Skip to content

Commit

Permalink
Merge pull request #209 from cisagov/improvement/bump-up-lower-bound-…
Browse files Browse the repository at this point in the history 
…pin-for-ansible-core

Bump up the lower bound on `ansible-core`
  • Loading branch information
@jsf9k
jsf9k authored Nov 22, 2024
2 parents b7f9de9 + 38081fd commit b48fe5c
Showing 1 changed file with 20 additions and 3 deletions.
23 changes: 20 additions & 3 deletions requirements-test.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,20 +9,37 @@
# as using the dnf package manager, and version 8 is currently the
# oldest supported version.
#
# We have tested against version 9. We want to avoid automatically
# Version 10 is required because the pip-audit pre-commit hook
# identifies a vulnerability in ansible-core 2.16.13, but all versions
# of ansible 9 have a dependency on ~=2.16.X.
#
# It is also a good idea to go ahead and upgrade to version 10 since
# version 9 is going EOL at the end of November:
# https://endoflife.date/ansible
#
# We have tested against version 10. We want to avoid automatically
# jumping to another major version without testing, since there are
# often breaking changes across major versions. This is the reason
# for the upper bound.
ansible>=9,<10
ansible>=10,<11
# ansible-core 2.16.3 through 2.16.6 suffer from the bug discussed in
# ansible/ansible#82702, which breaks any symlinked files in vars,
# tasks, etc. for any Ansible role installed via ansible-galaxy.
# Hence we never want to install those versions.
#
# Note that the pip-audit pre-commit hook identifies a vulnerability
# in ansible-core 2.16.13. Normally we would pin ansible-core
# accordingly (>2.16.13), but the above pin of ansible>=10 effectively
# pins ansible-core to >=2.17 so that's what we do here.
#
# It is also a good idea to go ahead and upgrade to ansible-core 2.17
# since security support for ansible-core 2.16 ends this month:
# https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix
#
# Note that any changes made to this dependency must also be made in
# requirements.txt in cisagov/skeleton-packer and
# .pre-commit-config.yaml in cisagov/skeleton-generic.
ansible-core>=2.16.7
ansible-core>=2.17
# With the release of molecule v5 there were some breaking changes so
# we need to pin at v5 or newer. However, v5.0.0 had an internal
# dependency issue so we must use the bugfix release as the actual
Expand Down

0 comments on commit b48fe5c

Please sign in to comment.