diff --git a/.github/workflows/pythonpackage.yml b/.github/workflows/pythonpackage.yml
index 23ec16a..525385a 100644
--- a/.github/workflows/pythonpackage.yml
+++ b/.github/workflows/pythonpackage.yml
@@ -1,7 +1,7 @@
 # This workflow will install Python dependencies, run tests and lint with a variety of Python versions
 # For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
 
-name: Build 3.X
+name: Build and Test
 
 on:
   push:
@@ -15,19 +15,20 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: [3.7]
+        python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
       fail-fast: false
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v5
     - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: ${{ matrix.python-version }}
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
-        python -m pip install wheel
+        python -m pip install wheel setuptools
+        python -m pip install -e ".[lint,test]"
     - name: Lint with flake8
       run: |
         python setup.py -q lint
diff --git a/.github/workflows/pythonpackage27.yml b/.github/workflows/pythonpackage27.yml
deleted file mode 100644
index 6fea0db..0000000
--- a/.github/workflows/pythonpackage27.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
-# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
-
-name: Build 2.7
-
-on:
-  push:
-    branches: [ master, feature/* ]
-  pull_request:
-    branches: [ master, feature/* ]
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-    container:
-      image: python:2.7.18-buster
-
-    steps:
-    - uses: actions/checkout@v2
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        python -m pip install wheel
-    - name: Lint with flake8
-      run: |
-        python setup.py -q lint
-    - name: Test with pytest
-      run: |
-        python setup.py -q test
diff --git a/CHANGELOG.md b/CHANGELOG.md
index d570029..b6c014a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,27 @@
 # Event Query Language - Changelog
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
+# Version 1.0.0
+
+ _Released 2025-11-17_
+
+### Changed
+
+* Updated `lark-parser` dependency to `lark>=1.3.1` (migrated from deprecated `lark-parser` package to `lark`)
+* Updated GitHub Actions workflows to use Python 3.8+ and newer action versions (`actions/checkout@v5`, `actions/setup-python@v5`)
+* Fixed compatibility issues with Lark 1.3.1:
+  * Fixed parsing of macros with empty parameter lists (e.g., `macro TRUE()`)
+  * Fixed parsing of pipes with no arguments (e.g., `| count`)
+  * Fixed `Schema.current()` to always return a valid Schema object
+* Simplified dependencies by removing Python 2.7 and Python < 3.8 compatibility code
+* Removed Python 2.7 compatibility comments and code from source files
+* Updated documentation to reflect Python 3.8+ requirement
+
+### Removed
+
+* **BREAKING**: Dropped support for Python 2.7 and Python < 3.8. The minimum required Python version is now 3.8.
+* Removed Python 2.7 GitHub Actions workflow (`.github/workflows/pythonpackage27.yml`)
+
 # Version 0.9.19
 
  _Released 2023-10-31_
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 1319f31..7d88567 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -30,9 +30,9 @@ Contributing to EQL is a simple five-step process facilitated by Git:
 * There is plenty of literature and resources out there to help you. A great place to start is [GitHub guides](https://guides.github.com/).
 
 ## Ways to contribute
-  
+
 ### Bug Fixes
-Bug fixes are a natural area to contribute. We only ask that you please use the [bug report issue](https://github.com/endgameinc/eql/issues) to track the bug. Please elaborate on how to reproduce the bug and what behavior you would have expected. Compatibility is a priority for EQL, so be sure to capture information about your operating system and version of python. 
+Bug fixes are a natural area to contribute. We only ask that you please use the [bug report issue](https://github.com/endgameinc/eql/issues) to track the bug. Please elaborate on how to reproduce the bug and what behavior you would have expected. Compatibility is a priority for EQL, so be sure to capture information about your operating system and version of python.
 
 ### Language or Engine Changes
 For any changes within the language or the evaluation engine, propose your changes in a *Feature Request* issue to start a discussion. For new functionality function, be mindful of handling different edge cases, acceptable input, etc. We are happy to collaborate on such topics and encourage you to share ideas.
