/.pex/venvs/41538e837189c28a1bce8019b533d7189996d251/5985ed09b49a653d6596b0e14d134c5456cf1a9f/bin/python -sE /home/ts/.pex/venvs/41538e837189c28a1bce8019b533d7189996d251/5985ed09b49a653d6596b0e14d134c5456cf1a9f/pex --disable-pip-version-check --no-python-version-warning --exists-action a --no-input --isolated -q --cache-dir /home/ts/.pex/pip/23.1.2/pip_cache --log /tmp/pex-pip-log.fkdel996/pip.log download --dest /home/ts/.pex/downloads/fingerprint_artifact.zv_s1ok7 --no-deps https://download.pytorch.org/whl/cpu/torch-2.0.1+cpu-cp310-cp310-win_amd64.whl --index-url https://pypi.org/simple --find-links https://download.pytorch.org/whl/torch_stable.html --retries 5 --timeout 15 exited with 1 and STDERR:
ERROR: HTTP error 403 while getting https://download.pytorch.org/whl/cpu/torch-2.0.1+cpu-cp310-cp310-win_amd64.whl
ERROR: Could not install requirement torch==2.0.1+cpu from https://download.pytorch.org/whl/cpu/torch-2.0.1+cpu-cp310-cp310-win_amd64.whl because of HTTP error 403 Client Error: Forbidden for url: https://download.pytorch.org/whl/cpu/torch-2.0.1+cpu-cp310-cp310-win_amd64.whl for URL https://download.pytorch.org/whl/cpu/torch-2.0.1+cpu-cp310-cp310-win_amd64.whl
There were a few unquote changes in the linked commit, but I'm not sure if those are erroneous, if we should store the original URL as well, or if we should quote them somewhere later.
Matching this Pants issue; https://github.com/pantsbuild/pants/issues/20474. Users both on Slack and GitHub are reporting regressions around URL-parts not being quoted as expected when Pex tries to download artifacts. @cburroughs helpfully bisected Pex directly and has isolated the issue to commit https://github.com/pantsbuild/pex/commit/45eea4bb274b65bc185e1ea8cfc67f507209aea0.
On my own, I've confirmed using pipx that 2.1.143 works fine, and 2.1.144 is broken which matches their conclusion:
There were a few unquote changes in the linked commit, but I'm not sure if those are erroneous, if we should store the original URL as well, or if we should quote them somewhere later.