Feature request: Update the docs/requirements.yml to avoid security issues w/ old python versions (used for ReadTheDocs)
Closed this issue · 1 comments
yantosca commented
Name and Institution (Required)
Name: Bob Yantosca
Institution: Harvard + GCST
Confirm you have reviewed the following documentation
New GCClassic feature or discussion
Dependabot found a security issue (https://github.com/geoschem/HEMCO/security/dependabot/1) caused by the version of jinja2
(used to generate ReadTheDocs documentation) having a security vulnerability.
The solution is to update the docs/requirements.txt
from:
# Requirements for building the HEMCO documentation
#
# NOTE: Use specific versions for Python packages instead of upper
# bounds. Using an upper bound will not necessarily install the
# intended version if there already is a version that meets the
# criteria present in the Python environment.
# -- Bob Yantosca and Lizzie Lundgren (30 Jun 2022)
#
# The following package versions have been proven to work together:
#
sphinx==3.5.4
sphinx_rtd_theme==0.5.2
sphinxcontrib-bibtex==2.2.0
recommonmark
docutils==0.16
jinja2==3.0.3
to
# ======================================================================
# ReadTheDocs requirements file
#
# If you wish to install the dependencies for building the ReadTheDocs
# ReadTheDocs documentation from PyPI (the Python Package Index), use:
#
# $ pip install -r requirements.txt
# ======================================================================
python==3.12
sphinx==7.2.6
sphinx_rtd_theme==2.0.0
sphinxcontrib-bibtex==2.6.2
sphinx-autobuild==2021.3.14
recommonmark==0.7.1
docutils==0.22.1
jinja2==3.1.3
as we have already done for GCPy.