Wagtail 7.3 maintenance + tooling updates (#164)

* Update testing for Python 3.14 and Wagtail 7.2, drop Python 3.9 and Wagtail 7.1
* Update testing to support Wagtail 7.3
* Update CHANGELOG.md
* Bump ruff version
* Bump action versions, and pin to commits

---------

Co-authored-by: nickmoreton <nickmoreton@me.com>
Co-authored-by: Katherine Domingo <katherine.domingo@torchbox.com>
Co-authored-by: Kat <katdom13@gmail.com>
Co-authored-by: Dan Braghiș <31622+zerolab@users.noreply.github.com>

Author: 3 people

.github/workflows/ci.yml

@@ -18,7 +18,7 @@ env:
   TOX_TESTENV_PASSENV: FORCE_COLOR
   PIP_DISABLE_PIP_VERSION_CHECK: "1"
   PIP_NO_PYTHON_VERSION_WARNING: "1"
-  PYTHON_LATEST: "3.13"
+  PYTHON_LATEST: "3.14"
 
 jobs:
   tests:
@@ -27,11 +27,11 @@ jobs:
 
     strategy:
       matrix:
-        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
+        python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@v2
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594  # v2.16.0
         with:
           disable-sudo: true
           egress-policy: block
@@ -41,11 +41,11 @@ jobs:
             github.com:443
             pypi.org:443
             api.github.com:443
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
         with:
           persist-credentials: false
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6.2.0
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -57,7 +57,7 @@ jobs:
         run: tox
 
       - name: ⬆️ Upload coverage data
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         with:
           name: coverage-data-${{ matrix.python-version }}
           path: .coverage.*
@@ -71,7 +71,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@v2
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594  # v2.16.0
         with:
           disable-sudo: true
           egress-policy: block
@@ -81,18 +81,18 @@ jobs:
             github.com:443
             pypi.org:443
             api.github.com:443
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
         with:
           persist-credentials: false
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6.2.0
         with:
           # Use latest Python, so it understands all syntax.
           python-version: ${{env.PYTHON_LATEST}}
 
       - run: python -Im pip install --upgrade coverage
 
       - name: Download coverage data
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c  # v8.0.1
         with:
           pattern: coverage-data-*
           merge-multiple: true
@@ -105,7 +105,7 @@ jobs:
           echo "## Coverage summary" >> $GITHUB_STEP_SUMMARY
           python -Im coverage report --format=markdown >> $GITHUB_STEP_SUMMARY
       - name: 📈 Upload HTML report if check failed.
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         with:
           name: html-report
           path: htmlcov

.github/workflows/codeql-analysis.yml

@@ -21,16 +21,28 @@ jobs:
         language: [ 'javascript', 'python' ]
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-      with:
-        persist-credentials: false
+      - name: Harden Runner
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594  # v2.16.0
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            files.pythonhosted.org:443
+            objects.githubusercontent.com:443
+            github.com:443
+            pypi.org:443
+            api.github.com:443
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      with:
-        languages: ${{ matrix.language }}
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
+        with:
+          persist-credentials: false
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v4
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v4

.github/workflows/nightly-tests.yaml

@@ -15,13 +15,13 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
         with:
           persist-credentials: false
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6.2.0
         with:
-          python-version: "3.13"
+          python-version: "3.14"
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip tox

.github/workflows/publish.yml

@@ -11,14 +11,14 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
         with:
           persist-credentials: false
           fetch-depth: 0
 
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6.2.0
         with:
-          python-version: '3.13'
+          python-version: '3.14'
           cache: "pip"
           cache-dependency-path: "**/pyproject.toml"
 
@@ -30,7 +30,7 @@ jobs:
       - name: 🏗️ Build
         run: python -Im flit build
 
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         with:
           path: ./dist
 
@@ -45,10 +45,10 @@ jobs:
       # Mandatory for trusted publishing
       id-token: write
     steps:
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c  # v8.0.1
 
       - name: 🚀 Publish package distributions to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
+        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e  # v1.13.0
         with:
           packages-dir: artifact/
           print-hash: true

.github/workflows/ruff.yml

@@ -13,15 +13,15 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
         with:
           persist-credentials: false
       - name: Install Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6.2.0
         with:
-          python-version: "3.13"
+          python-version: "3.14"
       - name: Install dependencies
         # keep in sync with .pre-commit-config.yaml
-        run: python -Im pip install --user ruff==0.13.3
+        run: python -Im pip install ruff==0.15.8
       - name: Run Ruff
         run: ruff check --output-format=github ./src/wagtailmarkdown

.pre-commit-config.yaml

@@ -7,7 +7,7 @@ default_language_version:
 
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v5.0.0
+    rev: v6.0.0
     hooks:
       - id: check-added-large-files
       - id: check-case-conflict
@@ -20,7 +20,7 @@ repos:
       - id: end-of-file-fixer
       - id: trailing-whitespace
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: 'v0.13.3'  # keep in sync with .github/workflows/ruff.yml
+    rev: 'v0.15.8'  # keep in sync with .github/workflows/ruff.yml
     hooks:
       - id: ruff
         args: [ --fix, --exit-non-zero-on-fix ]

CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## [Unreleased]
+
+## Changed
+
+- Updated minimum Python requirement to 3.10
+- Added Wagtail 7.3 and Python 3.14 to test matrix
+- Dropped Python 3.9 and Wagtail 7.1 from test matrix
+
 ## [0.13.0] - 2025-10-06
 
 - Added support Wagtail 7.1, Django 5.2 (@damwaingames)

pyproject.toml

@@ -14,11 +14,11 @@ classifiers = [
     "License :: OSI Approved :: zlib/libpng License",
     "Programming Language :: Python",
     "Programming Language :: Python :: 3",
-    "Programming Language :: Python :: 3.9",
     "Programming Language :: Python :: 3.10",
     "Programming Language :: Python :: 3.11",
     "Programming Language :: Python :: 3.12",
     "Programming Language :: Python :: 3.13",
+    "Programming Language :: Python :: 3.14",
     "Framework :: Django",
     "Framework :: Django :: 4.2",
     "Framework :: Django :: 5.1",
@@ -29,7 +29,7 @@ classifiers = [
 ]
 
 dynamic = ["version"]
-requires-python = ">=3.9"
+requires-python = ">=3.10"
 dependencies = [
     "Wagtail>=6.3",
     "Markdown>=3.3,<4",

src/wagtailmarkdown/mdx/inlinepatterns.py

@@ -1,4 +1,4 @@
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING
 
 from django.apps import apps
 from django.core.exceptions import MultipleObjectsReturned, ObjectDoesNotExist
@@ -46,7 +46,7 @@ class ObjectLookupNegotiator:
     MEDIA_PREFIX = "media:"
 
     @staticmethod
-    def retrieve_page(lookup_field_value) -> Optional[Page]:
+    def retrieve_page(lookup_field_value) -> Page | None:
         try:
             return Page.objects.get(pk=lookup_field_value)
         except (Page.DoesNotExist, Page.MultipleObjectsReturned):
@@ -140,7 +140,7 @@ def getLink(self, data, index):
 class ImageExtension(Extension):
     def __init__(
         self,
-        object_lookup_negotiator: Optional[ObjectLookupNegotiator] = None,
+        object_lookup_negotiator: ObjectLookupNegotiator | None = None,
         **kwargs,
     ):
         self.object_lookup_negotiator = (
@@ -163,7 +163,7 @@ def extendMarkdown(self, md: "Markdown") -> None:
 class LinkExtension(Extension):
     def __init__(
         self,
-        object_lookup_negotiator: Optional[ObjectLookupNegotiator] = None,
+        object_lookup_negotiator: ObjectLookupNegotiator | None = None,
         **kwargs,
     ):
         self.object_lookup_negotiator = (

tox.ini

@@ -2,17 +2,17 @@
 min_version = 4.22
 
 envlist =
-    py{39}-django42-wagtail{63}
+    py{310}-django42-wagtail{63}
     py{310,311}-django{51}-wagtail{70}
-    py{312,313}-django{52}-wagtail{71}
+    py{312,313,314}-django{52}-wagtail{73}
 
 [gh-actions]
 python =
-    3.9: py39
     3.10: py310
     3.11: py311
     3.12: py312
     3.13: py313
+    3.14: py314
 
 [testenv]
 package = editable
@@ -26,7 +26,7 @@ setenv =
     PYTHONDEVMODE = 1
     # use the Python 3.12+ sys.monitoring
     py3.12: COVERAGE_CORE=sysmon
-    py3.13: COVERAGE_CORE=sysmon
+    py3.14: COVERAGE_CORE=sysmon
 
 extras = testing
 
@@ -37,7 +37,7 @@ deps =
 
     wagtail63: wagtail>=6.3,<6.4
     wagtail70: wagtail>=7.0,<7.1
-    wagtail71: wagtail>=7.1,<7.2
+    wagtail73: wagtail>=7.3,<7.4
 
 install_command = python -m pip install -U {opts} {packages}
 commands =