@@ -49,7 +49,7 @@ Anyone is encouraged to make a PR for open issues that have a clear path forward
 * Include end-to-end tests by updating the test [data](eql/etc/test_data.json) and [queries](eql/etc/test_queries.toml). These are used as the gold standard of expected behavior, and the queries should have a list of the serial_event_id of the events, in the expected order.
 
 ### CLI
-Finally, the CLI is an area we are always looking to expand. This may include new input file types, new processing features, new tables, etc. Some shell functionality, like tab completions ANSI coloring, and history often varies across different operating systems. If possible, please test new functionality across a few different operating systems if you have access, and Python 2.7 and 3.6+. If you find any unusual behavior in the shell related to compatibility, please let us know in an issue.
+Finally, the CLI is an area we are always looking to expand. This may include new input file types, new processing features, new tables, etc. Some shell functionality, like tab completions ANSI coloring, and history often varies across different operating systems. If possible, please test new functionality across a few different operating systems if you have access, and Python 3.8+. If you find any unusual behavior in the shell related to compatibility, please let us know in an issue.
 
 ## Resources
 See the [resources page](https://eql.readthedocs.io/en/latest/resources.html) on ReadTheDocs for a full list of resources
diff --git a/README.md b/README.md
index 46ad826..dff388a 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ Since Endgame [joined forced with Elastic](https://www.elastic.co/blog/endgame-j
 
 # Getting Started
 
-The EQL module current supports Python 2.7 and 3.5+. Assuming a supported Python version is installed, run the command:
+The EQL module requires Python 3.8 or higher. Assuming a supported Python version is installed, run the command:
 
 ```console
 $ pip install eql
@@ -23,7 +23,7 @@ If Python is configured and already in the PATH, then ``eql`` will be readily av
 
 ```console
 $ eql --version
-eql 0.9
+eql 0.9.20
 ```
 
 From there, try a [sample json file](docs/_static/example.json) and test it with EQL.
diff --git a/docs/_static/eql-crash-course.slides.html b/docs/_static/eql-crash-course.slides.html
index aa56a60..2cde962 100755
--- a/docs/_static/eql-crash-course.slides.html
+++ b/docs/_static/eql-crash-course.slides.html
@@ -9181,15 +9181,15 @@
 }
 /* Flexible box model classes */
 /* Taken from Alex Russell http://infrequently.org/2009/08/css-3-progress/ */
-/* This file is a compatability layer.  It allows the usage of flexible box 
+/* This file is a compatability layer.  It allows the usage of flexible box
 model layouts accross multiple browsers, including older browsers.  The newest,
 universal implementation of the flexible box model is used when available (see
-`Modern browsers` comments below).  Browsers that are known to implement this 
+`Modern browsers` comments below).  Browsers that are known to implement this
 new spec completely include:
 
     Firefox 28.0+
     Chrome 29.0+
-    Internet Explorer 11+ 
+    Internet Explorer 11+
     Opera 17.0+
 
 Browsers not listed, including Safari, are supported via the styling under the
@@ -12571,7 +12571,7 @@
   background: #f7f7f7;
   border-top: 1px solid #cfcfcf;
   border-bottom: 1px solid #cfcfcf;
-  /* This injects handle bars (a short, wide = symbol) for 
+  /* This injects handle bars (a short, wide = symbol) for
         the resize handle. */
 }
 div#pager .ui-resizable-handle::after {
@@ -13070,7 +13070,7 @@
 .highlight .il { color: #666666 } /* Literal.Number.Integer.Long */
     </style>
 <style type="text/css">
-    
+
 /* Temporary definitions which will become obsolete with Notebook release 5.0 */
 .ansi-black-fg { color: #3E424D; }
 .ansi-black-bg { background-color: #3E424D; }
@@ -13253,7 +13253,7 @@ <h1 id="Event-Query-Language">Event Query Language<a class="anchor-link" href="#
 </div><div class="inner_cell">
 <div class="text_cell_render border-box-sizing rendered_html">
 <h2 id="Getting-Started">Getting Started<a class="anchor-link" href="#Getting-Started">&#182;</a></h2><p><a href="https://eql.readthedocs.io/en/latest/index.html#getting-started">https://eql.readthedocs.io/en/latest/index.html#getting-started</a></p>
-<p>Requires Python (confirmed with 2.7 and 3.5+)</p>
+<p>Requires Python 3.8+</p>
 <div class="highlight"><pre><span></span><span class="gp">$</span> pip install eql
 
 <span class="go">Collecting eql</span>
diff --git a/docs/cli.rst b/docs/cli.rst
index 563bfa9..20c1123 100644
--- a/docs/cli.rst
+++ b/docs/cli.rst
@@ -13,7 +13,7 @@ the console. First install Python and then use ``pip`` to install EQL.
