As of Sept 19, 2021 poetry fails to validate packages from third party repos.

My poetry installs in circle-ci started failing “all of a sudden” yesterday with the error:

#10 19.73   RuntimeError
#10 19.73 
#10 19.73   Invalid hash for waveapps.avro (1.0.0) using archive waveapps.avro-1.0.0-py3-none-any.whl
#10 19.73 
#10 19.73   at /usr/local/lib/python3.9/site-packages/poetry/installation/executor.py:619 in _download_link
#10 19.80       615│                     Path(archive.path) if isinstance(archive, Link) else archive,
#10 19.81       616│                 ).hash()
#10 19.81       617│             )
#10 19.81       618│             if archive_hash not in {f["hash"] for f in package.files}:
#10 19.81     → 619│                 raise RuntimeError(
#10 19.81       620│                     "Invalid hash for {} using archive {}".format(package, archive.name)
#10 19.81       621│                 )
#10 19.81       622│ 
#10 19.81       623│         return archive
#10 19.81 
#10 19.81 

This happens for all poetry 1.1.x versions, but does NOT happen for 1.0.10. I’m reverting to 1.0.10 for now. I’m opening this ticket in hopes that more qualified folks can carry it forward.
Again there were NO chanes in my source, indeed jobs on CircleCi that previously ran failed when I reran them.

• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.
• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name:
• Poetry version:
• Link of a Gist with the contents of your pyproject.toml file:

Issue