Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lineage pull request for: skeleton #50

Merged
merged 7 commits into from
Nov 20, 2024
Merged

Lineage pull request for: skeleton #50

merged 7 commits into from
Nov 20, 2024

Conversation

cisagovbot
Copy link

@cisagovbot cisagovbot commented Nov 20, 2024

Lineage Pull Request

Lineage has created this pull request to incorporate new changes found in an
upstream repository:

Upstream repository: https://github.com/cisagov/skeleton-generic.git
Remote branch: HEAD

Check the changes in this pull request to ensure they won't cause issues with
your project.

✅ Pre-approval checklist

  • All relevant type-of-change labels have been added.
  • All new and existing tests pass.

Note

You are seeing this because one of this repository's maintainers has
configured Lineage to open pull requests.

For more information:

🛠 Lineage configurations for this project are stored in .github/lineage.yml

📚 Read more about Lineage

jsf9k and others added 7 commits November 8, 2024 13:40
This is being done because the pip-audit pre-commit hook identifies a
vulnerability in ansible-core version 2.16.13.  Note that this
requires that we bump up ansible to version 10 since all versions of
ansible 9 have a dependency on ~=2.16.X.
Version 24.10.0 is the first version that supports Fedora 41 as a
valid platform.
The pin of ansible-core was originally put in place because the
pip-audit pre-commit hook identifies a vulnerability in ansible-core
2.16.13.  Normally we would pin ansible-core to >2.16.13, but in the
spirit of the earlier, optional pin of ansible>=10 we pin ansible-core
to >=2.17.  This effectively also pins ansible to >=10.

Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
This adds even more evidence for why it is a good idea to go ahead and
upgrade ansible and ansible-core, in addition to the vulnerability
that pip-audit turned up.

Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
…n-for-ansible-core

Bump up the lower bound on `ansible-core`
…-pre-commit-hook-version

Update the version of the `ansible-lint` `pre-commit` hook
@cisagovbot cisagovbot added the upstream update This issue or pull request pulls in upstream updates label Nov 20, 2024
@jsf9k jsf9k enabled auto-merge November 20, 2024 19:05
@jsf9k jsf9k merged commit f951a38 into develop Nov 20, 2024
4 checks passed
@jsf9k jsf9k deleted the lineage/skeleton branch November 20, 2024 19:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
upstream update This issue or pull request pulls in upstream updates
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants