Upgrade Python versions and deprecate Python 3.9 (#15058)

* Update Python versions in Dockerfile and language.rb; adjust requirements.txt and language_spec.rb for deprecation of Python 3.9

* Add support for Python 3.9 by introducing requirements-3.9.txt and updating build script

* Update comment for version specification in language.rb

* Update comment in requirements-3.9.txt to clarify tomli dependency for Python <3.11

* Add deprecation notice for Python 3.9 in language.rb

* Clarify deprecation notice for Python 3.9 in language.rb

* Update pipenv version in requirements.txt to 2024.4.1

Author: kbukum1

python/Dockerfile

@@ -3,12 +3,12 @@
 # python/lib/dependabot/python/language.rb: PRE_INSTALLED_PYTHON_VERSIONS_RAW
 # python/spec/dependabot/python/file_fetcher_spec.rb: exposes the expected ecosystem_versions metric spec
 # Python versions are pinned to the release of each minor/patch version.
-ARG PY_3_14=3.14.2
-ARG PY_3_13=3.13.11
-ARG PY_3_12=3.12.12
-ARG PY_3_11=3.11.14
-ARG PY_3_10=3.10.19
-ARG PY_3_9=3.9.24
+ARG PY_3_14=3.14.5
+ARG PY_3_13=3.13.13
+ARG PY_3_12=3.12.13
+ARG PY_3_11=3.11.15
+ARG PY_3_10=3.10.20
+ARG PY_3_9=3.9.25
 # https://github.com/pyenv/pyenv/releases
 ARG PYENV_VERSION=v2.6.16
 

python/helpers/build

@@ -15,14 +15,25 @@ cp -r \
   "$helpers_dir/lib" \
   "$helpers_dir/run.py" \
   "$helpers_dir/requirements.txt" \
+  "$helpers_dir/requirements-3.9.txt" \
   "$install_dir"
 
 if [ -d "$helpers_dir/test" ]; then
   cp -r "$helpers_dir/test" "$install_dir"
 fi
 
 cd "$install_dir"
-PYENV_VERSION=$1 pyenv exec pip3 --disable-pip-version-check install --use-pep517 -r "requirements.txt"
+
+python_version=$1
+# pip 26.x and several other packages require Python >=3.10.
+# Use 3.9-compatible versions for the deprecated Python 3.9 runtime.
+if [[ "$python_version" == 3.9.* ]]; then
+  req_file="requirements-3.9.txt"
+else
+  req_file="requirements.txt"
+fi
+
+PYENV_VERSION=$python_version pyenv exec pip3 --disable-pip-version-check install --use-pep517 -r "$req_file"
 
 # Remove the extra objects added during the previous install. Based on
 # https://github.com/docker-library/python/blob/master/Dockerfile-linux.template

python/helpers/requirements-3.9.txt

@@ -0,0 +1,15 @@
+# Python 3.9-compatible versions pinned to the last known working set before
+# packages dropped 3.9 support. Python 3.9 reached end-of-life on 2025-10-31.
+pip==24.2
+pip-tools==7.5.3
+flake8==7.3.0
+hashin==1.0.5
+pipenv==2024.4.1
+plette==2.1.0
+poetry==2.2.1
+pytest==8.3.5
+# tomli is required for Python <3.11 (stdlib tomllib was added in 3.11).
+tomli==2.2.1
+
+# Some dependencies will only install if Cython is present
+Cython==3.2.4

python/helpers/requirements.txt

@@ -1,13 +1,13 @@
-pip==24.2
+pip==26.1.1
 pip-tools==7.5.3
 flake8==7.3.0
 hashin==1.0.5
 pipenv==2024.4.1
-plette==2.1.0
-poetry==2.2.1
-pytest==8.3.5
+plette==2.2.1
+poetry==2.4.1
+pytest==9.0.3
 # TODO: Replace 3p package `tomli` with 3.11's new stdlib `tomllib` once we drop support for Python 3.10.
-tomli==2.2.1
+tomli==2.4.1
 
 # Some dependencies will only install if Cython is present
 Cython==3.2.4

python/lib/dependabot/python/language.rb

@@ -13,15 +13,15 @@ class Language < Dependabot::Ecosystem::VersionManager
       extend T::Sig
 
       # This list must match the versions specified at the top of `python/Dockerfile`
-      # ARG PY_3_13=3.13.2
+      # e.g. ARG PY_3_13=3.13.x
       # Note: uv ecosystem aliases this class, so updates here apply to both ecosystems.
       PRE_INSTALLED_PYTHON_VERSIONS_RAW = %w(
-        3.14.2
-        3.13.11
-        3.12.12
-        3.11.14
-        3.10.19
-        3.9.24
+        3.14.5
+        3.13.13
+        3.12.13
+        3.11.15
+        3.10.20
+        3.9.25
       ).freeze
 
       PRE_INSTALLED_PYTHON_VERSIONS = T.let(
@@ -47,7 +47,9 @@ class Language < Dependabot::Ecosystem::VersionManager
         T::Array[Dependabot::Python::Version]
       )
 
-      NON_SUPPORTED_HIGHEST_VERSION = "3.8"
+      # The highest Python version that is no longer fully supported.
+      # Deprecated now (warning); unsupported once removed from PRE_INSTALLED_PYTHON_VERSIONS_RAW.
+      NON_SUPPORTED_HIGHEST_VERSION = "3.9"
 
       DEPRECATED_VERSIONS = T.let([Version.new(NON_SUPPORTED_HIGHEST_VERSION)].freeze, T::Array[Dependabot::Version])
 

python/spec/dependabot/python/language_spec.rb

@@ -22,7 +22,7 @@
     end
 
     context "when detected version is deprecated but not unsupported" do
-      let(:detected_version) { "3.8.1" }
+      let(:detected_version) { "3.9.1" }
 
       before do
         allow(language).to receive(:unsupported?).and_return(false)