From 2f31150845e1925f9f15b86ad9cad2fce209a3ae Mon Sep 17 00:00:00 2001
From: Dominik Roos <roos@anapaya.net>
Date: Tue, 14 Mar 2023 18:38:10 +0100
Subject: [PATCH 1/2] tools: add editor and lint configuration

Add a standardized vscode configuration that should lead to a more
consistent code base. Additionally, switch to markdownlint-cli that is
well supported in vs code and other editors.

The rules are kept the same, but we extend linting to our documentation
to. To satisfy the linter, we switch to myst parser for sphinx which
allows us to drop the hacky html tags in the markdown files.
Myst is as powerful as RST with a more sane syntax.
---
 .github/ISSUE_TEMPLATE/01-proposal.md |  1 -
 .gitignore                            |  4 +-
 .markdownlint-cli2.jsonc              | 29 ++++++++
 .vscode/extensions.json               | 23 +++++++
 .vscode/settings.json                 | 99 +++++++++++++++++++++++++++
 Makefile                              |  3 +-
 doc/.markdownlint-cli2.jsonc          |  6 ++
 doc/BeaconService.md                  |  6 +-
 doc/ColibriService.md                 |  8 +--
 doc/EPIC.md                           | 44 ++++++------
 doc/PathPolicy.md                     | 15 ++--
 doc/PathService.md                    | 12 ++--
 doc/conf.py                           |  8 ++-
 tools/md/Dockerfile                   | 12 ----
 tools/md/mdlintstyle.rb               |  7 --
 tools/md/skipped                      |  2 -
 16 files changed, 212 insertions(+), 67 deletions(-)
 create mode 100644 .markdownlint-cli2.jsonc
 create mode 100644 .vscode/extensions.json
 create mode 100644 .vscode/settings.json
 create mode 100644 doc/.markdownlint-cli2.jsonc
 delete mode 100644 tools/md/Dockerfile
 delete mode 100644 tools/md/mdlintstyle.rb
 delete mode 100644 tools/md/skipped

diff --git a/.github/ISSUE_TEMPLATE/01-proposal.md b/.github/ISSUE_TEMPLATE/01-proposal.md
index 77c7b316e5..e0ca48e7c5 100644
--- a/.github/ISSUE_TEMPLATE/01-proposal.md
+++ b/.github/ISSUE_TEMPLATE/01-proposal.md
@@ -8,4 +8,3 @@ labels: i/proposal
 Our proposal process is documented here:
 https://docs.scion.org/en/latest/contribute.html#change-proposal-process
 -->
-
diff --git a/.gitignore b/.gitignore
index fb86551894..439d573939 100644
--- a/.gitignore
+++ b/.gitignore
@@ -32,7 +32,9 @@ __pycache__
 
