chore: update dependencies and add support for Python 3.11

[jansegre]

Test run of the docker image build: https://github.com/jansegre/hathor-core/actions/runs/3489935997/jobs/5840702121

Acceptance criteria

• All dependencies should be updated to the latest release that doesn't cause significant disruption;
• In particular, also update python-hathorlib to v0.3.0;
• Python 3.11 should be added to build/test workflows;
• A test run for the changes on the docker CI should be successful;
• Minor typing/docs adjustments should be made according to what changed and what the updated linters caught;

TODO

List of direct updates to verify

• flake8 "~4.0.1" -> "~6.0.0" diff
• mypy "^0.950" -> "^0.981" diff
• pytest "~7.1.2" -> "~7.2.0" diff
• pytest-cov "~3.0.0" -> "~4.0.0" diff
• types-requests "=2.27.25" -> "=2.28.11.4" can't compare
• types-pyopenssl "=22.0.3" -> "=22.1.0.2" can't compare
• twisted "~22.4.0" -> "~22.10.0" diff
• autobahn "~22.4.2" -> "~22.7.1" diff
• colorama "~0.4.4" -> "~0.4.6" diff
• graphviz "~0.20" -> "~0.20.1" diff
• ipython "~8.4.0" -> "~8.7.0" diff
• prometheus_client "~0.14.1" -> "~0.15.0" diff
• pyopenssl "=22.0.0" -> "=22.1.0" diff
• pywin32 "304" -> "305" diff
• requests "=2.27.1" -> "=2.28.1" diff
• structlog "~21.5.0" -> "~22.3.0" diff
• aiohttp "~3.8.1" -> "~3.8.3" diff
• idna "~3.3" -> "~3.4" diff
• hathorlib "0.2.0" -> "0.3.0" diff

[codecov]

Codecov Report

Merging #515 (8d3b568) into dev (aaea868) will decrease coverage by 0.47%.
The diff coverage is 95.65%.

@@            Coverage Diff             @@
##              dev     #515      +/-   ##
==========================================
- Coverage   83.27%   82.79%   -0.48%     
==========================================
  Files         186      197      +11     
  Lines       16864    18092    +1228     
  Branches     2640     2559      -81     
==========================================
+ Hits        14043    14979     +936     
- Misses       2329     2551     +222     
- Partials      492      562      +70     

Impacted Files	Coverage Δ
hathor/merged_mining/coordinator.py	42.85% <ø> (ø)
hathor/transaction/storage/cache_storage.py	94.16% <0.00%> (ø)
hathor/wallet/hd_wallet.py	99.05% <ø> (ø)
hathor/wallet/resources/thin_wallet/send_tokens.py	68.51% <0.00%> (ø)
hathor/builder.py	74.71% <100.00%> (+1.32%)	⬆️
hathor/manager.py	70.38% <100.00%> (ø)
hathor/p2p/protocol.py	92.63% <100.00%> (ø)
hathor/simulator/simulator.py	92.41% <100.00%> (+0.10%)	⬆️
hathor/stratum/stratum.py	69.32% <100.00%> (ø)
hathor/transaction/storage/transaction_storage.py	89.97% <100.00%> (-0.33%)	⬇️
... and 16 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[msbrogli]

.

[msbrogli]

@jansegre and I did a quick review of all packages' diffs, except types-requests and types-pyopenssl. Some diffs are quite simples and straightforward to be reviewed (e.g., graphviz), but some are too large and complex to do it properly (e.g., twisted, mypy). We noted that some projects have applied linters, so many changes are just adjusting code style.

The quick review consisted of looking through the changes for about a minute per project. So, we couldn't in fact assess whether some supply-chain attack was there. In fact, reviewing the diffs are just one step to avoid supply-chain attacks. For more information, see https://github.com/HathorNetwork/internal-issues/issues/140.

I feel that the following packages' diffs were better reviewed and there's nothing there to be concerned:

• pytest-cov
• autobahn
• colorama
• graphviz
• prometheus_client
• pyopenssl
• requests
• aiohttp
• idna
• hathorlib