fix: bump vulnerable deps and drop EOL Python 3.9

- requests >= 2.33.0 (was >=2.31.0) — fixes insecure temp file reuse (GHSA)
- pytest ^9.0.3 (was ^8.4.1) — fixes vulnerable tmpdir handling (GHSA)
- pygments >= 2.20.0 (dev dep) — fixes ReDoS via GUID regex (GHSA)
- python >= 3.10 (was >=3.9) — 3.9 reached EOL Oct 2025; CI already tests 3.12 only
- ruff target-version updated from py39 → py310 to match

Author: nthmost-orkes

poetry.lock

@@ -23,11 +23,11 @@ classifiers = [
 ]
 
 [tool.poetry.dependencies]
-python = ">=3.9"
+python = ">=3.10"
 certifi = ">=14.05.14"
 prometheus-client = ">=0.13.1"
 six = ">=1.10"
-requests = ">=2.31.0"
+requests = ">=2.33.0"
 typing-extensions = ">=4.2.0"
 astor = ">=0.8.1"
 shortuuid = ">=1.0.11"
@@ -45,12 +45,13 @@ pytest-cov = ">=4.1.0"
 ruff = "^0.12.0"
 pre-commit = "^4.2.0"
 setuptools = "^80.9.0"
-pytest = "^8.4.1"
+pytest = "^9.0.3"
+pygments = ">=2.20.0"
 filelock = ">=3.20.3"
 virtualenv = ">=20.36.1"
 
 [tool.ruff]
-target-version = "py39"
+target-version = "py310"
 line-length = 100
 src = ["src"]
 extend-exclude = [