 # VSCode folder
 #########################
-.vscode/
+.vscode/*
+!.vscode/settings.json
+!.vscode/extensions.json
 
 # build files
 #########################
diff --git a/.markdownlint-cli2.jsonc b/.markdownlint-cli2.jsonc
new file mode 100644
index 0000000000..639722c89f
--- /dev/null
+++ b/.markdownlint-cli2.jsonc
@@ -0,0 +1,29 @@
+{
+    "globs": ["**/*.md"],
+    "ignores": [
+        "**/node_modules/**",
+        "**/venv/**",
+        "licenses/data/**",
+        "**/_build/**"
+    ],
+    "config": {
+        "default": true,
+        "MD013": {
+            "line_length": 100,
+            "code_blocks": false,
+            "tables": false
+        },
+        "MD007": {
+            "indent": 4
+        },
+        "MD024": {
+            "allow_different_nesting": true
+        },
+        "MD030": {
+            "ol_multi": 1,
+            "ul_multi": 1,
+            "ol_single": 1,
+            "ul_single": 1
+        }
+    }
+}
diff --git a/.vscode/extensions.json b/.vscode/extensions.json
new file mode 100644
index 0000000000..b74989a0e0
--- /dev/null
+++ b/.vscode/extensions.json
@@ -0,0 +1,23 @@
+{
+    "recommendations": [
+        "DavidAnson.vscode-markdownlint",
+        "eamodio.gitlens",
+        "esbenp.prettier-vscode",
+        "GitHub.vscode-pull-request-github",
+        "golang.go",
+        "ms-azuretools.vscode-docker",
+        "ms-python.isort",
+        "ms-python.vscode-pylance",
+        "ms-vscode-remote.remote-containers",
+        "ms-vscode-remote.remote-ssh",
+        "ms-vscode-remote.remote-ssh-edit",
+        "ms-vscode.remote-explorer",
+        "ms-vsliveshare.vsliveshare",
+        "mhutchie.git-graph",
+        "shardulm94.trailing-spaces",
+        "stkb.rewrap",
+        "stackbuild.bazel-stack-vscode",
+        "wayou.vscode-todo-highlight",
+        "windmilleng.vscode-go-autotest"
+    ]
+}
diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000000..9489864749
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,99 @@
+{
+    //////////////////////
+    // Editor
+    //////////////////////
+    "rewrap.wrappingColumn": 80,
+    "breadcrumbs.enabled": true,
+    "files.eol": "\n",
+    "files.insertFinalNewline": true,
+
+    //////////////////////
+    // Go
+    //////////////////////
+    "[go]": {
+        "editor.snippetSuggestions": "none",
+        "editor.formatOnSave": true,
+        "editor.codeActionsOnSave": {
+            "source.organizeImports": true
+        }
+    },
+    "gopls": {
+        "formatting.local": "github.com/scionproto/scion",
+        "usePlaceholders": true, // add parameter placeholders when completing a function
+        "build.directoryFilters": [
+            "-bazel-bin",
+            "-bazel-out",
+            "-venv",
+            "-bazel-testlogs"
+        ],
+        // Experimental settings
+        "completeUnimported": true, // autocomplete unimported packages
+        "deepCompletion": true // enable deep completion
+    },
+
+    //////////////////////
+    // Python
+    //////////////////////
+    "python.languageServer": "Pylance",
+    "python.analysis.exclude": [
+        "**/.bazel-*/**",
+        "**/.idea/**",
+        "**/.git/objects/**",
+        "**/.git/subtree-cache/**",
+        "**/.venvs/**",
+        "**/bazel-*/**"
+    ],
+    "python.envFile": "${workspaceFolder}/.vscode/.env",
+
+    //////////////////////
+    // Prettier
+    //////////////////////
+    "prettier.documentSelectors": ["**/*.json"],
+    "[json]": {
+        "editor.defaultFormatter": "esbenp.prettier-vscode"
+    },
+    "[jsonc]": {
+        "editor.defaultFormatter": "esbenp.prettier-vscode"
+    },
+
+    //////////////////////
+    // Files, Search
+    //////////////////////
+    "files.associations": {
+        "*.topo": "yaml"
+    },
+    "files.watcherExclude": {
+        "**/.bazel-*/**": true,
+        "**/.idea/**": true,
+        "**/.git/objects/**": true,
+        "**/.git/subtree-cache/**": true,
+        "**/.venvs/**": true,
+        "**/bazel-*/**": true,
+        "**/gen-cache/**": true,
+        "gen*/**": true,
+        "**/logs/**": true,
+        "**/node_modules/**": true
+    },
+    "search.exclude": {
+        "**/.bazel-*/**": true,
+        "**/.idea/**": true,
+        "**/.git/objects/**": true,
+        "**/.git/subtree-cache/**": true,
+        "**/.venvs/**": true,
+        "**/bazel-*/**": true,
+        "**/gen-cache/**": true,
+        "**/logs/**": true,
+        "**/node_modules/**": true
+    },
+    "search.followSymlinks": false,
+
+    //////////////////////
+    // Docker
+    //////////////////////
+    "docker.containers.sortBy": "Label",
+
+    //////////////////////
+    // GitHub
+    //////////////////////
+    "githubPullRequests.pullBranch": "never"
+}
diff --git a/Makefile b/Makefile
index 355e27d701..23552a295e 100644
--- a/Makefile
+++ b/Makefile
@@ -117,5 +117,4 @@ lint-doc: lint-doc-mdlint
 
 lint-doc-mdlint:
 	$(info ==> $@)
-	@FILES=$$(find -type f -iname '*.md' -not -path "./rules_openapi/tools/node_modules/*" -not -path "./.github/**/*" | grep -vf tools/md/skipped); \
-		docker run --rm -v ${PWD}:/data -v ${PWD}/tools/md/mdlintstyle.rb:/style.rb $$(docker build -q tools/md) $${FILES} -s /style.rb
+	docker run -v ${PWD}:/workdir davidanson/markdownlint-cli2:v0.6.0
diff --git a/doc/.markdownlint-cli2.jsonc b/doc/.markdownlint-cli2.jsonc
new file mode 100644
index 0000000000..8655422e68
--- /dev/null
+++ b/doc/.markdownlint-cli2.jsonc
@@ -0,0 +1,6 @@
+{
+    "extends": "../.markdownlint-cli2.jsonc",
+    "config": {
+        "MD041": false
+    }
+}
diff --git a/doc/BeaconService.md b/doc/BeaconService.md
index 2c985e9619..b39588f059 100644
--- a/doc/BeaconService.md
+++ b/doc/BeaconService.md
@@ -1,12 +1,10 @@
 # Beacon Service Design
 
-​
+:::{warning}
 
----
-⚠️  **NOTE** ⚠️<br/>
 Outdated contents! This document is kept for historical purpose.
 
