chore(deps): bump yara-python from 4.2.3 to 4.3.1 #13465

dependabot · 2023-04-21T10:05:11Z

Bumps yara-python from 4.2.3 to 4.3.1.

Release notes

v4.3.1

Upgrade to YARA 4.3.1 (release notes)

v4.3.0

Important note: This release introduces backward incompatible changes to the yara-python API.

Specifically, the strings field in the yara.Match object has changed from an array of tuples (<offset>, <string identifier>, <string data>) to an array of yara.StringMatch objects. If your program iterates over the matched strings you will need to update your program accordingly.

Commits

37dcb76 Bump version number to 4.3.1
c701060 Upgrade yara submodule to version 4.3.1
7e29f65 Add python 3.11 and don't generate .msi files (#235)
aa29ae2 Update example in README.
39ca6d3 Bump version number to 4.3.0
e1175e2 Update YARA submodule.
4863e25 Upgrade YARA submodule
af50c40 Remove --enable-dotnet argument while building yara-python in Appveyor.
d61262b Always enable the dotnet module. (#222)
3a6a633 Don't build with Python 3.11.
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

di · 2023-04-24T20:25:04Z

This has legitimate test failures which will need updated.

closes #13620 chore(deps): bump pyjwt[crypto] from 2.6.0 to 2.7.0 dependabot/pip/pyjwt-crypto--2.7.0 closes #13619 chore(deps): bump docutils from 0.19 to 0.20 dependabot/pip/docutils-0.20 closes #13618 chore(deps): bump ddtrace from 1.12.3 to 1.13.0 dependabot/pip/ddtrace-1.13.0 closes #13616 chore(deps): bump types-redis from 4.5.4.1 to 4.5.5.0 dependabot/pip/types-redis-4.5.5.0 closes #13612 chore(deps): bump protobuf from 4.22.3 to 4.23.0 dependabot/pip/protobuf-4.23.0 closes #13611 chore(deps): bump sentry-sdk from 1.21.1 to 1.22.2 dependabot/pip/sentry-sdk-1.22.2 closes #13609 chore(deps): bump faker from 18.6.1 to 18.7.0 dependabot/pip/faker-18.7.0 closes #13604 chore(deps): bump types-requests from 2.29.0.0 to 2.30.0.0 dependabot/pip/types-requests-2.30.0.0 closes #13603 chore(deps): bump certifi from 2022.12.7 to 2023.5.7 dependabot/pip/certifi-2023.5.7 closes #13602 chore(deps): bump orjson from 3.8.11 to 3.8.12 dependabot/pip/orjson-3.8.12 closes #13600 chore(deps): bump types-awscrt from 0.16.16 to 0.16.17 dependabot/pip/types-awscrt-0.16.17 closes #13598 chore(deps): bump pyupgrade from 3.3.2 to 3.4.0 dependabot/pip/pyupgrade-3.4.0 closes #13588 chore(deps): bump hiredis from 2.2.2 to 2.2.3 dependabot/pip/hiredis-2.2.3 closes #13587 chore(deps): bump google-cloud-storage from 2.8.0 to 2.9.0 dependabot/pip/google-cloud-storage-2.9.0 closes #13586 chore(deps): bump types-s3transfer from 0.6.0.post7 to 0.6.1 dependabot/pip/types-s3transfer-0.6.1 closes #13584 chore(deps): bump webauthn from 1.8.0 to 1.8.1 dependabot/pip/webauthn-1.8.1 closes #13583 chore(deps): bump github-reserved-names from 1.0.1 to 2023.5.1 dependabot/pip/github-reserved-names-2023.5.1 closes #13582 chore(deps): bump s3transfer from 0.6.0 to 0.6.1 dependabot/pip/s3transfer-0.6.1 closes #13580 chore(deps): bump requests from 2.28.2 to 2.30.0 dependabot/pip/requests-2.30.0 closes #13573 chore(deps): bump requests-aws4auth from 1.2.2 to 1.2.3 dependabot/pip/requests-aws4auth-1.2.3 closes #13465 chore(deps): bump yara-python from 4.2.3 to 4.3.1 dependabot/pip/yara-python-4.3.1 closes #13449 chore(deps): bump pygments from 2.14.0 to 2.15.1 dependabot/pip/pygments-2.15.1 closes #13437 chore(deps): bump soupsieve from 2.4 to 2.4.1 dependabot/pip/soupsieve-2.4.1 closes #13274 chore(deps): bump typeguard from 2.13.3 to 3.0.2 dependabot/pip/typeguard-3.0.2 closes #13198 chore(deps): bump urllib3 from 1.26.14 to 1.26.15 dependabot/pip/urllib3-1.26.15

