Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump up the lower bound on ansible-core #209

Merged
merged 3 commits into from
Nov 22, 2024
Merged

Bump up the lower bound on ansible-core #209

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
46b874f
Bump up the lower bound on ansible-core
jsf9k Nov 8, 2024
b5a06b4
Adjust pin for ansible-core
jsf9k Nov 14, 2024
38081fd
Add comments about looming EOL issues for ansible and ansible-core
jsf9k Nov 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 20 additions & 3 deletions requirements-test.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,20 +9,37 @@
# as using the dnf package manager, and version 8 is currently the
# oldest supported version.
#
# We have tested against version 9. We want to avoid automatically
# Version 10 is required because the pip-audit pre-commit hook
# identifies a vulnerability in ansible-core 2.16.13, but all versions
# of ansible 9 have a dependency on ~=2.16.X.
#
# It is also a good idea to go ahead and upgrade to version 10 since
# version 9 is going EOL at the end of November:
# https://endoflife.date/ansible
#
# We have tested against version 10. We want to avoid automatically
# jumping to another major version without testing, since there are
# often breaking changes across major versions. This is the reason
# for the upper bound.
ansible>=9,<10
ansible>=10,<11
# ansible-core 2.16.3 through 2.16.6 suffer from the bug discussed in
# ansible/ansible#82702, which breaks any symlinked files in vars,
# tasks, etc. for any Ansible role installed via ansible-galaxy.
# Hence we never want to install those versions.
#
# Note that the pip-audit pre-commit hook identifies a vulnerability
# in ansible-core 2.16.13. Normally we would pin ansible-core
# accordingly (>2.16.13), but the above pin of ansible>=10 effectively
# pins ansible-core to >=2.17 so that's what we do here.
#
# It is also a good idea to go ahead and upgrade to ansible-core 2.17
# since security support for ansible-core 2.16 ends this month:
# https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix
#
# Note that any changes made to this dependency must also be made in
# requirements.txt in cisagov/skeleton-packer and
# .pre-commit-config.yaml in cisagov/skeleton-generic.
ansible-core>=2.16.7
ansible-core>=2.17
# With the release of molecule v5 there were some breaking changes so
# we need to pin at v5 or newer. However, v5.0.0 had an internal
# dependency issue so we must use the bugfix release as the actual
Expand Down
Loading