     $ pip install eql
 
 
-For the optimal shell experience, use Python 3.6+ and install the optional dependencies for EQL:
+For the optimal shell experience, use Python 3.8+ and install the optional dependencies for EQL:
 
 .. code-block:: console
 
@@ -27,12 +27,6 @@ Type ``help`` within the shell to get a list of commands and ``exit`` when finis
 .. |asciicast| image:: https://asciinema.org/a/259453.svg
    :target: https://asciinema.org/a/259453
 
-.. note::
-
-    In Python 2.7, the argument parsing is a little different. Instead of running ``eql`` directly
-    to invoke the interactive shell, run ``eql shell``.
-
-
 In addition, the ``query`` command within EQL will stream over `JSON`_, and
 output as matches are found. An input file can be provided with ``-f`` in JSON
 or as lines of JSON (``.jsonl``). Lines of JSON can also be processed as streams from stdin.
diff --git a/docs/index.rst b/docs/index.rst
index 366c56a..12052c9 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -14,9 +14,9 @@ EQL also has a preprocessor that can perform parse and translation time evaluati
 
 .. note::
    This documentation is about EQL for Elastic Endgame. Several syntax changes were made in Elasticsearch to `bring Event Query Language to the Elastic Stack <https://www.elastic.co/guide/en/elasticsearch/reference/current/eql.html>`_. The existing Python EQL implementation remains unchanged, but please keep the below differences in mind when switching between the two different versions of EQL.
-   
+
    In the Elastic Stack:
-   
+
    - Most operators are now case-sensitive. For example, ``process_name == "cmd.exe"`` is no longer equivalent to ``process_name == "Cmd.exe"``.
    - Functions are now case-sensitive. To use the case-insensitive variant, use ``~``, such as ``endsWith~(process_name, ".exe")``.
    - For case-insensitive equality comparisons, use the ``:`` operator. For example, ``process_name : "cmd.exe"`` is equivalent to ``process_name : "Cmd.exe"``.
@@ -27,12 +27,12 @@ EQL also has a preprocessor that can perform parse and translation time evaluati
    - ``=`` can no longer be substituted for the ``==`` operator.
    - ``'`` strings are no longer supported. Use ``"""`` or ``"`` to represent strings.
    - ``?"`` and ``?'`` no longer indicate raw strings. Use the ``"""..."""`` syntax instead.
-   
+
    For more details, see the `limitations <https://www.elastic.co/guide/en/elasticsearch/reference/current/eql-syntax.html#eql-syntax-limitations>`_ section of the Elasticsearch EQL documentation.
 
 Getting Started
 ^^^^^^^^^^^^^^^^
-The EQL module current supports Python 2.7 and 3.5+. Assuming a supported Python version is installed, run the command:
+The EQL module requires Python 3.8 or higher. Assuming a supported Python version is installed, run the command:
 
 .. code-block:: console
 
@@ -43,7 +43,7 @@ If Python is configured and already in the PATH, then ``eql`` will be readily av
 .. code-block:: console
 
      $ eql --version
-     eql 0.9
+     eql 1.0.0
 
 From there, try a :download:`sample json file <_static/example.json>` and test it with EQL.