closes #13620 chore(deps): bump pyjwt[crypto] from 2.6.0 to 2.7.0 dependabot/pip/pyjwt-crypto--2.7.0 closes #13618 chore(deps): bump ddtrace from 1.12.3 to 1.13.0 dependabot/pip/ddtrace-1.13.0 closes #13616 chore(deps): bump types-redis from 4.5.4.1 to 4.5.5.0 dependabot/pip/types-redis-4.5.5.0 closes #13612 chore(deps): bump protobuf from 4.22.3 to 4.23.0 dependabot/pip/protobuf-4.23.0 closes #13611 chore(deps): bump sentry-sdk from 1.21.1 to 1.22.2 dependabot/pip/sentry-sdk-1.22.2 closes #13609 chore(deps): bump faker from 18.6.1 to 18.7.0 dependabot/pip/faker-18.7.0 closes #13604 chore(deps): bump types-requests from 2.29.0.0 to 2.30.0.0 dependabot/pip/types-requests-2.30.0.0 closes #13603 chore(deps): bump certifi from 2022.12.7 to 2023.5.7 dependabot/pip/certifi-2023.5.7 closes #13602 chore(deps): bump orjson from 3.8.11 to 3.8.12 dependabot/pip/orjson-3.8.12 closes #13600 chore(deps): bump types-awscrt from 0.16.16 to 0.16.17 dependabot/pip/types-awscrt-0.16.17 closes #13598 chore(deps): bump pyupgrade from 3.3.2 to 3.4.0 dependabot/pip/pyupgrade-3.4.0 closes #13588 chore(deps): bump hiredis from 2.2.2 to 2.2.3 dependabot/pip/hiredis-2.2.3 closes #13587 chore(deps): bump google-cloud-storage from 2.8.0 to 2.9.0 dependabot/pip/google-cloud-storage-2.9.0 closes #13586 chore(deps): bump types-s3transfer from 0.6.0.post7 to 0.6.1 dependabot/pip/types-s3transfer-0.6.1 closes #13584 chore(deps): bump webauthn from 1.8.0 to 1.8.1 dependabot/pip/webauthn-1.8.1 closes #13583 chore(deps): bump github-reserved-names from 1.0.1 to 2023.5.1 dependabot/pip/github-reserved-names-2023.5.1 closes #13582 chore(deps): bump s3transfer from 0.6.0 to 0.6.1 dependabot/pip/s3transfer-0.6.1 closes #13580 chore(deps): bump requests from 2.28.2 to 2.30.0 dependabot/pip/requests-2.30.0 closes #13573 chore(deps): bump requests-aws4auth from 1.2.2 to 1.2.3 dependabot/pip/requests-aws4auth-1.2.3 closes #13465 chore(deps): bump yara-python from 4.2.3 to 4.3.1 dependabot/pip/yara-python-4.3.1 closes #13449 chore(deps): bump pygments from 2.14.0 to 2.15.1 dependabot/pip/pygments-2.15.1 closes #13437 chore(deps): bump soupsieve from 2.4 to 2.4.1 dependabot/pip/soupsieve-2.4.1 closes #13274 chore(deps): bump typeguard from 2.13.3 to 3.0.2 dependabot/pip/typeguard-3.0.2 closes #13198 chore(deps): bump urllib3 from 1.26.14 to 1.26.15 dependabot/pip/urllib3-1.26.15

ewdurbin · 2023-05-10T13:58:24Z

blocked on:

Important note: This release introduces backward incompatible changes to the yara-python API.

Specifically, the strings field in the yara.Match object has changed from an array of tuples (, , ) to an array of yara.StringMatch objects. If your program iterates over the matched strings you will need to update your program accordingly.

Ref: https://github.com/pypi/warehouse/blob/main/warehouse/malware/checks/setup_patterns/check.py#L92

Bumps [yara-python](https://github.com/VirusTotal/yara-python) from 4.2.3 to 4.3.1. - [Release notes](https://github.com/VirusTotal/yara-python/releases) - [Commits](VirusTotal/yara-python@v4.2.3...v4.3.1) --- updated-dependencies: - dependency-name: yara-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

ewdurbin · 2023-05-23T13:19:55Z

we dropped yara-python as a dep in #13647

dependabot · 2023-05-23T13:19:57Z

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot bot requested a review from a team as a code owner April 21, 2023 10:05

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 21, 2023

dependabot bot mentioned this pull request Apr 21, 2023

chore(deps): bump yara-python from 4.2.3 to 4.3.0 #13308

Closed

dependabot bot force-pushed the dependabot/pip/yara-python-4.3.1 branch from b2fc76b to e60a18d Compare April 24, 2023 10:09

dependabot bot force-pushed the dependabot/pip/yara-python-4.3.1 branch 2 times, most recently from bc2f159 to c3a1a96 Compare April 27, 2023 10:05

dependabot bot force-pushed the dependabot/pip/yara-python-4.3.1 branch 5 times, most recently from c44c4af to ce5a4fe Compare May 9, 2023 10:07

ewdurbin mentioned this pull request May 10, 2023

Combined deps #13621

Merged

ewdurbin added the blocked Issues we can't or shouldn't get to yet label May 10, 2023

dependabot bot force-pushed the dependabot/pip/yara-python-4.3.1 branch from ce5a4fe to 360ab6b Compare May 15, 2023 10:05

dependabot bot force-pushed the dependabot/pip/yara-python-4.3.1 branch from 360ab6b to bb6e18e Compare May 19, 2023 10:06

ewdurbin closed this May 23, 2023

dependabot bot deleted the dependabot/pip/yara-python-4.3.1 branch May 23, 2023 13:20

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump yara-python from 4.2.3 to 4.3.1 #13465

chore(deps): bump yara-python from 4.2.3 to 4.3.1 #13465

Uh oh!

dependabot bot commented on behalf of github Apr 21, 2023 •

edited

Loading

Uh oh!

di commented Apr 24, 2023

Uh oh!

ewdurbin commented May 10, 2023

Uh oh!

ewdurbin commented May 23, 2023 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github May 23, 2023

Uh oh!

Uh oh!

chore(deps): bump yara-python from 4.2.3 to 4.3.1 #13465

chore(deps): bump yara-python from 4.2.3 to 4.3.1 #13465

Uh oh!

Conversation

dependabot bot commented on behalf of github Apr 21, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v4.3.1

v4.3.0

Uh oh!

di commented Apr 24, 2023

Uh oh!

ewdurbin commented May 10, 2023

Uh oh!

ewdurbin commented May 23, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

dependabot bot commented on behalf of github May 23, 2023

Uh oh!

Uh oh!

dependabot bot commented on behalf of github Apr 21, 2023 •

edited

Loading

ewdurbin commented May 23, 2023 •

edited

Loading