boto3 requirement is removed; results in "In --require-hashes mode, all requirements must have their versions pinned with ==. These do not"

[jdufresne]

My requirements.txt pins all dependencies with --hash using pip-tools. My project has dependencies on boto3, six, etc. If I inspect .serverless/requirements.txt, I see the boto3 & other packages have been removed from the result. When this is installed, it results in the following error.

  In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
    boto3>=1.3.0 from https://files.pythonhosted.org/packages/be/45/46d6a7957636ea342226c9a8a5ad3dd0ce9c8d60a787dc596fd62c679d75/boto3-1.9.48-py2.py3-none-any.whl#sha256=8bc0c3333d4858b26a8f84b231479b92d4bc965ae75b9bfdb0d4dfa7164f2317 (from django-amazon-ses==2.0.0->-r /home/jon/devel/.serverless/requirements/requirements.txt (line 3))
    python-dateutil>=2.1 from https://files.pythonhosted.org/packages/74/68/d87d9b36af36f44254a8d512cbfc48369103a3b9e474be9bdfe536abfc45/python_dateutil-2.7.5-py2.py3-none-any.whl#sha256=063df5763652e21de43de7d9e00ccf239f953a832941e37be541614732cdfc93 (from django-scheduler==0.8.8->-r /home/jon/devel/.serverless/requirements/requirements.txt (line 8))
    six>=1.9 from https://files.pythonhosted.org/packages/67/4b/141a581104b1f6397bfa78ac9d43d8ad29a7ca43ea90a2d863fe3056e86a/six-1.11.0-py2.py3-none-any.whl#sha256=832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb (from html5lib==1.0.1->-r /home/jon/devel/.serverless/requirements/requirements.txt (line 16))

The decision to remove these packages was done in #14, but I don't think it is safe to do so when --hash is involved.

[dschep]

Could you try overriding the default noDeploy option?

custom:
  pythonRequirements: []

[jdufresne]

Thank you so much! The following worked:

custom:
  pythonRequirements:
    noDeploy: []

And thanks for the very useful package.

[dschep]

Oops. you're right, that's the correct config. glad it works 👍