----
+:::
 
 ## Overview
 
diff --git a/doc/ColibriService.md b/doc/ColibriService.md
index 0d3672afc9..9b5a0a8596 100644
--- a/doc/ColibriService.md
+++ b/doc/ColibriService.md
@@ -60,8 +60,8 @@ If the current AS is the last one, do nothing.
 #### Handle a Setup Response
 
 The response message originated from another AS's *COS* handling a request.
-The request is forwarded from AS<sub>i</sub> to AS<sub>i+1</sub>, where AS<sub>i+1</sub> is the
-next AS after AS<sub>i</sub> in the path of the reservation.
+The request is forwarded from $AS_i$ to $AS_{i+1}$, where $AS_{i+1}$ is the
+next AS after $AS_{i}$ in the path of the reservation.
 
 1. The store saves the reservation as final.
 1. If this AS is the first one in the reservation path (aka *reservation initiator*),
@@ -75,7 +75,7 @@ next AS after AS<sub>i</sub> in the path of the reservation.
 
 1. The *COS* store is queried to admit the segment reservation.
 1. The store decides the admission for the reservation (how much bandwidth). It uses the
-   _traffic_matrix_ from the configuration package.
+   *traffic_matrix* from the configuration package.
 1. The store saves an intermediate reservation entry in the DB.
 1. If this AS is the last one in the path, the *COS* store saves the reservation as final
    and notifies the previous AS in the path with a reservation response.
@@ -89,7 +89,7 @@ ASes. Whenever that configuration changes, the service should be notified.
 1. The service triggers the creation of a new segment reservation at boot time and whenever
    the segment reservation configuration file changes.
 1. The service reads the configuration file and creates a segment reservation request per each entry.
-    * The path used in the request must be obtained using the _path predicate_ in the configuration.
+    * The path used in the request must be obtained using the *path predicate* in the configuration.
 1. The store in the *COS* saves the intermediate request and sends the request to the next AS
    in the path.
 1. If there is a timeout, this store will send a cleanup request to the next AS in the path.
diff --git a/doc/EPIC.md b/doc/EPIC.md
index 43da7e5f75..2f858051c2 100644
--- a/doc/EPIC.md
+++ b/doc/EPIC.md
@@ -26,12 +26,12 @@ plane packets of other hosts. Because the MACs are static, once
 observed MACs for some path can be reused by the adversary to send
 arbitrarily many other packets (until the authenticators expire).
 
-The EPIC (Every Packet Is Checked) protocol [[1]](#1) solves this
+The EPIC (Every Packet Is Checked) protocol {ref}`[1]<references>` solves this
 problem by introducing per-packet MACs.
 Even if an adversary is able to discover the MACs for one packet, he
 cannot reuse the MACs to send any other traffic.
 The improved path authorization provided by EPIC is especially
-important for hidden paths [[2]](#2). Hidden paths are paths which
+important for hidden paths {ref}`[2]<references>`. Hidden paths are paths which
 are not publicly announced, but only communicated to a group of
 authorized sources. If one of those sources sends traffic on the
 hidden path using SCION path type packets, an on-path adversary can
@@ -82,19 +82,17 @@ meaningful level of security:
   hidden path, the last two ASes employ one of two different
   strategies in the data plane:
 
-    - Only allow EPIC-HP path type traffic. See use case "Highly
-      Secure Hidden Paths" [here](#HighlySecureHiddenPaths). The path
-      type filtering is further explained [here](#PathTypeFiltering).
-    - Prioritize EPIC-HP path type traffic. See use case "DOS-Secure
-      Hidden Paths" [here](#DOSSecureHiddenPaths).
+    - Only allow EPIC-HP path type traffic. See use case {ref}`HighlySecureHiddenPaths`.
+      The path type filtering is further explained in {ref}`PathTypeFiltering`.
+    - Prioritize EPIC-HP path type traffic. See use case {ref}`DOSSecureHiddenPaths`.
 
 - The last two ASes of the hidden path have a duplicate-suppression
-  system in place [[3]](#3). This prohibits DOS attacks based on replayed
+  system in place {ref}`[3]<references>`. This prohibits DOS attacks based on replayed
   packets.
 
 ### Example
 
-![](fig/EPIC/path-type-filtering-small.png).
+![path type filtering figure](fig/EPIC/path-type-filtering-small.png).
 
 Here, AS 6 is the AS protected by the hidden path (blue lines). The
 hidden path terminates at AS 6 (represented by black dot), so AS 6
@@ -156,9 +154,11 @@ The last AS on the path needs to distribute the authenticators to
 the set of trusted sources that should be able to send EPIC-HP
 traffic over the hidden link. This can be done over any secure
 channel, for example using secure end-to-end protocols, out-of-band
-communication, or the dedicated hidden path infrastructure [[2]](#2).
+communication, or the dedicated hidden path infrastructure {ref}`[2]<references>`.
 
