Drop Python 3.9 to fully patch requests CVE-2026-25645

requests 2.33.0+ requires Python >=3.10. The previous multi-constraint
approach left Python 3.9 installs on requests 2.32.x, which is still
vulnerable. Python 3.9 has been EOL since October 2025.

Also simplifies the cryptography pin now that the 3.9.2 marker is moot.

https://claude.ai/code/session_01Nsf9RKZvau6jx2vA8MULoD

Author: claude

poetry.lock

@@ -9,19 +9,16 @@ readme = "README.md"
 robusta = "robusta_cli.main:app"
 
 [tool.poetry.dependencies]
-python = "^3.9, <3.13"
+python = "^3.10, <3.13"
 typer = "^0.12.3"
 pyyaml = "^6.0.1"
 click-spinner = "^0.1.10"
-cryptography = {version = "46.0.7", python = ">=3.9.2,<3.13"}
+cryptography = "46.0.7"
 dpath = "^2.0.5"
 pydantic = "^1.0"
 slack-sdk = "^3"
 pyjwt = "^2.4.0"
-requests = [
-    {version = "^2.32.4", python = "<3.10"},
-    {version = ">=2.33.0,<3.0.0", python = ">=3.10"}
-]
+requests = "^2.33.0"
 certifi = "2024.7.4"
 types-toml = "^0.10.2"
 toml = "^0.10.2"