OK, I merged this PR however I just spotted that there is still https://github.com/ossf/cve-bin-tool/blob/main/doc/requirements.txt, @Molkree can you make this compliant to PEP621 in a followup PR?
Yes, I noticed this as well and wrote my thoughts on it in the very first message on this PR. In short, we'd need to either downgrade Sphinx or keep doc requirements separate.
This is because the currently pinned Sphinx version 8.2.3 requires Python 3.11+, but cve-bin-tool itself requires 3.9+. Even when we drop Python 3.9, this will only allow Sphinx up to 8.1.3 (the latest version with Python 3.10 support).
Originally posted by @Molkree in #5379 (comment)
Yes, I noticed this as well and wrote my thoughts on it in the very first message on this PR. In short, we'd need to either downgrade Sphinx or keep doc requirements separate.
This is because the currently pinned Sphinx version 8.2.3 requires Python 3.11+, but cve-bin-tool itself requires 3.9+. Even when we drop Python 3.9, this will only allow Sphinx up to 8.1.3 (the latest version with Python 3.10 support).
Originally posted by @Molkree in #5379 (comment)