-### <a id="PathTypeFiltering"></a> Path Type Filtering
+(PathTypeFiltering)=
+
+### Path Type Filtering
 
 Network operators should be able to clearly define which kind of
 traffic (SCION, EPIC-HP, COLIBRI, and other protocols) they want to
@@ -174,7 +174,8 @@ not apply any filtering for traffic from interface 2 to interface 1.
 
 There are two main applications for EPIC-HP:
 
-<a id="HighlySecureHiddenPaths"></a>
+(HighlySecureHiddenPaths)=
+
 ### Highly Secure Hidden Paths
 
 The last and penultimate ASes on the hidden path only allow EPIC-HP
@@ -195,7 +196,8 @@ packets towards hosts in other ASes, but that those hosts can not
 send a response back if they do not have the necessary
 authenticators.
 
-<a id="DOSSecureHiddenPaths"></a>
+(DOSSecureHiddenPaths)=
+
 ### DoS-Secure Hidden Paths
 
 The last and penultimate ASes on the hidden path allow EPIC-HP and
@@ -212,20 +214,22 @@ packets towards hosts in other ASes, and those hosts can reply
 with SCION path type traffic when they do not have the necessary
 authenticators to send back EPIC-HP traffic.
 
+(references)=
+
 ## References
 
-<a id="1">[1]</a>
-M. Legner, T. Klenze, M. Wyss, C. Sprenger, A. Perrig. (2020) <br>
-EPIC: Every Packet Is Checked in the Data Plane of a Path-Aware Internet <br>
+[1]
+M. Legner, T. Klenze, M. Wyss, C. Sprenger, A. Perrig. (2020)  
+EPIC: Every Packet Is Checked in the Data Plane of a Path-Aware Internet  
 Proceedings of the USENIX Security Symposium
 [[Link]](https://netsec.ethz.ch/publications/papers/Legner_Usenix2020_EPIC.pdf)
 
-<a id="2">[2]</a>
+[2]
 Design Document for the Hidden Path Infrastructure
 [[Link]](hidden-paths)
 
-<a id="3">[3]</a>
-T. Lee, C. Pappas, A. Perrig, V. Gligor, and Y. Hu. (2017) <br>
-The Case for In-Network Replay Suppression <br>
+[3]
+T. Lee, C. Pappas, A. Perrig, V. Gligor, and Y. Hu. (2017)  
+The Case for In-Network Replay Suppression  
 Proceedings of the ACM Asia Conference on Computer and Communications Security
 [[Link]](https://netsec.ethz.ch/publications/papers/replay2017.pdf)
diff --git a/doc/PathPolicy.md b/doc/PathPolicy.md
index 16c25bdbf4..f89a8bf120 100644
--- a/doc/PathPolicy.md
+++ b/doc/PathPolicy.md
@@ -3,6 +3,8 @@
 The path policy language will be used by the path server, SCIOND and the beacon server for different
 but overlapping purposes.
 
+(HopPredicate)=
+
 ## Hop Predicate (HP)
 
 A hop predicate is of the form **ISD-AS#IF,IF**. The first **IF** means the inbound interface
@@ -30,10 +32,10 @@ Examples:
 
 A policy is defined by a policy object. It can have the following attributes:
 
-- [`extends`](#Extends) (list of extended policies)
-- [`acl`](#ACL) (list of HPs, preceded by `+` or `-`)
-- [`sequence`](#Sequence) (space separated list of HPs, may contain operators)
-- [`options`](#Options) (list of option policies)
+- [`extends`](#extends) (list of extended policies)
+- [`acl`](#acl) (list of HPs, preceded by `+` or `-`)
+- [`sequence`](#sequence) (space separated list of HPs, may contain operators)
+- [`options`](#options) (list of option policies)
     - `weight` (importance level, only valid under `options`)
     - `policy` (a policy object)
 
@@ -63,7 +65,8 @@ Planned:
 - `-` (deny predicate)
 
 The ACL can be used to deny (blacklist) or allow (whitelist) ISDs, ASes and IFs. A deny entry is of
-the following form `- ISD-AS#IF`, where the second part is a [HP](#HP). If a deny entry matches any
+the following form `- ISD-AS#IF`, where the second part is a
+{ref}`HopPredicate`. If a deny entry matches any
 hop on a path, the path is not allowed.
 
 An allow entry uses `+` with a HP, ie. `+ ISD-AS#IF`. For a path to be allowed, every hop of the
@@ -101,7 +104,7 @@ Planned:
 - `!` (logical NOT)
 - `&` (logical AND)
 
-The sequence is a string of space separated HPs. The [operators](#Operators) can be used for
+The sequence is a string of space separated HPs. The [operators](#operators) can be used for
 advanced interface sequences.
 
