chore: update py dependencies (+maturin lock)

[jdobes]

Closes #2295

Secure Coding Practices Checklist GitHub Link

• https://github.com/RedHatInsights/secure-coding-checklist

Secure Coding Checklist

• Input Validation
• Output Encoding
• Authentication and Password Management
• Session Management
• Access Control
• Cryptographic Practices
• Error Handling and Logging
• Data Protection
• Communication Security
• System Configuration
• Database Security
• File Management
• Memory Management
• General Coding Practices

Summary by Sourcery

Update Python runtime and build dependencies and pin maturin for compatibility with current Rust toolchain.

Enhancements:

• Bump multiple runtime libraries (AWS SDK, Google auth, cryptography, HTTP stack, timezone, caching, and related packages) to newer versions.
• Add and pin maturin as a direct dependency in pyproject for Python 3.12–3.13 environments to align with available Rust compiler versions.
• Upgrade database-related packages (psycopg, psycopg-pool) and internal SDK and caching libraries to their latest compatible releases.

Build:

• Refresh lockfiles and requirements lists, including adding maturin wheels, to reflect updated dependency versions.

[sourcery-ai]

Reviewer's Guide

This PR refreshes several Python runtime dependencies, adds maturin as a pinned build dependency, and regenerates lock/requirements files to keep Poetry and pip-based environments in sync while respecting RHEL 9 Rust toolchain constraints.

File-Level Changes

Change	Details	Files
Update selected third-party libraries to newer versions in the runtime requirements set, primarily around AWS/GCP clients, HTTP stack, crypto, database drivers, and related utilities.	Bump AWS stack (boto3, botocore, s3transfer) to 1.43.9/0.17.0 and update hashes. Bump core TLS/HTTP-related packages (certifi, idna, requests, urllib3, click, cryptography) and tzdata to newer patch/minor versions with updated hashes. Update service/client libraries and SDKs (google-auth, kessel-sdk, gitpython, python-multipart, packaging, propcache) and various infra libs (psycopg/psycopg-pool, requests, tzdata, idna, etc.) to latest allowed versions. Ensure all version environment markers (python_version, platform selectors) remain unchanged while only version pins and hashes are updated.	requirements.txt
Introduce and pin maturin as a build dependency to a version compatible with the current Rust toolchain on RHEL 9, and reflect that in lock/requirements artifacts.	Add maturin pinned at 1.13.1 in the Poetry configuration with an inline comment explaining that 1.13.2 requires rustc 1.89 which is not available on RHEL 9. Regenerate Poetry lockfile and derived requirements files (build, dev, extra) so they include maturin and align with the updated dependency graph.	pyproject.toml poetry.lock requirements-build.txt requirements-dev.txt requirements-extra.txt

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[github-actions]

SC Environment Impact Assessment

Overall Impact: ⚪ NONE

No SC Environment-specific impacts detected in this PR.

What was checked

This PR was automatically scanned for:

• Database migrations
• ClowdApp configuration changes
• Kessel integration changes
• AWS service integrations (S3, RDS, ElastiCache)
• Kafka topic changes
• Secrets management changes
• External dependencies

[sourcery-ai]

Hey - I've left some high level feedback:

• The comment # Unlock when propcache > 0.4.1 is released in pyproject.toml is now misleading given the upgrade to propcache 0.5.2; consider updating or removing it to reflect the current constraint rationale.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The comment `# Unlock when propcache > 0.4.1 is released` in pyproject.toml is now misleading given the upgrade to propcache 0.5.2; consider updating or removing it to reflect the current constraint rationale.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}