fix: update vulnerable dependencies and drop Python 3.9 (EOL)

Addresses all open Dependabot security alerts:
- requests: 2.32.5 -> 2.33.1 (insecure temp file reuse, netrc leak)
- deepdiff: 8.6.1 -> 8.6.2 (memory exhaustion DoS via SAFE_TO_IMPORT)
- jinja2: tighten constraint to >=3.1.6 (sandbox breakout; already at 3.1.6)
- pytest: 7.4.4 -> 9.0.3 (vulnerable tmpdir handling)
- pygments: 2.18.0 -> 2.20.0 (ReDoS via GUID regex)
- markdown: 3.7 -> 3.10.2 (uncaught exception)
- pymdown-extensions: 10.14.3 -> 10.21.2 (ReDoS in figure capture)
- filelock: 3.19.1 -> 3.29.0 (TOCTOU symlink vulnerability)

requests>=2.33.0 requires Python>=3.10, so drop EOL Python 3.9 support
and bump requires-python to >=3.10.

Author: b-per

.github/workflows/ci.yml

@@ -28,7 +28,7 @@ jobs:
 
     strategy:
       matrix:
-        python-version: ["3.9", "3.10", "3.11", "3.12",  "3.13", "3.14"]
+        python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
 
     steps:
     - name: Checkout code

pyproject.toml

@@ -3,20 +3,20 @@ authors = [
     {name = "dbt Labs", email = "info@dbtlabs.com"},
 ]
 license = {text = "Apache License 2.0"}
-requires-python = ">=3.9"
+requires-python = ">=3.10"
 dependencies = [
     "click<9.0.0,>=8.1.3",
-    "requests<3.0.0,>=2.32.0",
+    "requests<3.0.0,>=2.33.0",
     "loguru<1.0.0,>=0.6.0",
-    "deepdiff>=8.6.1,<9.0.0",
+    "deepdiff>=8.6.2,<9.0.0",
     "pydantic<3.0.0,>=2.12.0",
     "croniter<2.0.0,>=1.3.8",
     "ruamel-yaml<1.0.0,>=0.17.21",
     "rich>=12.6.0",
     "PyYAML<7.0.0,>=6.0.1",
     "python-dateutil<3.0,>=2.9",
     "beartype<1.0.0,>=0.18.5",
-    "jinja2>=3.1.5,<4.0.0",
+    "jinja2>=3.1.6,<4.0.0",
     "importlib-metadata<7,>=6.0",
 ]
 name = "dbt-jobs-as-code"
@@ -40,7 +40,7 @@ dev = [
     "jsonschema<5.0.0,>=4.17.3",
     "rpds-py>=0.27.0",  # Required for Python 3.14 support
     "pytest-mock>=3.14.0",
-    "pytest<8.0.0,>=7.2.0",
+    "pytest<10.0.0,>=9.0.3",
     "pytest-beartype<1.0.0,>=0.0.2",
     "pytest-cov<6.0.0,>=5.0.0",
     "pre-commit",