Remove unsafe deps in the requirements and install setuptools manually

src/autoconf/Dockerfile

@@ -11,7 +11,7 @@ RUN mkdir -p /usr/share/bunkerweb/deps && \
 # Install dependencies
 RUN apk add --no-cache --virtual .build-deps g++ gcc musl-dev jpeg-dev zlib-dev libffi-dev cairo-dev pango-dev gdk-pixbuf-dev && \
     pip install --no-cache-dir --upgrade pip && \
-    pip install wheel && \
+    pip install --no-cache-dir --upgrade setuptools wheel && \
     mkdir -p /usr/share/bunkerweb/deps/python && \
     pip install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /usr/share/bunkerweb/deps/requirements.txt && \
     apk del .build-deps

src/bw/Dockerfile

@@ -16,7 +16,7 @@ COPY src/common/gen/requirements.txt /usr/share/bunkerweb/deps/requirements.txt
 # Install python requirements
 RUN apk add --no-cache --virtual build py3-pip && \
 	pip install --no-cache-dir --upgrade pip && \
-	pip install wheel && \
+	pip install --no-cache-dir --upgrade setuptools wheel && \
 	mkdir -p /usr/share/bunkerweb/deps/python && \
 	pip install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /usr/share/bunkerweb/deps/requirements.txt && \
 	apk del build

src/common/db/requirements.txt

@@ -2,7 +2,7 @@
 # This file is autogenerated by pip-compile with python 3.10
 # To update, run:
 #
-#    pip-compile --allow-unsafe --generate-hashes
+#    pip-compile --generate-hashes
 #
 cffi==1.15.1 \
     --hash=sha256:00a9ed42e88df81ffae7a8ab6d9356b371399b91dbdf0c3cb1e84c03a13aceb5 \

src/common/gen/requirements.txt

@@ -2,7 +2,7 @@
 # This file is autogenerated by pip-compile with python 3.10
 # To update, run:
 #
-#    pip-compile --allow-unsafe --generate-hashes
+#    pip-compile --generate-hashes
 #
 cachetools==5.2.0 \
     --hash=sha256:6a94c6402995a99c3970cc7e4884bb60b4a8639938157eeed436098bf9831757 \
@@ -189,8 +189,6 @@ websocket-client==1.4.2 \
     #   docker
     #   kubernetes
 
-# The following packages are considered to be unsafe in a requirements file:
-setuptools==65.6.0 \
-    --hash=sha256:6211d2f5eddad8757bd0484923ca7c0a6302ebc4ab32ea5e94357176e0ca0840 \
-    --hash=sha256:d1eebf881c6114e51df1664bc2c9133d022f78d12d5f4f665b9191f084e2862d
-    # via kubernetes
+# WARNING: The following packages were not pinned, but pip requires them to be
+# pinned when the requirements file includes hashes. Consider using the --allow-unsafe flag.
+# setuptools

src/common/utils/pip-hashes.sh

@@ -1,3 +1,3 @@
 #!/bin/bash
 
-pip-compile --generate-hashes --allow-unsafe
+pip-compile --generate-hashes

src/scheduler/Dockerfile

@@ -12,7 +12,7 @@ RUN mkdir -p /usr/share/bunkerweb/deps && \
 # Install python requirements
 RUN apk add --no-cache --virtual .build-deps g++ gcc musl-dev jpeg-dev zlib-dev libffi-dev cairo-dev pango-dev gdk-pixbuf-dev && \
   pip install --no-cache-dir --upgrade pip && \
-  pip install wheel && \
+  pip install --no-cache-dir --upgrade setuptools wheel && \
   mkdir -p /usr/share/bunkerweb/deps/python && \
   pip install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /usr/share/bunkerweb/deps/requirements.txt && \
   pip install --no-cache-dir gunicorn && \

src/scheduler/requirements.txt

@@ -2,7 +2,7 @@
 # This file is autogenerated by pip-compile with python 3.10
 # To update, run:
 #
-#    pip-compile --allow-unsafe --generate-hashes
+#    pip-compile --generate-hashes
 #
 acme==1.32.0 \
     --hash=sha256:c7917e044f4232585c6ce1d46655cf9495bdbe08b0bffac1e4b6f9fa03c9b940 \
@@ -278,15 +278,6 @@ zope-interface==5.5.2 \
     #   certbot
     #   zope-component
 
-# The following packages are considered to be unsafe in a requirements file:
-setuptools==65.6.0 \
-    --hash=sha256:6211d2f5eddad8757bd0484923ca7c0a6302ebc4ab32ea5e94357176e0ca0840 \
-    --hash=sha256:d1eebf881c6114e51df1664bc2c9133d022f78d12d5f4f665b9191f084e2862d
-    # via
-    #   acme
-    #   certbot
-    #   josepy
-    #   zope-component
-    #   zope-event
-    #   zope-hookable
-    #   zope-interface
+# WARNING: The following packages were not pinned, but pip requires them to be
+# pinned when the requirements file includes hashes. Consider using the --allow-unsafe flag.
+# setuptools

src/ui/Dockerfile

@@ -12,7 +12,7 @@ RUN mkdir -p /usr/share/bunkerweb/deps && \
 # Install python requirements
 RUN apk add --no-cache --virtual .build-deps g++ gcc musl-dev jpeg-dev zlib-dev libffi-dev cairo-dev pango-dev gdk-pixbuf-dev && \
     pip install --no-cache-dir --upgrade pip && \
-    pip install wheel && \
+    pip install --no-cache-dir --upgrade setuptools wheel && \
     mkdir -p /usr/share/bunkerweb/deps/python && \
     pip install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /usr/share/bunkerweb/deps/requirements.txt && \
     apk del .build-deps

src/ui/requirements.txt

@@ -2,7 +2,7 @@
 # This file is autogenerated by pip-compile with python 3.10
 # To update, run:
 #
-#    pip-compile --allow-unsafe --generate-hashes
+#    pip-compile --generate-hashes
 #
 bcrypt==4.0.1 \
     --hash=sha256:089098effa1bc35dc055366740a067a2fc76987e8ec75349eb9484061c54f535 \
@@ -136,8 +136,6 @@ wtforms==3.0.1 \
     --hash=sha256:837f2f0e0ca79481b92884962b914eba4e72b7a2daaf1f939c890ed0124b834b
     # via flask-wtf
 
-# The following packages are considered to be unsafe in a requirements file:
-setuptools==65.6.0 \
-    --hash=sha256:6211d2f5eddad8757bd0484923ca7c0a6302ebc4ab32ea5e94357176e0ca0840 \
-    --hash=sha256:d1eebf881c6114e51df1664bc2c9133d022f78d12d5f4f665b9191f084e2862d
-    # via gunicorn
+# WARNING: The following packages were not pinned, but pip requires them to be
+# pinned when the requirements file includes hashes. Consider using the --allow-unsafe flag.
+# setuptools