Re-require Python 3.9

.github/workflows/unittests.yml

@@ -23,3 +23,20 @@ jobs:
             --capability maintainability \
             --analysisresults test/testdata/maintainability.json
           cat sigrid-ci-output/feedback.md
+  compatibility-check:
+    name: "Python compatibility check"
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.9", "3.13"]
+    steps:
+      - name: "Check out repository"
+        uses: actions/checkout@v4
+      - name: "Set up Python ${{ matrix.python-version }}"
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: "Check compatibility with Python version"
+        run: |
+          python -m compileall -f sigridci
+          cd sigridci && python -c "import sigridci; print('Import successful for Python ${{ matrix.python-version }}')"

Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.11-alpine
+FROM python:3.13-alpine
 
 RUN apk --no-cache -U upgrade && \
     apk --no-cache add git && \

Dockerfile.Azure

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:1.4
-FROM python:3.11-slim
+FROM python:3.13-slim
 
 ARG REVISION
 

Dockerfile.hub

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:1.4
-FROM python:3.11-alpine
+FROM python:3.13-alpine
 
 ARG REVISION
 

docs/capabilities/faq.md

@@ -146,7 +146,7 @@ So which one should you use? That depends on your development process. If you us
 ### What to do when the script does not work?
 
 The Sigrid CI Python script is currently under active development, which means that its subject to change, and namely, its dependencies are subject to change as we add new functionality.
-Sigrid CI requires Python 3.7 or higher. 
+Sigrid CI requires Python 3.9 or higher. 
 In some cases multiple python versions are installed in the environment and the wrong one (below 3.7) may be selected automatically. If that is the case, please make sure that the highest version is set to be the default.
 When not using Docker to run the script, this requires that the dependencies in the environment in which the script is being ran are in sync with the actual code, and, in order to do that, you can run either `pip install -r requirement.txt` or `pipenv install`, when using Python virtual environments.
 

docs/reference/client-script-usage.md

@@ -14,7 +14,7 @@ The [general Sigrid CI documentation](../sigridci-integration/development-workfl
 
 - Docker
 - If you are *not* using Docker
-  - Python 3.7 or higher
+  - Python 3.9 or higher
   - Git
   - To support custom runners and on-premise installations, the Sigrid CI client script intentionally does not require any [PIP](https://pypi.org/project/pip/) dependencies.
 

docs/sigridci-integration/azure-devops.md

@@ -8,7 +8,7 @@ This documentation covers cloud-based Sigrid. For on-premise Sigrid, refer to th
 
 - You have a [Sigrid](https://sigrid-says.com) user account. 
 - You have created an [authentication token for using Sigrid CI](../organization-integration/authentication-tokens.md).
-- [Python 3.7 or higher](https://www.python.org) needs to be available in the CI environment if you do not use the [Docker image](https://hub.docker.com/r/softwareimprovementgroup/sigridci) published by SIG. The client scripts for Sigrid CI are based on Python.
+- [Python 3.9 or higher](https://www.python.org) needs to be available in the CI environment if you do not use the [Docker image](https://hub.docker.com/r/softwareimprovementgroup/sigridci) published by SIG. The client scripts for Sigrid CI are based on Python.
 - The examples assume [Git](https://git-scm.com) is available on your Azure DevOps environment.
 - Sigrid CI requires the UTF-8 character encoding, as we use emoji in the command line output. Nowadays UTF-8 is the default in most environments, but if you are using a different character encoding for Python you will need to set the character encoding explicitly using the [PYTHONIOENCODING](https://docs.python.org/3/using/cmdline.html) environment variable (i.e. `export PYTHONIOENCODING=utf-8` or `set PYTHONIOENCODING=utf-8`).
 

docs/sigridci-integration/gitlab.md

@@ -8,7 +8,7 @@ This documentation covers cloud-based Sigrid. For on-premise Sigrid, refer to th
 
 - You have a [Sigrid](https://sigrid-says.com) user account. 
 - You have created an [authentication token for using Sigrid CI](../organization-integration/authentication-tokens.md).
-- [Python 3.7 or higher](https://www.python.org) needs to be available in the CI environment if you do not use the [Docker image](https://hub.docker.com/r/softwareimprovementgroup/sigridci) published by SIG. The client scripts for Sigrid CI are based on Python.
+- [Python 3.9 or higher](https://www.python.org) needs to be available in the CI environment if you do not use the [Docker image](https://hub.docker.com/r/softwareimprovementgroup/sigridci) published by SIG. The client scripts for Sigrid CI are based on Python.
 
