Warning from bazel about "canonical reproducible form can be obtained by modifying arguments integrity ..."

[franciszhi]

This warning is produced at the initial part of a fresh build of bazel build //...:

DEBUG: Rule 'pybind11_bazel~2.11.1.bzl.1~extension~pybind11' indicated that a canonical reproducible form can be obtained by modifying arguments integrity = "sha256-sBGnMMiEW/wmXw+B7k5enh01TfOQg20qJYgOEj0CH4k="
DEBUG: Repository pybind11_bazel~2.11.1.bzl.1~extension~pybind11 instantiated at:
  <builtin>: in <toplevel>
Repository rule http_archive defined at:
  ./external/bazel_tools/tools/build_defs/repo/http.bzl:381:31: in <toplevel>

This warning is produced by bazel 7.0.1 where pybind11_bazel is defined in MODULE.bazel:

bazel_dep(name = "pybind11_bazel", version = "2.11.1.bzl.1")

[junyer]

When I added initial support for Bzlmod last year, I did think about specifying the checksum, but the problem is that pybind11 folks don't publish source code archives (…/archive/refs/tags/…) as release assets (…/releases/download/…), so we have no guarantee of stability (see https://blog.bazel.build/2023/02/15/github-archive-checksum.html) and, AFAIK, no way to stop Bazel from griping either. :(