 
diff --git a/eql/__init__.py b/eql/__init__.py
index e5b867e..6a610e2 100644
--- a/eql/__init__.py
+++ b/eql/__init__.py
@@ -66,7 +66,7 @@
     Walker,
 )
 
-__version__ = '0.9.19'
+__version__ = '1.0.0'
 __all__ = (
     "__version__",
     "AnalyticOutput",
diff --git a/eql/ast.py b/eql/ast.py
index 942cafe..7b74ad4 100644
--- a/eql/ast.py
+++ b/eql/ast.py
@@ -139,11 +139,7 @@ def __unicode__(self):
 
     def __str__(self):
         """Render the AST back as a valid EQL string."""
-        unicoded = self.__unicode__()
-        # Python 2.7
-        if not isinstance(unicoded, str):
-            unicoded = unicoded.encode('utf-8')
-        return unicoded
+        return self.__unicode__()
 
 
 # noinspection PyAbstractClass
diff --git a/eql/parser.py b/eql/parser.py
index 8df9cf1..54e7c60 100644
--- a/eql/parser.py
+++ b/eql/parser.py
@@ -96,6 +96,50 @@ def __getitem__(self, item):
     def child_trees(self):
         return [child for child in self.children if isinstance(child, KvTree)]
 
+    @property
+    def line(self):
+        """Get line number from meta or fallback to first token."""
+        if hasattr(self, 'meta') and self.meta and hasattr(self.meta, 'line'):
+            return self.meta.line
+        # Fallback: get line from first token child
+        for child in self.children:
+            if isinstance(child, Token) and hasattr(child, 'line'):
+                return child.line
+        return 1
+
+    @property
+    def end_line(self):
+        """Get end line number from meta or fallback to last token."""
+        if hasattr(self, 'meta') and self.meta and hasattr(self.meta, 'end_line'):
+            return self.meta.end_line
+        # Fallback: get end_line from last token child
+        for child in reversed(self.children):
+            if isinstance(child, Token) and hasattr(child, 'end_line'):
+                return child.end_line
+        return self.line
+
+    @property
+    def column(self):
+        """Get column number from meta or fallback to first token."""
+        if hasattr(self, 'meta') and self.meta and hasattr(self.meta, 'column'):
+            return self.meta.column
+        # Fallback: get column from first token child
+        for child in self.children:
+            if isinstance(child, Token) and hasattr(child, 'column'):
+                return child.column
+        return 1
+
+    @property
+    def end_column(self):
+        """Get end column number from meta or fallback to last token."""
+        if hasattr(self, 'meta') and self.meta and hasattr(self.meta, 'end_column'):
+            return self.meta.end_column
+        # Fallback: get end_column from last token child
+        for child in reversed(self.children):
+            if isinstance(child, Token) and hasattr(child, 'end_column'):
+                return child.end_column
+        return self.column
+
 
 class LarkToEQL(Interpreter):
     """Walker of Lark tree to convert it into a EQL AST."""
@@ -978,12 +1022,21 @@ def pipe(self, node):
         if pipe_cls is None or pipe_name not in self._allowed_pipes:
             raise self._error(node["name"], "Unknown pipe {NAME}")
 
+        # Handle arguments - Lark 1.3.1 includes None in children for empty optional rules
+        # The grammar is: "|" name [single_atom single_atom+ | expressions]
         args = []
-
         if node["expressions"]:
-            args = self.visit(node["expressions"])
+            # expressions node exists, visit it
+            args = self.visit(node["expressions"]) or []
+            # Filter out None values (Lark 1.3.1 includes None for empty optional rules)
+            args = [arg for arg in args if arg is not None]
         elif len(node.children) > 1:
-            args = self.visit(node.children[1:])
+            # Handle single_atom single_atom+ case - filter None before visiting
+            atom_nodes = [child for child in node.children[1:] if child is not None]
+            if atom_nodes:
+                args = self.visit(atom_nodes) or []
+                # Filter out None values
+                args = [arg for arg in args if arg is not None]
 
         self.validate_signature(node, pipe_cls, args)
         self._pipe_schemas = pipe_cls.output_schemas(args, self._pipe_schemas)
@@ -1286,7 +1339,28 @@ def definitions(self, node):
     def macro(self, node):
         """Callback function to walk the AST."""
