Adsk Contrib - Update Python documentation requirements

[doug-walker]

Fixed the issues with the outdated installations requested by the documentation system, as mentioned by dependabot.

This fixes three "Dependabot alerts" vulnerabilities in the project's Security and Quality tab:
"setuptools vulnerable to Command Injection via package URL"
"setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write"
"urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation"

I was unable to update Sphinx because it seems our documentation template is not compatible.

Note: It is expected that the Linux 2022 CI will fail, however, we are moving that out of the CI matrix in a separate PR.

[zachlewis]

Apparently, urllib3 v2 is causing problems on the CY2022 containers.

Copilot says....

The failure is coming from the CY2022 (“linux-old”) container’s OpenSSL (OpenSSL 1.0.2k-fips), which is incompatible with urllib3 v2 (it requires OpenSSL 1.1.1+). Sphinx fails while importing sphinx.builders.linkcheck because that import pulls in urllib3.

Rather than pinning urllib3<2 globally (which blocks updating doc deps for newer CYs), we can pin only on old-OpenSSL containers by adding a small conditional in share/ci/scripts/linux/dnf/install_docs_env.sh:

pip3 install -r $HERE/../../../../../docs/requirements.txt

OPENSSL_VERSION="$(python3 -c 'import ssl; print(ssl.OPENSSL_VERSION)' || true)"
echo "Detected: ${OPENSSL_VERSION}"

if echo "${OPENSSL_VERSION}" | grep -qE 'OpenSSL 1\.0\.|OpenSSL 1\.1\.0'; then
  echo "Old OpenSSL detected; forcing urllib3<2 for compatibility."
  pip3 install --upgrade --force-reinstall "urllib3<2"
fi

This keeps CY2022 green while allowing CY2023+ to move to urllib3 v2 and newer doc tooling.

Ref: failing job log in Actions run 24375992243, job 71189536261.

[doug-walker]

Thanks for the review Zach! Please note that we are removing CY2022 from the CI in PR #2282, so that doesn't need to fixed.

[zachlewis]

Ohhh yes. And now I remember, I think you mentioned this in the TSC meeting. Forget I said anything! LGTM.