From 38081fd03487edae5cc53259e3986773440edadb Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Wed, 20 Nov 2024 12:46:30 -0500 Subject: [PATCH] Add comments about looming EOL issues for ansible and ansible-core This adds even more evidence for why it is a good idea to go ahead and upgrade ansible and ansible-core, in addition to the vulnerability that pip-audit turned up. Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com> --- requirements-test.txt | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/requirements-test.txt b/requirements-test.txt index 3ca64f1..f62e440 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -13,6 +13,10 @@ # identifies a vulnerability in ansible-core 2.16.13, but all versions # of ansible 9 have a dependency on ~=2.16.X. # +# It is also a good idea to go ahead and upgrade to version 10 since +# version 9 is going EOL at the end of November: +# https://endoflife.date/ansible +# # We have tested against version 10. We want to avoid automatically # jumping to another major version without testing, since there are # often breaking changes across major versions. This is the reason @@ -28,6 +32,10 @@ ansible>=10,<11 # accordingly (>2.16.13), but the above pin of ansible>=10 effectively # pins ansible-core to >=2.17 so that's what we do here. # +# It is also a good idea to go ahead and upgrade to ansible-core 2.17 +# since security support for ansible-core 2.16 ends this month: +# https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix +# # Note that any changes made to this dependency must also be made in # requirements.txt in cisagov/skeleton-packer and # .pre-commit-config.yaml in cisagov/skeleton-generic.