@@ -165,7 +165,7 @@ repos:
165165
166166 # Ansible hooks
167167 - repo : https://github.com/ansible/ansible-lint
168- rev : v24.9.2
168+ rev : v24.10.0
169169 hooks :
170170 - id : ansible-lint
171171 additional_dependencies :
@@ -176,17 +176,36 @@ repos:
176176 # necessary to add the ansible package itself as an
177177 # additional dependency, with the same pinning as is done in
178178 # requirements-test.txt of cisagov/skeleton-ansible-role.
179- # - ansible>=9,<10
179+ #
180+ # Version 10 is required because the pip-audit pre-commit
181+ # hook identifies a vulnerability in ansible-core 2.16.13,
182+ # but all versions of ansible 9 have a dependency on
183+ # ~=2.16.X.
184+ #
185+ # It is also a good idea to go ahead and upgrade to version
186+ # 10 since version 9 is going EOL at the end of November:
187+ # https://endoflife.date/ansible
188+ # - ansible>=10,<11
180189 # ansible-core 2.16.3 through 2.16.6 suffer from the bug
181190 # discussed in ansible/ansible#82702, which breaks any
182191 # symlinked files in vars, tasks, etc. for any Ansible role
183192 # installed via ansible-galaxy. Hence we never want to
184193 # install those versions.
185194 #
195+ # Note that the pip-audit pre-commit hook identifies a
196+ # vulnerability in ansible-core 2.16.13. The pin of
197+ # ansible-core to >=2.17 effectively also pins ansible to
198+ # >=10.
199+ #
200+ # It is also a good idea to go ahead and upgrade to
201+ # ansible-core 2.17 since security support for ansible-core
202+ # 2.16 ends this month:
203+ # https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix
204+ #
186205 # Note that any changes made to this dependency must also be
187206 # made in requirements.txt in cisagov/skeleton-packer and
188207 # requirements-test.txt in cisagov/skeleton-ansible-role.
189- - ansible-core>=2.16.7
208+ - ansible-core>=2.17
190209
191210 # Terraform hooks
192211 - repo : https://github.com/antonbabenko/pre-commit-terraform
0 commit comments