Sphinx 6.2.1: hash digest injection is broken due to reuse of css_files in HTML context

[pradyunsg]

Discussed in #708

Sphinx 6.2.1 reuses css_files across multiple files, which means that the injection of hash'd digests for assets fails due to the hash injection not being idempotent. This means that the build fails if there are more than one HTML files to generate.

[pradyunsg]

Until this is resolved, folks can change their requirement on Furo to: furo != 2023.08.17, != 2023.08.19. I'll yank those releases, once I have a release out with the fixes made.

[Eric-Arellano]

I'll yank those releases, once I have a release out with the fixes made.

This will break all the Qiskit projects that are pinned to an exact Furo version. If possible, it'd be great to not yank since it's possible to use a Sphinx x Furo combination that is valid. Since there isn't a security vulnerability, I'm not sure yanking would be necessary?

[pradyunsg]

Yanking doesn't break pinning based workflows. See https://pypi.org/help/#yanked.

[pradyunsg]

Fixed in https://pradyunsg.me/furo/changelog/#zesty-zaffre

[pradyunsg]