Drop support for Python 3.9

[DhavalGojiya]

Description

Related issue

Fixes #1247

What does this PR do?

• Drops support for Python 3.9.
• Updates the CI pipeline to remove Python 3.9 from the test matrix.
• Refactors the UV_PYTHON environment variable into a more generic PYTHON_VERSION variable so it can be reused throughout the workflow.
• Removes the types-requests dependency from the lint group, as it is no longer needed. requests has shipped inline type annotations (py.typed) since v2.34.0 ; See
• Runs uv lock --upgrade to refresh all lockfile dependencies to their latest compatible versions for minimum supported Python 3.10.

Tests

1) uv lock --upgrade

2) uv run pytest -q

PR checklist

Please check if your PR fulfills the following requirements:

• Did you use any AI tool while implementing this PR (code, tests, docs, etc.)? If yes, disclose it in the PR description and describe what it was used for. AI usage is allowed when it is disclosed.
• Does this PR fix an existing issue, or have you listed the changes applied in the PR description (and why they are needed)?
• Have you read the contributing guidelines?
• Have you made sure that the title is accurate and descriptive of the changes?

Thank you so much for contributing to Meilisearch!

Summary

This PR drops support for Python 3.9 and updates the minimum supported version to Python 3.10.

Changes

Python Version Updates

• Raised the minimum supported Python version from >=3.9 to >=3.10 in pyproject.toml
• Removed Python 3.9 from CI/test environments:
  • .github/workflows/tests.yml (integration test matrix now runs 3.10–3.13)
  • .github/workflows/pre-release-tests.yml (matrix reduced to 3.10–3.13)
  • tox.ini (py39 replaced with py310)
• Updated README.md installation requirements to require Python 3.10+
• Updated Dockerfile base image from python:3.9-slim-trixie to python:3.10-slim-trixie

Environment Variable Refactoring (GitHub Actions)

• Replaced UV_PYTHON with PYTHON_VERSION across workflows for consistent interpreter selection
• Updated workflows to wire the selected version into both actions/setup-python and astral-sh/setup-uv:
  • .github/workflows/documentation.yml
  • .github/workflows/pypi-publish.yml
  • .github/workflows/tests.yml

Dependency Updates

• Removed types-requests from dependency-groups.lint in pyproject.toml (inline types are available in requests ≥ 2.34.0)

Lockfile Refresh

• Ran uv lock --upgrade to refresh lockfile dependencies for Python 3.10+ minimum support.

Verification

• uv lock --upgrade --dry-run succeeded with dependency resolution completing in 1.55s (including updates such as mypy, playwright, and requests)
• Test run: uv run pytest -q
  • 353 passed, 5 skipped
  • 93% total coverage across the meilisearch package
  • Runtime: 181.90s

[coderabbitai]

📝 Walkthrough

Walkthrough

Python 3.9 support is dropped across the project. The minimum required version is raised to 3.10 in pyproject.toml (including classifiers), tox.ini, README.md, and the Dockerfile base image. All four GitHub Actions workflows update their Python matrices to start at 3.10 and rename the UV_PYTHON environment variable to PYTHON_VERSION. The types-requests lint dependency is also removed from pyproject.toml.

Changes

Drop Python 3.9, raise minimum to 3.10

Layer / File(s)	Summary
Project metadata, container, and local test config pyproject.toml, tox.ini, README.md, Dockerfile	requires-python raised to >=3.10, Python 3.9 classifier removed, types-requests lint dependency dropped, py39 removed from tox.ini envlist, README installation note updated to 3.10+, and Dockerfile base image updated from python:3.9-slim-trixie to python:3.10-slim-trixie.
CI workflow Python version and env var updates .github/workflows/tests.yml, .github/workflows/pre-release-tests.yml, .github/workflows/documentation.yml, .github/workflows/pypi-publish.yml	All workflows drop Python 3.9 from test matrices, rename UV_PYTHON to PYTHON_VERSION, and pass ${{ env.PYTHON_VERSION }} to both actions/setup-python and astral-sh/setup-uv steps.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related PRs

• meilisearch/meilisearch-python#1231: Previously migrated the same workflow files to use astral-sh/setup-uv and introduced the UV_PYTHON environment variable pattern that this PR renames to PYTHON_VERSION.

