deps: bump msgpack requirement to 1.0.4

In this patch we bump msgpack requirement since version 1.0.4 has
various vulnerability fixes (for example, [1]). Since the code is still
compatible with msgpack-python and older msgpack, tests are not removed
in this patch.

1. msgpack/msgpack-python#153

Author: DifferentialOrange

.github/workflows/testing.yml

@@ -53,7 +53,7 @@ jobs:
             msgpack-deps: 'msgpack==0.6.2'
           - tarantool: '2.8'
             python: '3.10'
-            msgpack-deps: 'msgpack==1.0.0'
+            msgpack-deps: 'msgpack==1.0.4'
 
     steps:
       - name: Clone the connector
@@ -81,12 +81,13 @@ jobs:
         run: |
           pip install ${{ matrix.msgpack-deps }}
 
-      - name: Install specific version of msgpack-python package
-        # msgpack package is a replacement for deprecated msgpack-python.
-        # To test compatibility with msgpack-python we must ignore
-        # requirements.txt install of msgpack package by overwriting it
-        # with sed.
-        if: startsWith(matrix.msgpack-deps, 'msgpack-python==') == true
+      - name: Install specific version of msgpack package
+        # We want to enforce using modern msgpack since it has
+        # various vulnerability fixes. But the code is compatible
+        # with older msgpack versions and msgpack-python package.
+        # To this test compatibility  we must ignore requirements.txt
+        # install of the newer msgpack package by overwriting it with sed.
+        if: matrix.msgpack-deps != ''
         run: |
           pip install ${{ matrix.msgpack-deps }}
           sed -i -e "s/^msgpack.*$/${{ matrix.msgpack-deps }}/" requirements.txt

requirements.txt

@@ -1 +1 @@
-msgpack>=0.4.0
+msgpack>=1.0.4

setup.py

@@ -83,7 +83,7 @@ def find_version(*file_paths):
     cmdclass=cmdclass,
     command_options=command_options,
     install_requires=[
-        'msgpack>=0.4.0',
+        'msgpack>=1.0.4',
     ],
     python_requires='>=3',
 )