 ## On-boarding your system to Sigrid
 
@@ -106,7 +106,7 @@ sigridpublish:
 
 #### Alternative 2b: Download SIG's Sigrid CI Python script
 
-Alternative 2b does not use a Docker image. Instead, the Sigrid CI GitLab jobs download SIG's Sigrid CI Python script directly from GitHub and runs it on your GitLab runner. This requires Github.com to be accessible from your CI environment and Python 3.7 to be available on your GitLab runners.
+Alternative 2b does not use a Docker image. Instead, the Sigrid CI GitLab jobs download SIG's Sigrid CI Python script directly from GitHub and runs it on your GitLab runner. This requires GitHub.com to be accessible from your CI environment and Python 3.9 to be available on your GitLab runners.
 
 Sigrid CI consists of a number of Python-based client scripts, that interact with Sigrid in order to analyze your project's source code and provide feedback based on the results. These client scripts need to be available to your GitLab runners, in order to call the scripts *from* the CI pipeline. 
 

docs/sigridci-integration/integration.md

@@ -10,7 +10,7 @@ This guide explains how to integrate Sigrid into your continuous integration pip
 
 - You have a [Sigrid](https://sigrid-says.com) user account. 
 - You have created an [authentication token for using Sigrid CI](../organization-integration/authentication-tokens.md).
-- [Python 3.7 or higher](https://www.python.org) needs to be available in the CI environment. The client scripts for Sigrid CI are based on Python.
+- [Python 3.9 or higher](https://www.python.org) needs to be available in the CI environment. The client scripts for Sigrid CI are based on Python.
 - The examples assume [Git](https://git-scm.com) is available in the CI environment.
 
 ## On-boarding your system to Sigrid

docs/sigridci-integration/jenkins.md

@@ -8,7 +8,7 @@ This documentation covers cloud-based Sigrid. On-premise Sigrid does not support
 
 - You have a [Sigrid](https://sigrid-says.com) user account. 
 - You have created an [authentication token for using Sigrid CI](../organization-integration/authentication-tokens.md).
-- [Python 3.7 or higher](https://www.python.org) needs to be available in the CI environment.
+- [Python 3.9 or higher](https://www.python.org) needs to be available in the CI environment.
 
 ### Some notes about the output directory
 - The Sigrid CI container writes several files in its output directory, which defaults to the container working directory. It writes these files as a non-privileged user configured in our Dockerfile (currently: user `sigridci`). If you bind-mount a host volume to the output directory, ensure that this container user has write permission for the mounted directory, which typically means you need to make this directory world-writeable on the host.

docs/sigridci-integration/teamcity.md

@@ -8,7 +8,7 @@ This documentation covers cloud-based Sigrid. On-premise Sigrid does not support
 
 - You have a [Sigrid](https://sigrid-says.com) user account. 
 - You have created an [authentication token for using Sigrid CI](../organization-integration/authentication-tokens.md).
-- [Python 3.7 or higher](https://www.python.org) needs to be available in the CI environment. The client scripts for Sigrid CI are based on Python.
+- [Python 3.9 or higher](https://www.python.org) needs to be available in the CI environment. The client scripts for Sigrid CI are based on Python.
 - The examples assume [Git](https://git-scm.com) is available in your TeamCity environment.
 
 ## On-boarding your system to Sigrid

sigridci/sigridci/analysisresults/cyclonedx_processor.py

@@ -13,7 +13,6 @@
 # limitations under the License.
 
 from dataclasses import dataclass
-from typing import List
 
 from ..objective import Objective
 
@@ -24,7 +23,7 @@ class Library:
     name: str
     version: str
     latestVersion: str
-    files: List[str]
+    files: list[str]
 
 
 class CycloneDXProcessor:

sigridci/sigridci/publish_options.py

@@ -16,7 +16,7 @@
 import re
 from dataclasses import dataclass, field
 from enum import Enum
-from typing import List, Union
+from typing import Union
 
 
 class RunMode(Enum):
@@ -38,16 +38,16 @@ class PublishOptions:
     runMode: RunMode
     sourceDir: str = "."
     subsystem: str = ""
-    excludePatterns: List[str] = field(default_factory=lambda: [])
-    includePatterns: List[str] = field(default_factory=lambda: [])
+    excludePatterns: list[str] = field(default_factory=lambda: [])
+    includePatterns: list[str] = field(default_factory=lambda: [])
     includeHistory: bool = False
     showUploadContents: bool = False
     convert: str = None
     outputDir: str = "sigrid-ci-output"
     sigridURL: str = "https://sigrid-says.com"
     feedbackURL: str = "https://docs.sigrid-says.com/landing/feedback.html"
     partner: str = "sig"
-    capabilities: List[Capability] = field(default_factory=lambda: [Capability.MAINTAINABILITY])
+    capabilities: list[Capability] = field(default_factory=lambda: [Capability.MAINTAINABILITY])
 
     SYSTEM_NAME_PATTERN = re.compile("^[a-z0-9]+(-[a-z0-9]+)*$", re.IGNORECASE)
     SYSTEM_NAME_LENGTH = range(2, 65)