Adjust pin for ansible-core

The pin of ansible-core was originally put in place because the pip-audit pre-commit hook identifies a vulnerability in ansible-core 2.16.13. Normally we would pin ansible-core to >2.16.13, but in the spirit of the earlier, optional pin of ansible>=10 we pin ansible-core to >=2.17. This effectively also pins ansible to >=10. Co-authored-by: Nick M <[email protected]>
cisagov · Nov 14, 2024 · cca133a · cca133a
1 parent 12a91ad
commit cca133a
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -189,12 +189,14 @@ repos:
           # install those versions.
           #
           # Note that the pip-audit pre-commit hook identifies a
-          # vulnerability in ansible-core 2.16.13.
+          # vulnerability in ansible-core 2.16.13.  The pin of
+          # ansible-core to >=2.17 effectively also pins ansible to
+          # >=10.
           #
           # Note that any changes made to this dependency must also be
           # made in requirements.txt in cisagov/skeleton-packer and
           # requirements-test.txt in cisagov/skeleton-ansible-role.
-          - ansible-core>2.16.13
+          - ansible-core>=2.17
 
   # Terraform hooks
   - repo: https://github.com/antonbabenko/pre-commit-terraform