Skip to content
This repository has been archived by the owner on May 27, 2024. It is now read-only.

feat(Dependencies): Update dependency ansible to v8 [SECURITY] #1601

Merged
merged 1 commit into from
Jan 29, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 8, 2024

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
ansible (source) ==5.0.1 -> ==8.5.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-3697

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

CVE-2023-5115

An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.


Release Notes

ansible-community/ansible-build-data (ansible)

v8.3.0

Compare Source

v8.2.0

Compare Source

v8.1.0

Compare Source

v8.0.0

Compare Source

v7.7.0

Compare Source

v7.6.0

Compare Source

v7.5.0

Compare Source

v7.4.0

Compare Source

v7.1.0

Compare Source

v7.0.0

Compare Source

v6.7.0

Compare Source

v6.6.0

Compare Source

v6.5.0

Compare Source

v6.4.0

Compare Source

v6.3.0

Compare Source

v6.2.0

Compare Source

v6.1.0

Compare Source

v5.9.0

Compare Source

v5.8.0

Compare Source

v5.7.1

Compare Source

v5.7.0

Compare Source

v5.6.0

Compare Source

v5.5.0

Compare Source

v5.4.0

Compare Source

v5.3.0

Compare Source

v5.2.0

Compare Source

v5.1.0

Compare Source


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot requested a review from a team January 8, 2024 12:22
@renovate renovate bot force-pushed the deps/pypi-ansible-vulnerability branch 2 times, most recently from 1a7e7fb to 67f9682 Compare January 11, 2024 13:05
@renovate renovate bot force-pushed the deps/pypi-ansible-vulnerability branch 2 times, most recently from 230aada to 8fe6edb Compare January 19, 2024 12:10
| datasource | package | from  | to    |
| ---------- | ------- | ----- | ----- |
| pypi       | ansible | 5.0.1 | 8.5.0 |
@renovate renovate bot force-pushed the deps/pypi-ansible-vulnerability branch from 30f8839 to 3952879 Compare January 29, 2024 08:40
@dweinholz dweinholz merged commit d0ad05a into dev Jan 29, 2024
1 of 2 checks passed
@dweinholz dweinholz deleted the deps/pypi-ansible-vulnerability branch January 29, 2024 13:30
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant