diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index bb2f8113..e4fb71a1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -175,7 +175,7 @@ repos: # Ansible hooks - repo: https://github.com/ansible/ansible-lint - rev: v24.9.2 + rev: v24.10.0 hooks: - id: ansible-lint additional_dependencies: @@ -191,6 +191,13 @@ repos: # hook identifies a vulnerability in ansible-core 2.16.13, # but all versions of ansible 9 have a dependency on # ~=2.16.X. +<<<<<<< HEAD +======= + # + # It is also a good idea to go ahead and upgrade to version + # 10 since version 9 is going EOL at the end of November: + # https://endoflife.date/ansible +>>>>>>> a7947357cfeee58bc121243a2c76c5bbdc064e35 # - ansible>=10,<11 # ansible-core 2.16.3 through 2.16.6 suffer from the bug # discussed in ansible/ansible#82702, which breaks any @@ -198,10 +205,22 @@ repos: # installed via ansible-galaxy. Hence we never want to # install those versions. # +<<<<<<< HEAD # Note that the pip-audit pre-commit hook identifies a vulnerability # in ansible-core 2.16.13. Normally we would pin ansible-core # accordingly (>2.16.13), but the above pin of ansible>=10 effectively # pins ansible-core to >=2.17 so that's what we do here. +======= + # Note that the pip-audit pre-commit hook identifies a + # vulnerability in ansible-core 2.16.13. The pin of + # ansible-core to >=2.17 effectively also pins ansible to + # >=10. + # + # It is also a good idea to go ahead and upgrade to + # ansible-core 2.17 since security support for ansible-core + # 2.16 ends this month: + # https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix +>>>>>>> a7947357cfeee58bc121243a2c76c5bbdc064e35 # # Note that any changes made to this dependency must also be # made in requirements.txt in cisagov/skeleton-packer and