Specifying build requirements in pyproject.toml leads to pip using a feature called build isolation, which means that it doesn't use any existing installed package but instead creates an isolated environment and pre-installs the build dependencies. In the case where someone does:

FROM ubuntu:16.04
RUN apt-get update
RUN apt-get install -y python3 python3-dev python3-pip python3-wheel
RUN pip3 install pip --upgrade
RUN pip install fast-histogram==0.6 numpy==1.12.1
RUN python3 -c 'import fast_histogram'

the issue is that fast-histogram gets built against the latest version of numpy since the 'numpy' is in the pyproject.toml file, but we then install an older version.

The way pyproject.toml is intended to be used, we should actually pin numpy to the oldest compatible version, e.g. numpy==1.9.0. The problem however is that this minimum version depends on Python version and we need to use something called environment markers:

    "numpy==1.8.2; python_version<='3.4'",
    "numpy==1.9.3; python_version=='3.5'",
    "numpy==1.12.1; python_version=='3.6'",
    "numpy==1.13.1; python_version>='3.7'",

But this is only supported with very recent versions of pip so we might want to hold back from doing that.

See a related discussion for scipy: scipy/scipy#8734