piptool and whltool are implicit dependencies of the pip_import and whl_library rules, yet they themselves are defined in terms of requirement() declarations. This circular dependency is currently resolved by checking in prebuilt .par files for these tools, regenerated by running update_tools.sh. This has drawbacks:

1. It makes the build process more brittle and harder to understand.

2. For security, the checked in par files must only be updated by a trusted person.

See also my recap here, a brittleness breakage here, and an uncompleted PR to migrate away from checked-in .par files here.