ansible-lockdown · uk-bolly · Apr 15, 2024 · Dec 6, 2023 · Dec 6, 2023 · Dec 6, 2023
diff --git a/.github/workflows/devel_pipeline_validation.yml b/.github/workflows/devel_pipeline_validation.yml
@@ -44,13 +44,13 @@
 
           steps:
             - name: Clone ${{ github.event.repository.name }}
-              uses: actions/checkout@v3
+              uses: actions/checkout@v4
               with:
                 ref: ${{ github.event.pull_request.head.sha }}
 
             # Pull in terraform code for linux servers
             - name: Clone github IaC plan
-              uses: actions/checkout@v3
+              uses: actions/checkout@v4
               with:
                 repository: ansible-lockdown/github_linux_IaC
                 path: .github/workflows/github_linux_IaC
@@ -125,6 +125,7 @@
               env:
                 ANSIBLE_HOST_KEY_CHECKING: "false"
                 ANSIBLE_DEPRECATION_WARNINGS: "false"
+                ANSIBLE_INJECT_FACT_VARS: "false"
 
           # Remove test system - User secrets to keep if necessary
 

diff --git a/.github/workflows/main_pipeline_validation.yml b/.github/workflows/main_pipeline_validation.yml
@@ -33,13 +33,13 @@
 
           steps:
             - name: Clone ${{ github.event.repository.name }}
-              uses: actions/checkout@v3
+              uses: actions/checkout@v4
               with:
                 ref: ${{ github.event.pull_request.head.sha }}
 
             # Pull in terraform code for linux servers
             - name: Clone github IaC plan
-              uses: actions/checkout@v3
+              uses: actions/checkout@v4
               with:
                 repository: ansible-lockdown/github_linux_IaC
                 path: .github/workflows/github_linux_IaC
@@ -114,6 +114,7 @@
               env:
                 ANSIBLE_HOST_KEY_CHECKING: "false"
                 ANSIBLE_DEPRECATION_WARNINGS: "false"
+                ANSIBLE_INJECT_FACT_VARS: "false"
 
           # Remove test system - User secrets to keep if necessary
 

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -7,7 +7,7 @@ ci:
 
 repos:
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v4.4.0
+  rev: v4.6.0
   hooks:
   # Safety
   - id: detect-aws-credentials
@@ -37,13 +37,13 @@ repos:
     exclude: .config/.gitleaks-report.json
 
 - repo: https://github.com/gitleaks/gitleaks
-  rev: v8.17.0
+  rev: v8.18.2
   hooks:
   - id: gitleaks
     args: ['--baseline-path', '.config/.gitleaks-report.json']
 
 - repo: https://github.com/ansible-community/ansible-lint
-  rev: v6.18.0
+  rev: v24.2.1
   hooks:
   - id: ansible-lint
     name: Ansible-lint
@@ -62,6 +62,6 @@ repos:
     - ansible-core>=2.10.1
 
 - repo: https://github.com/adrienverge/yamllint.git
-  rev: v1.32.0  # or higher tag
+  rev: v1.35.1  # or higher tag
   hooks:
   - id: yamllint
diff --git a/Changelog.md b/Changelog.md
@@ -1,5 +1,33 @@
 # Amazon 2023 CIS - 26th June 2023
 
+## 1.0.1
+
+- thanks to @DianaMariaDDM
+  - #59
+  - #60
+  - #61
+  - #62
+
+- #64 thanks to @tom-henderson
+
+- extended with new options to force changes for 4.6.1.1|2|3 default false
+  - amzn2023cis_force_user_maxdays
+  - amzn2023cis_force_user_mindays
+  - amzn2023cis_force_user_warndays
+
+- pre-commit updates
+
+- general tidy up
+
+## 1.0 Multiple changes
+
+- Audit binary updated goss 0.4.4
+- audit_only option now added
+  - audit_only: true
+
+- Many Prs and associated issues
+  massive thanks to @DianaMariaDDM for all the PRs and Issues and time
+
 ## 0.91
 
 - issue #2 thanks to @babinskiy