Remove outdated Sphinx docs and patch dependency security vulnerabilities#114
Merged
Merged
Conversation
Remove the legacy in-repo Sphinx/ReadTheDocs documentation, which has been superseded by the central Starlight docs site at https://mapepire-ibmi.github.io: - delete docs/ and .readthedocs.yaml - drop the "Docs" CI job, the Makefile "docs" target, and docs/build from .gitignore - remove the Sphinx dev dependencies (Sphinx, furo, myst-parser, sphinx-copybutton, sphinx-autobuild, sphinx-autodoc-typehints, pytest-sphinx) - repoint CONTRIBUTING.md, the PR template, and the documentation issue template at the live docs site / Google docstring style instead of the removed Sphinx build Patch all open dependency security alerts by regenerating uv.lock: urllib3 2.7.0, cryptography 48.0.0, requests 2.34.2, idna 3.18, wheel 0.47.0, virtualenv 21.4.2, filelock 3.29.0, marshmallow 3.26.2, python-dotenv 1.2.2, pytest 9.0.3, black 26.5.1, pygments 2.20.0; tornado is dropped entirely with the docs toolchain. Loosen the dev tool constraints that were pinning vulnerable releases (black>=24.3.0,<27.0; mypy<1.20; isort<6.2; pytest>=9.0.3) and correct requires-python from ">3.9" to ">=3.10" to match the supported Python versions (3.9 was dropped in v0.1.8). Runtime dependencies are unchanged. Verified against a live server: sync and async websockets transports pass (websockets 15->16 major bump), plus build, ruff, isort.
…-docs-and-patch-deps # Conflicts: # CHANGELOG.md
This was referenced Jun 2, 2026
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Removes the outdated Sphinx/ReadTheDocs documentation and patches every open dependency security alert in one pass. The in-repo Sphinx docs (
python-wsdb.readthedocs.io) have been superseded by the central Starlight docs site at https://mapepire-ibmi.github.io, and the docs toolchain (sphinx,furo,sphinx-autobuild, …) was the single largest source of vulnerable transitive packages (it pulled intornado,requests,urllib3,idna,pygments).What changed
Remove outdated docs
docs/and.readthedocs.yamlDocsjob from.github/workflows/main.ymland thedocstarget fromMakefileSphinx,furo,myst-parser,sphinx-copybutton,sphinx-autobuild,sphinx-autodoc-typehints,pytest-sphinx)CONTRIBUTING.mdand the documentation issue template at the live docs site; dropdocs/buildfrom.gitignorePatch dependency vulnerabilities (regenerated
uv.lockviauv lock --upgrade)Supporting changes required to land the patched versions:
black>=24.3.0,<27.0,mypy<1.20,isort<6.2,pytest>=9.0.3.requires-pythonfrom">3.9"to">=3.10"— the project already dropped 3.9 (CHANGELOG v0.1.8: "bump minimum python version to 3.10"; CI only tests 3.10), and the stale floor blocked the patchedpytest.Runtime dependencies are unchanged (
dataclasses-json,websockets,pyee,pep249abc); published-package consumers are unaffected.Regression testing
Verified against a live Mapepire server (the upgrade includes a
websockets15 → 16 major bump on the runtime transport, so both paths were exercised):simple_test+sql_test): 25 passed — identical before and after the change.python -m build(sdist + wheel),ruff check,isort --check, import smoke — all pass.uv lock --checkconsistent withpyproject.toml.Supersedes
This change makes the following open Dependabot PRs obsolete (docs deps removed, constraints loosened, lock fully regenerated): #110, #103, #102, #101, #100, #99, #68, #67, #42. Dependabot should auto-close them once this merges.