Bump dependencies

[LanderMoerkerke]

Remove Python 3.9 support (EOL)

Summary by Sourcery

Drop Python 3.9 support and refresh dependencies and tooling for Python 3.10+.

Bug Fixes:

• Adjust tests to handle configuration differences between Pydantic v1 and v2 when using arbitrary types.

Enhancements:

• Relax and update runtime dependency versions for nats-py and pydantic-settings.
• Update development and testing tool versions, including pre-commit, pytest-cov, black, bandit, safety, pytest-asyncio, vulture, and ruff.
• Update Ruff configuration to target Python 3.10.

Build:

• Raise the minimum supported Python version from 3.9 to 3.10 in the project configuration.

Tests:

• Modify a test fixture to support both Pydantic v1 and v2 configuration styles.

Summary by CodeRabbit

Chores

• Updated minimum supported Python version from 3.9 to 3.10
• Upgraded all development and testing dependencies including test runners, linters, and security tools to newer versions
• Adjusted core dependency constraints for pydantic-settings and nats-py to use minimum-version ranges
• Improved test compatibility with Pydantic v2

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Updates project to require Python 3.10+, loosens some runtime dependency pins, bumps dev/test tooling, aligns Ruff config with the new minimum Python, and adjusts a test fixture to support both Pydantic v1 and v2 configuration styles.

File-Level Changes

Change	Details	Files
Raise minimum supported Python version to 3.10 and align Ruff configuration.	Change Poetry Python constraint from ^3.9 to ^3.10. Update Ruff target-version from py39 to py310 to match the new runtime minimum.	pyproject.toml
Relax and update runtime dependency versions.	Loosen nats-py version from ^2.2.0 to >=2.2.0 while keeping nkeys extra. Loosen pydantic-settings version from ^2.8.1 to >=2.8.1 to allow newer compatible releases.	pyproject.toml poetry.lock
Update test and development tooling versions.	Bump pre-commit to ^4.6.0. Update pytest-cov, black, bandit, safety, pytest-asyncio, vulture, and ruff to newer major/minor versions appropriate for Python 3.10+. Keep piprot unchanged.	pyproject.toml poetry.lock
Make test fixture compatible with Pydantic v2 while preserving v1 behavior.	Adjust model_with_path fixture to use ConfigDict(arbitrary_types_allowed=True) when PYDANTIC_V2 is true. Fall back to defining an inner Config class with arbitrary_types_allowed = True for Pydantic v1.	tests/test_jsonable_encoder.py

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

Warning

Rate limit exceeded

@LanderMoerkerke has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 43 minutes and 36 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6368bde2-f8f7-4c26-b81a-f05023954ec3

📥 Commits

Reviewing files that changed from the base of the PR and between 426b768 and 9d40a30.

⛔ Files ignored due to path filters (1)

• poetry.lock is excluded by !**/*.lock

📒 Files selected for processing (16)

• .github/workflows/test.yaml
• Makefile
• README.md
• natsapi/_compat.py
• natsapi/applications.py
• natsapi/asyncapi/models.py
• natsapi/asyncapi/utils.py
• natsapi/client/client.py
• natsapi/client/config.py
• natsapi/models.py
• natsapi/routing.py
• natsapi/utils.py
• pyproject.toml
• tests/asyncapi/test_generation.py
• tests/test_jsonable_encoder.py
• tests/test_models.py

📝 Walkthrough

Walkthrough

This PR updates the project to require Python 3.10 or later (previously 3.9+), adjusts Ruff's target version accordingly, shifts dependency pinning strategies for nats-py and pydantic-settings from caret ranges to minimum versions, and updates development tooling dependencies to newer releases. Additionally, a test fixture is modified to handle Pydantic v1 and v2 configuration differences.

Changes

Cohort / File(s)	Summary
Dependency and Tooling Updates pyproject.toml	Python version bumped from ^3.9 to ^3.10, Ruff target-version updated to py310, nats-py and pydantic-settings converted from caret-pinned to minimum-version constraints, and dev dependencies (pre-commit, pytest-cov, black, bandit, safety, pytest-asyncio, vulture, ruff) upgraded to newer major/minor versions.
Test Fixture Configuration tests/test_jsonable_encoder.py	fixture_model_with_path now branches on PYDANTIC_V2 to construct model configuration differently: uses ConfigDict(arbitrary_types_allowed=True) for v2, or legacy class Config for v1.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 Hops with glee through version lands,
Python's bumped to three-point-ten so grand,
Dependencies dance in new attire,
Pydantic's config takes it higher,
Tests now speak both dialects with care! 🎉

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'Bump dependencies' is vague and does not convey the main objective of removing Python 3.9 support, which is the primary purpose stated in the PR description.	Consider a more specific title that reflects the main change, such as 'Drop Python 3.9 support' or 'Bump dependencies and require Python 3.10+' to better communicate the PR's intent.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/dependency-update

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 43 minutes and 36 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sourcery-ai]

Hey - I've left some high level feedback:

• For nats-py and pydantic-settings the version specifiers were changed from caret ranges to open-ended >= constraints; consider retaining an upper bound (e.g. ^ or <next-major) to avoid unexpected breakages from future major releases.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- For `nats-py` and `pydantic-settings` the version specifiers were changed from caret ranges to open-ended `>=` constraints; consider retaining an upper bound (e.g. `^` or `<next-major`) to avoid unexpected breakages from future major releases.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

pyproject.toml (1)

20-21: Consider keeping an upper bound on nats-py and pydantic-settings.

Switching from caret ranges to open-ended >= constraints means future major releases of these libraries will be resolved without review, which can silently pull in breaking changes for downstream consumers of natsapi. If the intent was only to relax the lower-bound floor, a bounded range like >=2.2.0,<3.0.0 (and >=2.8.1,<3.0.0) would preserve flexibility without giving up SemVer guarantees.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pyproject.toml` around lines 20 - 21, Update the dependency constraints in
pyproject.toml to add reasonable upper bounds so major breaking releases aren't
pulled in automatically: change the nats-py entry (nats-py = {extras =
["nkeys"], version = ">=2.2.0"}) to a bounded range such as ">=2.2.0,<3.0.0" and
change pydantic-settings = ">=2.8.1" to a bounded range such as ">=2.8.1,<3.0.0"
(or another appropriate major upper bound) to preserve SemVer guarantees while
keeping the same minimum versions.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pyproject.toml`:
- Line 18: Update the README's Python requirement string that currently reads
"python > 3.9" to match pyproject.toml by changing it to "python >= 3.10";
ensure any mention in README (around the current "python > 3.9" text) is
replaced so documentation and pyproject.toml (python = "^3.10") are consistent.

---

Nitpick comments:
In `@pyproject.toml`:
- Around line 20-21: Update the dependency constraints in pyproject.toml to add
reasonable upper bounds so major breaking releases aren't pulled in
automatically: change the nats-py entry (nats-py = {extras = ["nkeys"], version
= ">=2.2.0"}) to a bounded range such as ">=2.2.0,<3.0.0" and change
pydantic-settings = ">=2.8.1" to a bounded range such as ">=2.8.1,<3.0.0" (or
another appropriate major upper bound) to preserve SemVer guarantees while
keeping the same minimum versions.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f5b1cea5-951d-4577-9df1-94b922ae4a87

📥 Commits

Reviewing files that changed from the base of the PR and between 59e0235 and 426b768.

⛔ Files ignored due to path filters (1)

• poetry.lock is excluded by !**/*.lock

📒 Files selected for processing (2)

• pyproject.toml
• tests/test_jsonable_encoder.py