feat: add benchmarks, patch security vulns (lxml, pytest), and bump to v0.2.0

[avishaycohen]

Overview

This PR introduces performance benchmarking capabilities, addresses critical security vulnerabilities in our dependencies, and modernizes the build environment by officially dropping end-of-life Python versions. Because of the change in supported Python versions, this includes a bump to v0.2.0.

Key Changes

🚀 Features & Benchmarks

• Added benchmark scripts (bench_mpd_parser.py, bench_mpegdash.py) to easily compare performance against the mpegdash package.
• Updated README.md with benchmark results demonstrating that mpd-parser is significantly faster.

🛡️ Security & Dependencies

• lxml: Upgraded to 6.1.0 to address critical security flaws in 4.9.2.
• pytest: Upgraded to 9.0.3 to resolve the insecure temporary directory handling vulnerability (CVE-2025-71176).
• pylint: Upgraded to 4.0.5 to fix compatibility issues and syntax deprecations when linting in modern Python versions (e.g., Python 3.14).

⚙️ Build & CI Updates

• Python Support: Dropped support for EOL Python 3.8 and aging 3.9 (required to support the patched pytest and pylint dependencies).
• Updated setup.cfg and pyproject.toml to specify python_requires = >=3.10.
• Testing Matrix: Updated GitHub Actions (pylint.yml, pytest.yml) to run against Python 3.10, 3.11, 3.12, and 3.13.
• Version Bump: Bumped package version to 0.2.0 reflecting the breaking change in Python compatibility.

🧪 Test Stability

• Flaky Tests: Fixed test_parse_from_url_mpd_tag which was failing due to a 403 Forbidden error on a dead external bitmovin URL.
• The test now reliably spins up a temporary local http.server thread to serve a local manifest file and validates URL fetching over a real HTTP socket without requiring external network access.

Testing

• Ran pylint locally, scoring 9.64/10 (passing the --fail-under 9 threshold).
• Ran pytest locally; all 80 tests pass successfully.
• Verified local HTTP server test passes.