 The following example specifies a path from any interface in AS _1-ff00:0:133_ to two subsequent
diff --git a/doc/PathService.md b/doc/PathService.md
index 13452ba46d..8a2f1e5a04 100644
--- a/doc/PathService.md
+++ b/doc/PathService.md
@@ -1,12 +1,10 @@
 # Path Service
 
-​
+:::{warning}
 
----
-⚠️  **NOTE** ⚠️<br/>
 Outdated contents! This document is kept for historical purpose.
 
----
+:::
 
 The path service is implemented as part of the control server.
 
@@ -14,11 +12,11 @@ The path service is implemented as part of the control server.
 
 We use the messenger to register request handlers. The following requests are handled:
 
-* __Path Registration:__ A handler for the path-registration request, only in core ASes.
-* __Path Requests:__ Two different types of `SegReq` are handled by separate handlers:
+* **Path Registration:** A handler for the path-registration request, only in core ASes.
+* **Path Requests:** Two different types of `SegReq` are handled by separate handlers:
     * local requests, coming over TCP.
     * requests from other path servers, over SCION/QUIC, only in core ASes.
-* __Path Revocation:__ A handler for the path-revocation message
+* **Path Revocation:** A handler for the path-revocation message
 
 ## Deletion of Expired Path Segments and Revocations
 
diff --git a/doc/conf.py b/doc/conf.py
index 702fc43d78..a9f5850a46 100644
--- a/doc/conf.py
+++ b/doc/conf.py
@@ -29,8 +29,14 @@
 # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
 # ones.
 extensions = [
-    'recommonmark',
     'sphinx_rtd_theme',
+    "myst_parser",
+]
+
+myst_enable_extensions = [
+    "colon_fence",
+    "dollarmath",
+    "tasklist",
 ]
 
 # Add any paths that contain templates here, relative to this directory.
diff --git a/tools/md/Dockerfile b/tools/md/Dockerfile
deleted file mode 100644
index 9dda870a7f..0000000000
--- a/tools/md/Dockerfile
+++ /dev/null
@@ -1,12 +0,0 @@
-FROM alpine:3.10
-
-RUN apk update && \
-    apk add --no-cache ruby ruby-json && \
-    gem install --no-rdoc --no-ri -v 0.9.0 mdl
-
-RUN mkdir /data
-
-WORKDIR /data
-
-ENTRYPOINT ["mdl"]
-CMD ["--help"]
diff --git a/tools/md/mdlintstyle.rb b/tools/md/mdlintstyle.rb
deleted file mode 100644
index 4e6114f509..0000000000
--- a/tools/md/mdlintstyle.rb
+++ /dev/null
@@ -1,7 +0,0 @@
-all
-rule 'MD013', :line_length => 100
-rule 'MD013', :code_blocks => false
-rule 'MD013', :tables => false
-rule 'MD007', :indent => 4 # see https://github.com/markdownlint/markdownlint/issues/139
-rule 'MD024', :allow_different_nesting => true
-exclude_rule 'MD033'
diff --git a/tools/md/skipped b/tools/md/skipped
deleted file mode 100644
index 5114feec2d..0000000000
--- a/tools/md/skipped
+++ /dev/null
@@ -1,2 +0,0 @@
-^\./docker/_build/
-^\./licenses/data

From e32ef481a40330f5f53e9a486ff588cc01d80a94 Mon Sep 17 00:00:00 2001
From: Dominik Roos <roos@anapaya.net>
Date: Tue, 14 Mar 2023 19:22:12 +0100
Subject: [PATCH 2/2] manage requirements with bazel

---
 doc/BUILD.bazel      |  8 ++++
 doc/requirements.in  |  8 ++--
 doc/requirements.txt | 96 ++++++++++++++++++++++++++++++++------------
 3 files changed, 83 insertions(+), 29 deletions(-)

diff --git a/doc/BUILD.bazel b/doc/BUILD.bazel
index 76829dc39b..7a40e3ceb9 100644
--- a/doc/BUILD.bazel
+++ b/doc/BUILD.bazel
@@ -1 +1,9 @@
+load("@rules_python//python:pip.bzl", "compile_pip_requirements")
+
+compile_pip_requirements(
+    name = "requirements",
+    requirements_in = ":requirements.in",
+    requirements_txt = ":requirements.txt",
+)
+
 exports_files(["PathPolicy.md"])
diff --git a/doc/requirements.in b/doc/requirements.in
index 1a9af83dd1..f92194964c 100644
--- a/doc/requirements.in
+++ b/doc/requirements.in
@@ -1,4 +1,4 @@
-Sphinx
-recommonmark
-sphinx-autobuild
-sphinx-rtd-theme
+Sphinx==6.1.3
+myst_parser==1.0.0
+sphinx-autobuild==2021.3.14
+sphinx-rtd-theme==1.2.0
diff --git a/doc/requirements.txt b/doc/requirements.txt
index adac823144..15665ee313 100644
--- a/doc/requirements.txt
+++ b/doc/requirements.txt
@@ -1,8 +1,8 @@
 #
-# This file is autogenerated by pip-compile with Python 3.8
-# by the following command:
+# This file is autogenerated by pip-compile with python 3.10
+# To update, run:
 #
-#    pip-compile --generate-hashes --resolver=backtracking requirements.in
+#    bazel run //doc:requirements.update
 #
 alabaster==0.7.13 \
     --hash=sha256:1ee19aca801bbabb5ba3f5f258e4422dfa86f82f3e9cefb0859b283cdd7f62a3 \
@@ -110,15 +110,11 @@ colorama==0.4.6 \
     --hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \
     --hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6
     # via sphinx-autobuild
-commonmark==0.9.1 \
-    --hash=sha256:452f9dc859be7f06631ddcb328b6919c67984aca654e5fefb3914d54691aed60 \
-    --hash=sha256:da2f38c92590f83de410ba1a3cbceafbc74fee9def35f9251ba9a971d6d66fd9
-    # via recommonmark
 docutils==0.18.1 \
     --hash=sha256:23010f129180089fbcd3bc08cfefccb3b890b0050e1ca00c867036e9d161b98c \
     --hash=sha256:679987caf361a7539d76e584cbeddc311e3aee937877c87346f31debc63e9d06
     # via
-    #   recommonmark
+    #   myst-parser
     #   sphinx
     #   sphinx-rtd-theme
 idna==3.4 \
@@ -129,18 +125,22 @@ imagesize==1.4.1 \
     --hash=sha256:0d8d18d08f840c19d0ee7ca1fd82490fdc3729b7ac93f49870406ddde8ef8d8b \
     --hash=sha256:69150444affb9cb0d5cc5a92b3676f0b2fb7cd9ae39e947a5e11a36b4497cd4a
     # via sphinx
-importlib-metadata==6.0.0 \
-    --hash=sha256:7efb448ec9a5e313a57655d35aa54cd3e01b7e1fbcf72dce1bf06119420f5bad \
-    --hash=sha256:e354bedeb60efa6affdcc8ae121b73544a7aa74156d047311948f6d711cd378d
-    # via sphinx
 jinja2==3.1.2 \
     --hash=sha256:31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852 \
     --hash=sha256:6088930bfe239f0e6710546ab9c19c9ef35e29792895fed6e6e31a023a182a61
-    # via sphinx
+    # via
+    #   myst-parser
+    #   sphinx
 livereload==2.6.3 \
     --hash=sha256:776f2f865e59fde56490a56bcc6773b6917366bce0c267c60ee8aaf1a0959869 \
     --hash=sha256:ad4ac6f53b2d62bb6ce1a5e6e96f1f00976a32348afedcb4b6d68df2a1d346e4
     # via sphinx-autobuild
+markdown-it-py==2.2.0 \
+    --hash=sha256:5a35f8d1870171d9acc47b99612dc146129b631baf04970128b568f190d0cc30 \
+    --hash=sha256:7c9a5e412688bc771c67432cbfebcdd686c93ce6484913dccf06cb5a0bea35a1
+    # via
+    #   mdit-py-plugins
+    #   myst-parser
 markupsafe==2.1.2 \
     --hash=sha256:0576fe974b40a400449768941d5d0858cc624e3249dfd1e0c33674e5c7ca7aed \
     --hash=sha256:085fd3201e7b12809f9e6e9bc1e5c96a368c8523fad5afb02afe3c051ae4afcc \
@@ -193,6 +193,18 @@ markupsafe==2.1.2 \
