Require Python 3.9+ and update dependencies

[n-thumann]

What

This PR bumps the minimum required Python version to 3.9 or higher and updates this projects dependencies.

Why

• The bump to Python 3.9+ is required because
  • The latest Greenbone autohooks require Python 3.8+
  • The latest pontos requires Python 3.9+
  • Not having the latest version of them also causes their dependencies to be outdated and not updatable
• Dependabot is still failing for multiple dependencies (see Poetry >=1.5.0 removes category from poetry.lock dependabot/dependabot-core#7389):

updater | Dependabot encountered '21' error(s) during execution, please check the logs for more details.
updater | +------------------------------------+
updater | |   Dependencies failed to update    |
updater | +--------------------+---------------+
updater | | isort              | unknown_error |
updater | | rich               | unknown_error |
updater | | zipp               | unknown_error |
updater | | exceptiongroup     | unknown_error |
updater | | markdown-it-py     | unknown_error |
updater | | pylint             | unknown_error |
updater | | black              | unknown_error |
updater | | setuptools         | unknown_error |
updater | | platformdirs       | unknown_error |
updater | | httpcore           | unknown_error |
updater | | typed-ast          | unknown_error |
updater | | httpx              | unknown_error |
updater | | click              | unknown_error |
updater | | certifi            | unknown_error |
updater | | rfc3986            | unknown_error |
updater | | semver             | unknown_error |
updater | | astroid            | unknown_error |
updater | | typing-extensions  | unknown_error |
updater | | dill               | unknown_error |
updater | | anyio              | unknown_error |
updater | | importlib-metadata | unknown_error |
updater | +--------------------+---------------+

• It resolves https://github.com/greenbone/troubadix/security/dependabot/3
• It fixes a few pylint warnings that popped up after this update:

pylint: Command line or configuration file:1: UserWarning: Specifying exception names in the overgeneral-exceptions option without module name is deprecated and support for it will be removed in pylint 3.0. Use fully qualified name (maybe 'builtins.Exception' ?) instead.
************* Module /home/runner/work/troubadix/troubadix/.pylintrc
.pylintrc:1:0: E0015: Unrecognized option found: no-space-check (unrecognized-option)
************* Module troubadix.plugins.spelling
troubadix/plugins/spelling.py:75:0: W1404: Implicit string concatenation found in call (implicit-str-concat)
************* Module tests.plugins.test_cve_format
tests/plugins/test_cve_format.py:177:0: W1404: Implicit string concatenation found in call (implicit-str-concat)

References

Checklist

• Tests

[github-actions]

Conventional Commits Report

Type	Number
Bug Fixes	1
Changed	1

🚀 Conventional commits found.

[n-thumann]

TODO: After approval and right before merging this, update the branch protection rules to make the new Python 3.11 mandatory and drop Python 3.7 and 3.8 from the required checks.

[y0urself]

You may want to switch from pylint to ruff?
See for CI: greenbone/pontos@fa6bc83
And pyproject.toml: greenbone/pontos@a4d0d4d#diff-50c86b7ed8ac2cf95bd48334961bf0530cdc77b5a56f852c5c61b89d735fd711

ruff is ALOT faster then pylint!

[n-thumann]

You may want to switch from pylint to ruff?

Björn already pitched it to me :D We'll definitely consider it, but preferrebly in another PR to the the domain small

[codecov]

Codecov Report

Merging #594 (cb67145) into main (4ea19da) will increase coverage by 0.00%.
The diff coverage is n/a.

❗ Current head cb67145 differs from pull request most recent head 8d927df. Consider uploading reports for the commit 8d927df to get more accurate results

@@           Coverage Diff           @@
##             main     #594   +/-   ##
=======================================
  Coverage   78.20%   78.21%           
=======================================
  Files          80       80           
  Lines        2698     2699    +1     
  Branches      571      571           
=======================================
+ Hits         2110     2111    +1     
  Misses        441      441           
  Partials      147      147           

Files Changed	Coverage Δ
troubadix/plugins/spelling.py	76.19% <ø> (ø)

... and 2 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[n-thumann]

Dropped the checks for Python 3.7 & 3.8 and added the one for Python 3.11 in the branch protection rules.

[cfi-gb]

It seems the update of the validators package from version 0.20.0 to 0.21.2 is causing URL verification issues like the following for URLs which are absolutely valid:

Checking 2019/discourse/gb_discourse_cve-2019-5418_lfi.nasl (91891/91910)
ℹ     Results for plugin check_script_xref_url
×         script_xref(name:"URL", value:"https://groups.google.com/forum/#!topic
          /rubyonrails-security/pFRKI96Sm8Q");: Invalid URL value

And update from 0.21.2 to 0.22.0 seems currently pending via:

• Bump validators from 0.21.2 to 0.22.0 #605

might solve this as it includes fixes from / for:

• fix: url validator considers urls with /#/ as valid python-validators/validators#289
• bug: /#/ in URLs is failing validation python-validators/validators#288

[cfi-gb]

It seems with the version bump from 0.21.2 to 0.22.0 the amount of reported "invalid" URLs which seems to be valid have dropped only from 268 to 266 and there seems to be further issues in the package.

I will raise a follow-up issue at https://github.com/python-validators/validators to see if these can be fixed / solved in the package.

[cfi-gb]

Seems some one was faster and raised python-validators/validators#296, i have added examples from our cases there now.

#609 downgraded the package to version 0.20.0 now as an intermediate solution until the affected package received an update / fix.

[cfi-gb]

#624 added now a few additional valid URLs to our unit tests so that such issues due to dependency updates are found earlier.