Since PEP 518 projects can specify their build system requirements in their pyproject.toml file. Currently this is not included in the pip-compile and therefore can lead to non-reproducible issues. This happened in the wild today because pyyaml depends on cython but didn't pin its major version, so when cython pushed an incompatible version this broke if you were including it in bazel. One of the potential workarounds is to install the compatible cython version in the venv before installing your requirements, which I also don't believe is possible. I believe supporting this would require pip-tools to also support this option, which is potentially implemented by jazzband/pip-tools#1681