     --hash=sha256:f2bfb563d0211ce16b63c7cb9395d2c682a23187f54c3d79bfec33e6705473c6 \
     --hash=sha256:f8ffb705ffcf5ddd0e80b65ddf7bed7ee4f5a441ea7d3419e861a12eaf41af58
     # via jinja2
+mdit-py-plugins==0.3.5 \
+    --hash=sha256:ca9a0714ea59a24b2b044a1831f48d817dd0c817e84339f20e7889f392d77c4e \
+    --hash=sha256:eee0adc7195e5827e17e02d2a258a2ba159944a0748f59c5099a4a27f78fcf6a
+    # via myst-parser
+mdurl==0.1.2 \
+    --hash=sha256:84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8 \
+    --hash=sha256:bb413d29f5eea38f31dd4754dd7377d4465116fb207585f97bf925588687c1ba
+    # via markdown-it-py
+myst-parser==1.0.0 \
+    --hash=sha256:502845659313099542bd38a2ae62f01360e7dd4b1310f025dd014dfc0439cdae \
+    --hash=sha256:69fb40a586c6fa68995e6521ac0a525793935db7e724ca9bac1d33be51be9a4c
+    # via -r doc/requirements.in
 packaging==23.0 \
     --hash=sha256:714ac14496c3e68c99c29b00845f7a2b85f3bb6f1078fd9f72fd20f0570002b2 \
     --hash=sha256:b6ad297f8907de0fa2fe1ccbd26fdaf387f5f47c7275fedf8cce89f99446cf97
@@ -205,10 +217,48 @@ pytz==2022.7.1 \
     --hash=sha256:01a0681c4b9684a28304615eba55d1ab31ae00bf68ec157ec3708a8182dbbcd0 \
     --hash=sha256:78f4f37d8198e0627c5f1143240bb0206b8691d8d7ac6d78fee88b78733f8c4a
     # via babel
-recommonmark==0.7.1 \
-    --hash=sha256:1b1db69af0231efce3fa21b94ff627ea33dee7079a01dd0a7f8482c3da148b3f \
-    --hash=sha256:bdb4db649f2222dcd8d2d844f0006b958d627f732415d399791ee436a3686d67
-    # via -r requirements.in
+pyyaml==6.0 \
+    --hash=sha256:01b45c0191e6d66c470b6cf1b9531a771a83c1c4208272ead47a3ae4f2f603bf \
+    --hash=sha256:0283c35a6a9fbf047493e3a0ce8d79ef5030852c51e9d911a27badfde0605293 \
+    --hash=sha256:055d937d65826939cb044fc8c9b08889e8c743fdc6a32b33e2390f66013e449b \
+    --hash=sha256:07751360502caac1c067a8132d150cf3d61339af5691fe9e87803040dbc5db57 \
+    --hash=sha256:0b4624f379dab24d3725ffde76559cff63d9ec94e1736b556dacdfebe5ab6d4b \
+    --hash=sha256:0ce82d761c532fe4ec3f87fc45688bdd3a4c1dc5e0b4a19814b9009a29baefd4 \
+    --hash=sha256:1e4747bc279b4f613a09eb64bba2ba602d8a6664c6ce6396a4d0cd413a50ce07 \
+    --hash=sha256:213c60cd50106436cc818accf5baa1aba61c0189ff610f64f4a3e8c6726218ba \
+    --hash=sha256:231710d57adfd809ef5d34183b8ed1eeae3f76459c18fb4a0b373ad56bedcdd9 \
+    --hash=sha256:277a0ef2981ca40581a47093e9e2d13b3f1fbbeffae064c1d21bfceba2030287 \
+    --hash=sha256:2cd5df3de48857ed0544b34e2d40e9fac445930039f3cfe4bcc592a1f836d513 \
+    --hash=sha256:40527857252b61eacd1d9af500c3337ba8deb8fc298940291486c465c8b46ec0 \
+    --hash=sha256:432557aa2c09802be39460360ddffd48156e30721f5e8d917f01d31694216782 \
+    --hash=sha256:473f9edb243cb1935ab5a084eb238d842fb8f404ed2193a915d1784b5a6b5fc0 \
+    --hash=sha256:48c346915c114f5fdb3ead70312bd042a953a8ce5c7106d5bfb1a5254e47da92 \
+    --hash=sha256:50602afada6d6cbfad699b0c7bb50d5ccffa7e46a3d738092afddc1f9758427f \
+    --hash=sha256:68fb519c14306fec9720a2a5b45bc9f0c8d1b9c72adf45c37baedfcd949c35a2 \
+    --hash=sha256:77f396e6ef4c73fdc33a9157446466f1cff553d979bd00ecb64385760c6babdc \
+    --hash=sha256:81957921f441d50af23654aa6c5e5eaf9b06aba7f0a19c18a538dc7ef291c5a1 \
+    --hash=sha256:819b3830a1543db06c4d4b865e70ded25be52a2e0631ccd2f6a47a2822f2fd7c \
+    --hash=sha256:897b80890765f037df3403d22bab41627ca8811ae55e9a722fd0392850ec4d86 \
+    --hash=sha256:98c4d36e99714e55cfbaaee6dd5badbc9a1ec339ebfc3b1f52e293aee6bb71a4 \
+    --hash=sha256:9df7ed3b3d2e0ecfe09e14741b857df43adb5a3ddadc919a2d94fbdf78fea53c \
