Update black dependency to <= 25.1.0 (or >=24.3.0, <=25.1.0) in docspec-python #98
Description
Is your feature request related to a problem? Please describe.
Yes, installing pydoc-markdown version 4.8.2 currently pulls in docspec-python 2.2.1, which has a dependency conflict with black when its version is 25.1.0. This is the message when setting black explicitly in the requirements:
The user requesting black==25.1.0
docspec-python 2.2.1 depends on black>=23.1.0, <24.0.0
This results in installation failures, which is problematic for users who require black in the latest version. Installing docspec-python through pydoc-markdown dependencies installs black 23.12.1, which is a very old version that has known vulnerabilities (described in the solution below).
Describe the solution you'd like
I propose updating the dependency in docspec-python to allow black versions up to 25.1.0 (i.e., using <= 25.1.0). I tested this by updating the pyproject.toml, creating a wheel with Poetry, and installing it in my project. Running pydoc-markdown then generated a correct documentation file, although I don't know if docspec-python is indirectly used.
Also, considering that black versions >=24.10.0 break Python 3.8 compatibility, and since Python 3.8 is EOL as of 07/10/24, it seems reasonable to drop support for it. Then again, setting <= 24.3.0, which has been picked because it addresses CVE-2024-21503 could allow backwards compatibility with Python 3.8, while extending the package support to black 25, which would allow support for newer projects that might use Python 3.13, and seems to work properly without any changes to the project.
Describe alternatives you've considered
An alternative approach might be to not change the dependency constraint and let users work around the conflict manually, be it by downgrading the package in their requirements or removing it completely and let the dependencies resolve it automatically, but that isn't ideal.