         name = self.visit(node.children[0])
-        params = self.visit(node.children[1:-1])
+        # Extract name string from NodeInfo if needed
+        if hasattr(name, 'node'):
+            name = self.name(node.children[0])
+        elif not isinstance(name, str):
+            name = str(name)
+
+        # Handle parameter list - it might be empty for macros with no parameters
+        # The grammar is: "macro" name "(" [name ("," name)*] ")" expr
+        # Lark 1.3.1 includes None in children for empty optional rules
+        # So children are: [0]=name, [1]=param (or None), [2]=param (or None), ..., [-1]=expr
+        params = []
+        if len(node.children) > 2:
+            # Filter out None values before visiting (Lark 1.3.1 includes None for empty optional rules)
+            param_nodes = [child for child in node.children[1:-1] if child is not None]
+            if param_nodes:
+                param_list_result = self.visit(param_nodes)
+                if isinstance(param_list_result, list):
+                    # Extract parameter names - visit returns strings for name nodes
+                    params = [p for p in param_list_result if isinstance(p, str)]
+                elif isinstance(param_list_result, str):
+                    params = [param_list_result]
+
         body = self.visit(node.children[-1])
         definition = ast.Macro(name, params, body.node)
         self.new_preprocessor.add_definition(definition)
@@ -1294,7 +1368,8 @@ def macro(self, node):
 
     def constant(self, node):
         """Callback function to walk the AST."""
-        name = self.visit(node["name"])
+        name_node = node["name"]
+        name = self.name(name_node) if hasattr(name_node, 'children') else str(name_node)
         value = self.visit(node["literal"])
         definition = ast.Constant(name, value.node)
         self.new_preprocessor.add_definition(definition)
diff --git a/eql/schema.py b/eql/schema.py
index 3fc286d..7a652fc 100644
--- a/eql/schema.py
+++ b/eql/schema.py
@@ -241,7 +241,11 @@ def current(cls):  # type: () -> Schema
         """Retrieve the active schema or the default."""
         current = cls.read_stack("schema")
         if current is None:
-            return cls.default()
+            default = cls.default()
+            if default is None:
+                # Ensure we always return a schema, never None
+                return EMPTY_SCHEMA
+            return default
         return current
 
     @classmethod
diff --git a/eql/shell.py b/eql/shell.py
index a99ee6e..90eed28 100644
--- a/eql/shell.py
+++ b/eql/shell.py
@@ -64,11 +64,8 @@
 PYREADLINE = "pyreadline"
 GNUREADLINE = "gnureadline"
 
-# Determine the input function that should be used for the prompt in a python2 and python3 compatible way
-try:
-    input_func = raw_input
-except NameError:
-    input_func = input
+# Input function for the prompt
+input_func = input
 
 # Determine which version of readline is installed
 for module in ["readline", "gnureadline"]:
@@ -624,12 +621,7 @@ def _save_csv(self, path, results):
                 else:
                     header.append(k)
 
-            # check for python 2 compatibility
-            if type(u"") != str:
-                def writerow(row):
-                    csv_file.writerow([cell.encode("utf8") for cell in row])
-            else:
-                writerow = csv_file.writerow
+            writerow = csv_file.writerow
 
             writerow(header)
 
diff --git a/eql/utils.py b/eql/utils.py
index ad2a766..552fe7f 100644
--- a/eql/utils.py
+++ b/eql/utils.py
@@ -12,29 +12,11 @@
 CASE_INSENSITIVE = True
 _loaded_plugins = False
 
-# Var to check if Python2 or Python3
-py_version = sys.version_info.major
-
-# Python2 and Python3 compatible type checking
-unicode_t = type(u"")
-long_t = type(int(1e100))
-
-try:
-    chr_compat = unichr
-except NameError:
-    chr_compat = chr
-
-if unicode_t == str:
-    strings = str,
-    to_unicode = str
-else:
-    strings = str, unicode_t
-    to_unicode = unicode_t
-
-if long_t != int:
-    numbers = (int, float, long_t)
-else:
-    numbers = int, float
+# Type checking (Python 3.8+)
+strings = (str,)
+to_unicode = str
+numbers = (int, float)
+chr_compat = chr
 
 
 # Optionally load dynamic loaders
@@ -96,15 +78,11 @@ def str_presenter(dumper, data):
 
 def get_ipaddress(ipaddr_string):
     """Get an ip_address object from a string containing an ip address."""