+    --hash=sha256:9fa600030013c4de8165339db93d182b9431076eb98eb40ee068700c9c813e34 \
+    --hash=sha256:a80a78046a72361de73f8f395f1f1e49f956c6be882eed58505a15f3e430962b \
+    --hash=sha256:afa17f5bc4d1b10afd4466fd3a44dc0e245382deca5b3c353d8b757f9e3ecb8d \
+    --hash=sha256:b3d267842bf12586ba6c734f89d1f5b871df0273157918b0ccefa29deb05c21c \
+    --hash=sha256:b5b9eccad747aabaaffbc6064800670f0c297e52c12754eb1d976c57e4f74dcb \
+    --hash=sha256:bfaef573a63ba8923503d27530362590ff4f576c626d86a9fed95822a8255fd7 \
+    --hash=sha256:c5687b8d43cf58545ade1fe3e055f70eac7a5a1a0bf42824308d868289a95737 \
+    --hash=sha256:cba8c411ef271aa037d7357a2bc8f9ee8b58b9965831d9e51baf703280dc73d3 \
+    --hash=sha256:d15a181d1ecd0d4270dc32edb46f7cb7733c7c508857278d3d378d14d606db2d \
+    --hash=sha256:d4b0ba9512519522b118090257be113b9468d804b19d63c71dbcf4a48fa32358 \
+    --hash=sha256:d4db7c7aef085872ef65a8fd7d6d09a14ae91f691dec3e87ee5ee0539d516f53 \
+    --hash=sha256:d4eccecf9adf6fbcc6861a38015c2a64f38b9d94838ac1810a9023a0609e1b78 \
+    --hash=sha256:d67d839ede4ed1b28a4e8909735fc992a923cdb84e618544973d7dfc71540803 \
+    --hash=sha256:daf496c58a8c52083df09b80c860005194014c3698698d1a57cbcfa182142a3a \
+    --hash=sha256:dbad0e9d368bb989f4515da330b88a057617d16b6a8245084f1b05400f24609f \
+    --hash=sha256:e61ceaab6f49fb8bdfaa0f92c4b57bcfbea54c09277b1b4f7ac376bfb7a7c174 \
+    --hash=sha256:f84fbc98b019fef2ee9a1cb3ce93e3187a6df0b2538a651bfb890254ba9f90b5
+    # via myst-parser
 requests==2.28.2 \
     --hash=sha256:64299f4909223da747622c030b781c0d7811e359c37124b4bd368fb8c6518baa \
     --hash=sha256:98b1b2782e3c6c4904938b84c0eb932721069dfdb9134313beff7c83c2df24bf
@@ -225,18 +275,18 @@ sphinx==6.1.3 \
     --hash=sha256:0dac3b698538ffef41716cf97ba26c1c7788dba73ce6f150c1ff5b4720786dd2 \
     --hash=sha256:807d1cb3d6be87eb78a381c3e70ebd8d346b9a25f3753e9947e866b2786865fc
     # via
-    #   -r requirements.in
-    #   recommonmark
+    #   -r doc/requirements.in
+    #   myst-parser
     #   sphinx-autobuild
     #   sphinx-rtd-theme
 sphinx-autobuild==2021.3.14 \
     --hash=sha256:8fe8cbfdb75db04475232f05187c776f46f6e9e04cacf1e49ce81bdac649ccac \
     --hash=sha256:de1ca3b66e271d2b5b5140c35034c89e47f263f2cd5db302c9217065f7443f05
-    # via -r requirements.in
+    # via -r doc/requirements.in
 sphinx-rtd-theme==1.2.0 \
     --hash=sha256:a0d8bd1a2ed52e0b338cbe19c4b2eef3c5e7a048769753dac6a9f059c7b641b8 \
     --hash=sha256:f823f7e71890abe0ac6aaa6013361ea2696fc8d3e1fa798f463e82bdb77eeff2
-    # via -r requirements.in
+    # via -r doc/requirements.in
 sphinxcontrib-applehelp==1.0.4 \
     --hash=sha256:29d341f67fb0f6f586b23ad80e072c8e6ad0b48417db2bde114a4c9746feb228 \
     --hash=sha256:828f867945bbe39817c210a1abfd1bc4895c8b73fcaade56d45357a348a07d7e
@@ -282,10 +332,6 @@ urllib3==1.26.14 \
     --hash=sha256:076907bf8fd355cde77728471316625a4d2f7e713c125f51953bb5b3eecf4f72 \
     --hash=sha256:75edcdc2f7d85b137124a6c3c9fc3933cdeaa12ecb9a6a959f22797a0feca7e1
     # via requests
-zipp==3.14.0 \
-    --hash=sha256:188834565033387710d046e3fe96acfc9b5e86cbca7f39ff69cf21a4128198b7 \
-    --hash=sha256:9e5421e176ef5ab4c0ad896624e87a7b2f07aca746c9b2aa305952800cb8eecb
-    # via importlib-metadata
 
 # WARNING: The following packages were not pinned, but pip requires them to be
 # pinned when the requirements file includes hashes. Consider using the --allow-unsafe flag.