As reported in this issue on GitHub,
pip install occasionally fails with the following error in CI jobs:
ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
Is there any investigation going on regarding this issue?