-    if py_version == 2:
-        ipaddr_string = ipaddr_string.decode("utf-8")  # noqa: F821
     return ipaddress.ip_address(ipaddr_string)
 
 
 def get_subnet(cidr_string, strict=False):
     """Get an ip_network object from a string containing an cidr range."""
-    if py_version == 2:
-        cidr_string = cidr_string.decode("utf-8")  # noqa: F821
     return ipaddress.ip_network(cidr_string, strict=strict)
 
 
@@ -157,8 +135,6 @@ def convert_types(tup):
 
 if yaml is not None:
     yaml.add_representer(str, str_presenter)
-    if str != unicode_t:
-        yaml.add_representer(unicode_t, str_presenter)
 
 
 def load_dump(filename):
diff --git a/setup.cfg b/setup.cfg
index bfbd478..cd2c6fc 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -4,6 +4,14 @@ universal = 1
 [flake8]
 max-line-length = 120
 max-complexity = 23
+# F405: star imports - code works, just can't detect undefined names
+# D401: docstring imperative mood - style preference
+# D300: triple double quotes - style preference
+# F403: star imports used - intentional for convenience
+# E721: type comparisons - many are intentional (exact type checks in __eq__, etc.)
+# W504: line break after binary operator - style preference (PEP 8 allows both)
+# E241: multiple spaces after comma/colon - minor spacing issues
+ignore = F405, D401, D300, F403, E721, W504, E241
 
 [pep257]
 ignore = D203
diff --git a/setup.py b/setup.py
index 0783e07..7b4cb45 100644
--- a/setup.py
+++ b/setup.py
@@ -8,35 +8,24 @@
 import io
 
 from setuptools import setup, Command
-from setuptools.command.test import test as TestCommand
 
 
 with io.open('eql/__init__.py', 'rt', encoding='utf8') as f:
     __version__ = re.search(r'__version__ = \'(.*?)\'', f.read()).group(1)
 
 install_requires = [
-    "lark-parser~=0.12.0",
-    "enum34; python_version<'3.4'",
-    "ipaddress; python_version<'3'",
+    "lark>=1.3.1",
 ]
 
 test_requires = [
-    "mock~=1.3.0",
-    "pytest~=3.8.2",
-    "pytest-cov==2.4",
-    "flake8==2.5.1",
+    "pytest>=6.0.0",
+    "pytest-cov>=2.4",
+    "flake8>=3.8.0",
     "pep257==0.7.0",
-    "coverage==4.5.3",
-    "flake8-pep257==1.0.5",
-    "PyYAML<6.0; python_version<'3.4'",
-    "PyYAML; python_version>='3.4'",
+    "coverage>=4.5.3",
+    "flake8-docstrings>=1.5.0",
+    "PyYAML",
     "toml~=0.10",
-    "pluggy==1.0.0-dev0; python_version<'3.4'",
-    "configparser<5.0; python_version<'3.4'",
-    "contextlib2~=0.6.0",
-    "more-itertools~=5.0; python_version<'3.4'",
-    "importlib-metadata<3.0; python_version<'3.4'",
-    "zipp<1.0; python_version<'3.4'",
     "attrs==21.4.0"
 ]
 etc_files = [os.path.relpath(fn, 'eql') for fn in glob.glob('eql/etc/*') if not fn.endswith('.py')]
@@ -56,30 +45,32 @@ def finalize_options(self):
 
     def run(self):
         """Run the flake8 linter."""
