Pin the hashes of all Python requirements. (#121)

commit: f6062a88d83463e2900e47bc218547ba046dad44 [log] [tgz]
author: Stefan Bucur <281483+stefanbucur@users.noreply.github.com> Fri Jan 29 14:01:13 2021 -0500
committer: GitHub <noreply@github.com> Fri Jan 29 14:01:13 2021 -0500
tree: dfdad6be5096f8e88c0c85d2f4227bbd854a84f4
parent: 2c97fcd74f20dce950c77129b9b9b31cc63a4c8e [diff]
diff --git a/WORKSPACE b/WORKSPACE
index 5fb274d..9dbdd6d 100644
--- a/WORKSPACE
+++ b/WORKSPACE

@@ -62,6 +62,7 @@
 
 pip_install(
     name = "fuzzing_py_deps",
+    extra_pip_args = ["--require-hashes"],
     requirements = "@rules_fuzzing//fuzzing:requirements.txt",
 )
 

diff --git a/fuzzing/requirements.txt b/fuzzing/requirements.txt
index bd2434f..01482d4 100644
--- a/fuzzing/requirements.txt
+++ b/fuzzing/requirements.txt

@@ -1,4 +1,5 @@
 # Python requirements for the tools supporting the fuzzing rules. These are
 # installed automatically through the WORKSPACE configuration.
 
-absl-py==0.11.0
+absl-py==0.11.0 --hash=sha256:b3d9eb5119ff6e0a0125f6dabf2f9fae02f8acae7be70576002fac27235611c5
+six==1.15.0 --hash=sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced
commit	f6062a88d83463e2900e47bc218547ba046dad44	[log] [tgz]
author	Stefan Bucur <281483+stefanbucur@users.noreply.github.com>	Fri Jan 29 14:01:13 2021 -0500
committer	GitHub <noreply@github.com>	Fri Jan 29 14:01:13 2021 -0500
tree	dfdad6be5096f8e88c0c85d2f4227bbd854a84f4
parent	2c97fcd74f20dce950c77129b9b9b31cc63a4c8e [diff]