build: bump poetry to 2.3.4 and consolidate SDK workflows

[josema-xyz]

Context

Bumps Poetry to 2.3.4 across the project and consolidates SDK GitHub workflows onto the existing setup-python-poetry composite action so there's one place to change the Poetry version, and gates lockfile regeneration so only workflows that need it (API) re-lock in CI.

Description

• Migrate 6 SDK workflows to use ./.github/actions/setup-python-poetry (removes 7 hardcoded poetry==2.1.1 pins).
• Bump Poetry to 2.3.4 in the composite action default, .pre-commit-config.yaml, Dockerfile, api/Dockerfile, and .readthedocs.yaml.
• Regenerate poetry.lock and api/poetry.lock with 2.3.4.
• Drop deprecated License :: OSI Approved :: Apache Software License classifier (redundant with PEP 639 license = "Apache-2.0").
• Update AGENTS.md and prowler/AGENTS.md to say Poetry 2.3+.
• Gate poetry lock in the composite action behind a new opt-in update-lock input (default false). SDK workflows stop re-locking in CI; api-tests, api-code-quality, api-security opt in via update-lock: 'true' to preserve the existing @master VCS rewrite flow.

Steps to review

Create local virtual environments and Docker images. In CI logs confirm SDK workflows skip the Update poetry.lock step while API workflows still run it.

Checklist

• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the README.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

SDK/CLI

• Are there new checks included in this PR? No.

API

• All issue/task requirements work as expected on the API
• Endpoint response output (if applicable)
• EXPLAIN ANALYZE output for new/modified queries or indexes (if applicable)
• Performance test results (if applicable)
• Any other relevant evidence of the implementation (if applicable)
• Verify if API specs need to be regenerated.
• Check if version updates are required (e.g., specs, Poetry, etc.).
• Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[github-actions]

✅ All necessary CHANGELOG.md files have been updated.

[Copilot]

Pull request overview

Updates the project’s Poetry tooling to a single, shared source of truth and migrates SDK CI workflows to use the existing setup-python-poetry composite action.

Changes:

• Bump Poetry to 2.3.4 across CI, Docker, ReadTheDocs, and pre-commit.
• Consolidate multiple SDK GitHub workflows onto ./.github/actions/setup-python-poetry.
• Refresh lockfiles and documentation, and remove a deprecated license trove classifier.

Reviewed changes

Copilot reviewed 16 out of 18 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
pyproject.toml	Removes deprecated license classifier entry.
prowler/CHANGELOG.md	Notes Poetry bump + workflow consolidation in SDK changelog.
prowler/AGENTS.md	Updates documented Poetry requirement to 2.3+.
api/Dockerfile	Pins Poetry install to 2.3.4 for API container builds.
api/CHANGELOG.md	Adds unreleased entry documenting Poetry bump + lock regeneration.
Dockerfile	Pins Poetry install to 2.3.4 for SDK container builds.
AGENTS.md	Updates project overview tech stack to specify Poetry 2.3+.
.readthedocs.yaml	Pins Poetry install to 2.3.4 for docs builds.
.pre-commit-config.yaml	Updates Poetry hook rev to 2.3.4.
.github/workflows/sdk-tests.yml	Migrates SDK tests workflow to composite action.
.github/workflows/sdk-security.yml	Migrates SDK security workflow to composite action.
.github/workflows/sdk-pypi-release.yml	Migrates SDK publish workflow to composite action (deps install disabled).
.github/workflows/sdk-container-build-push.yml	Migrates container workflow to composite action (deps install disabled).
.github/workflows/sdk-code-quality.yml	Migrates SDK lint workflow to composite action.
.github/workflows/prepare-release.yml	Migrates release-prep workflow to composite action (deps install disabled).
.github/actions/setup-python-poetry/action.yml	Updates default Poetry version to 2.3.4.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

🔒 Container Security Scan

Image: prowler:c2bd94f
Last scan: 2026-04-14 11:05:16 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	4
Total	4

4 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[github-actions]

🔒 Container Security Scan

Image: prowler-api:c2bd94f
Last scan: 2026-04-14 11:06:02 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	5
Total	5

4 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.61%. Comparing base (65e9593) to head (a92ae5e).
⚠️ Report is 6 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff             @@
##           master   #10681       +/-   ##
===========================================
+ Coverage   19.19%   93.61%   +74.41%     
===========================================
  Files         845      227      -618     
  Lines       24090    31923     +7833     
===========================================
+ Hits         4625    29884    +25259     
+ Misses      19465     2039    -17426     

Flag	Coverage Δ
api	93.61% <ø> (?)
prowler-py3.10-aws	?
prowler-py3.11-aws	?
prowler-py3.12-aws	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
prowler	∅ <ø> (∅)
api	93.61% <ø> (∅)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.