-        self.distribution.fetch_build_eggs(test_requires)
-        self.distribution.packages.append('tests')
+        import subprocess
+        # Run flake8 via command line (respects setup.cfg configuration)
+        result = subprocess.run(
+            [sys.executable, '-m', 'flake8', 'eql', 'tests'],
+            cwd=os.path.dirname(os.path.abspath(__file__))
+        )
+        sys.exit(result.returncode)
 
-        from flake8.main import Flake8Command
-        flake8cmd = Flake8Command(self.distribution)
-        flake8cmd.options_dict = {}
-        flake8cmd.run()
 
-
-class Test(TestCommand):
+class Test(Command):
     """Use pytest (http://pytest.org/latest/) in place of the standard unittest library."""
 
     user_options = [("pytest-args=", "a", "Arguments to pass to pytest")]
 
     def initialize_options(self):
-        """Need to ensure pytest_args exists."""
-        TestCommand.initialize_options(self)
+        """Initialize options."""
         self.pytest_args = []
 
-    def run_tests(self):
+    def finalize_options(self):
+        """Finalize options."""
+        pass
+
+    def run(self):
         """Run pytest."""
         import pytest
         import eql
-
         eql.parser.full_tracebacks = True
         sys.exit(pytest.main(self.pytest_args))
 
@@ -98,19 +89,17 @@ def run_tests(self):
         'Intended Audience :: Science/Research',
         'Intended Audience :: System Administrators',
         'Natural Language :: English',
-        'Programming Language :: Python :: 2',
-        'Programming Language :: Python :: 2.7',
         'Programming Language :: Python :: 3',
-        'Programming Language :: Python :: 3.4',
-        'Programming Language :: Python :: 3.5',
-        'Programming Language :: Python :: 3.6',
-        'Programming Language :: Python :: 3.7',
+        'Programming Language :: Python :: 3.8',
+        'Programming Language :: Python :: 3.9',
+        'Programming Language :: Python :: 3.10',
+        'Programming Language :: Python :: 3.11',
+        'Programming Language :: Python :: 3.12',
         'Topic :: Database',
         'Topic :: Internet :: Log Analysis',
         'Topic :: Scientific/Engineering :: Information Analysis',
     ],
     url='https://eql.readthedocs.io',
-    tests_require=install_requires + test_requires,
     cmdclass={
         'lint': Lint,
         'test': Test
diff --git a/tests/test_cli.py b/tests/test_cli.py
index 2cf1a3e..661dec1 100644
--- a/tests/test_cli.py
+++ b/tests/test_cli.py
@@ -5,7 +5,7 @@
 import uuid
 import unittest
 
-import mock
+from unittest import mock
 
 from eql.errors import EqlSchemaError
 from eql.loader import save_analytics
diff --git a/tests/test_python_engine.py b/tests/test_python_engine.py
index 243c3e9..76f823b 100644
--- a/tests/test_python_engine.py
+++ b/tests/test_python_engine.py
@@ -1,7 +1,6 @@
 """Test Python Engine for EQL."""
 import ipaddress
 import random
-import sys
 import uuid
 from collections import defaultdict
 
@@ -396,9 +395,6 @@ def test_cidrmatch(self):
         """Test the cidrMatch custom function."""
         def to_range(cidr):
             """Convert a CIDR notation to a tuple of the minimum and maximum IP addresses in the range."""
-            # Python 2 support
-            if sys.version_info.major == 2:
-                cidr = unicode(cidr)
             ip_network = ipaddress.ip_network(cidr, strict=False)
 
             min_ip_address = ip_network.network_address