From 4f84cf320662a3504313c42edc090439263b063b Mon Sep 17 00:00:00 2001 From: Shashank K S Date: Tue, 28 Oct 2025 22:08:05 +0530 Subject: [PATCH 1/7] Renovate Updates --- pyproject.toml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index c2808a4c731..f14d59ae139 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [project] name = "detection_rules" -version = "1.5.5" +version = "1.5.6" description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine." readme = "README.md" requires-python = ">=3.12" @@ -19,12 +19,12 @@ classifiers = [ "Topic :: Utilities" ] dependencies = [ - "Click~=8.1.7", + "Click~=8.3.0", "elasticsearch~=8.12.1", "eql==0.9.19", "jsl==0.2.4", "jsonschema>=4.21.1", - "marko==2.0.3", + "marko==2.2.1", "marshmallow-dataclass==8.7.1", "marshmallow-jsonschema~=0.13.0", "marshmallow-union~=0.1.15", @@ -39,19 +39,19 @@ dependencies = [ "typing-extensions>=4.12", "XlsxWriter~=3.2.0", "semver==3.0.4", - "PyGithub==2.2.0", + "PyGithub==2.8.1", "detection-rules-kql @ git+https://github.com/elastic/detection-rules.git#subdirectory=lib/kql", "detection-rules-kibana @ git+https://github.com/elastic/detection-rules.git#subdirectory=lib/kibana", "setuptools==78.1.1" ] [project.optional-dependencies] dev = [ - "pep8-naming==0.13.0", - "flake8==7.0.0", - "pyflakes==3.2.0", + "pep8-naming==0.15.1", + "flake8==7.3.0", + "pyflakes==3.4.0", "pytest>=8.1.1", - "nodeenv==1.8.0", - "pre-commit==3.6.2", + "nodeenv==1.9.1", + "pre-commit==3.8.0", "ruff>=0.11", "pyright>=1.1", ] From 09be57ec2efce648e45b70896180d78952b627fe Mon Sep 17 00:00:00 2001 From: Shashank K S Date: Tue, 28 Oct 2025 23:11:22 +0530 Subject: [PATCH 2/7] Trigger code checks --- tests/test_gh_workflows.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_gh_workflows.py b/tests/test_gh_workflows.py index 114ca7642ee..76bcd9fe165 100644 --- a/tests/test_gh_workflows.py +++ b/tests/test_gh_workflows.py @@ -3,7 +3,7 @@ # 2.0; you may not use this file except in compliance with the Elastic License # 2.0. -"""Tests for GitHub workflow functionality.""" +"""Tests for GitHub workflow functionality. """ import unittest From 652a7d476d1972fc54ff47f6609ffedbde98b0a9 Mon Sep 17 00:00:00 2001 From: Shashank K S Date: Tue, 28 Oct 2025 23:13:28 +0530 Subject: [PATCH 3/7] Revert --- tests/test_gh_workflows.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_gh_workflows.py b/tests/test_gh_workflows.py index 76bcd9fe165..114ca7642ee 100644 --- a/tests/test_gh_workflows.py +++ b/tests/test_gh_workflows.py @@ -3,7 +3,7 @@ # 2.0; you may not use this file except in compliance with the Elastic License # 2.0. -"""Tests for GitHub workflow functionality. """ +"""Tests for GitHub workflow functionality.""" import unittest From 515e6badb6d4519068a884e8bf3383f7d11a4f14 Mon Sep 17 00:00:00 2001 From: Shashank K S Date: Wed, 29 Oct 2025 13:11:53 +0530 Subject: [PATCH 4/7] Trigger code checks --- detection_rules/ghwrap.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/detection_rules/ghwrap.py b/detection_rules/ghwrap.py index aad7daf5ab2..0a8be0a8c83 100644 --- a/detection_rules/ghwrap.py +++ b/detection_rules/ghwrap.py @@ -3,7 +3,7 @@ # 2.0; you may not use this file except in compliance with the Elastic License # 2.0. -"""Schemas and dataclasses for GitHub releases.""" +"""Schemas and dataclasses for GitHub releases""" import dataclasses import hashlib From 0972920ac2593076cc2f79a4ca245c86757089f9 Mon Sep 17 00:00:00 2001 From: Shashank K S Date: Wed, 29 Oct 2025 13:18:19 +0530 Subject: [PATCH 5/7] Fix code checks --- detection_rules/cli_utils.py | 2 +- detection_rules/ghwrap.py | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/detection_rules/cli_utils.py b/detection_rules/cli_utils.py index 27201bd63f9..ec7a2ca2322 100644 --- a/detection_rules/cli_utils.py +++ b/detection_rules/cli_utils.py @@ -375,7 +375,7 @@ def rule_prompt( # noqa: PLR0912, PLR0913, PLR0915 # if failing due to a query, loop until resolved or terminated while True: try: - contents["query"] = click.edit(contents["query"], extension=".eql") + contents["query"] = click.edit(contents["query"], extension=".eql") # type: ignore rule = TOMLRule( path=Path(path), contents=TOMLRuleContents.from_dict({"rule": contents, "metadata": meta}), diff --git a/detection_rules/ghwrap.py b/detection_rules/ghwrap.py index 0a8be0a8c83..a026a12ad27 100644 --- a/detection_rules/ghwrap.py +++ b/detection_rules/ghwrap.py @@ -3,7 +3,7 @@ # 2.0; you may not use this file except in compliance with the Elastic License # 2.0. -"""Schemas and dataclasses for GitHub releases""" +"""Schemas and dataclasses for GitHub releases.""" import dataclasses import hashlib @@ -35,7 +35,7 @@ def get_gh_release(repo: Repository, release_name: str | None = None, tag_name: releases = repo.get_releases() for release in releases: - if (release_name and release_name == release.title) or (tag_name and tag_name == release.tag_name): + if (release_name and release_name == release.name) or (tag_name and tag_name == release.tag_name): return release return None @@ -211,7 +211,7 @@ def __init__( raise ValueError(f"No release found for {tag_name or release_name}") if not self.release_name: - self.release_name = self.release.title + self.release_name = self.release.name self.manifest_name = f"manifest-{self.release_name}.json" self.assets = self._get_enriched_assets_from_release() From 9ab2f2c1d130c98ca399863960f937977b7afe74 Mon Sep 17 00:00:00 2001 From: Shashank K S Date: Wed, 29 Oct 2025 13:24:05 +0530 Subject: [PATCH 6/7] Fix code checks --- detection_rules/cli_utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/detection_rules/cli_utils.py b/detection_rules/cli_utils.py index ec7a2ca2322..47370ecd625 100644 --- a/detection_rules/cli_utils.py +++ b/detection_rules/cli_utils.py @@ -375,7 +375,7 @@ def rule_prompt( # noqa: PLR0912, PLR0913, PLR0915 # if failing due to a query, loop until resolved or terminated while True: try: - contents["query"] = click.edit(contents["query"], extension=".eql") # type: ignore + contents["query"] = click.edit(contents["query"], extension=".eql") # type: ignore[reportUnknownArgumentType] rule = TOMLRule( path=Path(path), contents=TOMLRuleContents.from_dict({"rule": contents, "metadata": meta}), From 0122b7258638cb39fa4dc5f881ebcfc9cc0f47e6 Mon Sep 17 00:00:00 2001 From: Shashank K S Date: Wed, 29 Oct 2025 13:25:57 +0530 Subject: [PATCH 7/7] Fix code checks --- detection_rules/cli_utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/detection_rules/cli_utils.py b/detection_rules/cli_utils.py index 47370ecd625..d58e8732890 100644 --- a/detection_rules/cli_utils.py +++ b/detection_rules/cli_utils.py @@ -375,7 +375,7 @@ def rule_prompt( # noqa: PLR0912, PLR0913, PLR0915 # if failing due to a query, loop until resolved or terminated while True: try: - contents["query"] = click.edit(contents["query"], extension=".eql") # type: ignore[reportUnknownArgumentType] + contents["query"] = click.edit(contents["query"], extension=".eql") # type: ignore[reportUnknownArgumentType] rule = TOMLRule( path=Path(path), contents=TOMLRuleContents.from_dict({"rule": contents, "metadata": meta}),