Suggested reviewers

• Strift

🐇 Three-nine hops away at last,
Ten is now the floor steadfast.
PYTHON_VERSION takes the stage,
UV_PYTHON flips the page!
The matrix shrinks, the Dockerfile too—
A cleaner codebase, fresh and new! 🌿

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely summarizes the primary change: dropping Python 3.9 support across all project configurations.
Linked Issues check	✅ Passed	The PR fully implements the requirement from issue #1247 to drop Python 3.9 support by removing it from CI matrices, updating minimum version to 3.10 in configuration files, and updating the Dockerfile.
Out of Scope Changes check	✅ Passed	One change appears tangentially related but not directly required: removal of types-requests from lint dependencies, justified by requests v2.34.0+ shipping inline type annotations.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sanders41]

The Dockerfile is still using 3.9

meilisearch-python/Dockerfile

Line 1 in f51bb17

FROM python:3.9-slim-trixie

Also there are a lot of depreciations around typing. They are only warnings at this point, but at some point in the future they will become errors. We could either update them here or open a new issue to update them.

uv run ruff check --select UP meilisearch tests
...
Found 413 errors.
[*] 390 fixable with the `--fix` option (1 hidden fix can be enabled with the `--unsafe-fixes` option).

[DhavalGojiya]

The Dockerfile is still using 3.9

Will update this.

Also there are a lot of depreciations around typing. They are only warnings at this point, but at some point in the future they will become errors.

Will set up the Ruff rules along with pyupgrade in the next PR.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

Dockerfile (1)

1-12: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Run the container as a non-root user.

The image still runs as root (no USER directive), which increases blast radius if the process is compromised. Add a dedicated unprivileged user and switch before runtime.

Suggested patch

 FROM python:3.10-slim-trixie
 
 COPY --from=ghcr.io/astral-sh/uv:0.11.19 /uv /uvx /bin/
 
 WORKDIR /home/package
+
+RUN useradd --create-home --shell /usr/sbin/nologin appuser
 
-COPY pyproject.toml .
-COPY uv.lock .
+COPY --chown=appuser:appuser pyproject.toml .
+COPY --chown=appuser:appuser uv.lock .
 
 # Install dependencies
 RUN uv sync --frozen --no-install-project
+
+USER appuser

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` around lines 1 - 12, The Dockerfile currently lacks a USER
directive, meaning the container runs as root which is a security risk. After
the RUN command that executes uv sync --frozen --no-install-project, add a RUN
directive to create a dedicated unprivileged user (for example, with a name like
app or appuser) with a home directory, then add a USER directive to switch to
that user before the container runtime. This ensures the process runs with
minimal privileges and reduces the impact if the application is compromised.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@Dockerfile`:
- Around line 1-12: The Dockerfile currently lacks a USER directive, meaning the
container runs as root which is a security risk. After the RUN command that
executes uv sync --frozen --no-install-project, add a RUN directive to create a
dedicated unprivileged user (for example, with a name like app or appuser) with
a home directory, then add a USER directive to switch to that user before the
container runtime. This ensures the process runs with minimal privileges and
reduces the impact if the application is compromised.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 39bd6ddb-39e7-45ab-8cd3-6cdecd037f6f

📥 Commits

Reviewing files that changed from the base of the PR and between a5ba476 and 3ddec86.

📒 Files selected for processing (1)

• Dockerfile

[sanders41]

I found a few more. documentation.yml, pre-release-tests.yml, and pypi-publish.yml` in the GitHub workflows still use 3.9.

@Strift the required checks will also need to be updated to remove 3.9.

[DhavalGojiya]

I found a few more. documentation.yml, pre-release-tests.yml, and pypi-publish.yml` in the GitHub workflows still use 3.9.

Can you please check again? I don't see any references to 3.9 in the files you mentioned.

[sanders41]

Interesting, I was on my phone earlier and it took me to the main repo instead of your branch. I'm on a computer now and everything looks correct.

[Strift]

Great 🙌

Thanks @sanders41 for the review! I updated the required checks.