zhmcclient · andy-maier · Jul 19, 2024 · Jul 19, 2024
diff --git a/.safety-policy-develop.yml b/.safety-policy-develop.yml
@@ -22,14 +22,8 @@ security:
     #     reason: {text}    # optional: Reason for ignoring it. Will be reported in the Safety reports
     #     expires: {date}   # optional: Date when this ignore will expire
     ignore-vulnerabilities:
-        39621:
-            reason: Fixed Pylint version is not used by Ansible sanity test
-        45185:
-            reason: Fixed Pylint version is not used by Ansible sanity test
         51457:
-            reason: Py package is no longer being fixed (latest version 1.11.0)
-        66742:
-            reason: Fixed black version 24.3.0 requires Python>=3.8 and is used on Python>=3.10 (black is not used below)
+            reason: The py package is no longer being fixed, we use its latest version 1.11.0
 
     # Continue with exit code 0 when vulnerabilities are found.
     continue-on-vulnerability-error: False
diff --git a/.safety-policy-install.yml b/.safety-policy-install.yml
@@ -22,32 +22,26 @@ security:
     #     reason: {text}    # optional: Reason for ignoring it. Will be reported in the Safety reports
     #     expires: {date}   # optional: Date when this ignore will expire
     ignore-vulnerabilities:
-        39611:
-            reason: PyYAML full_load method or FullLoader is not used
-        42923:
-            reason: Fixed Ansible version is stated to be 0
         54219:
-            reason: Fixed ansible version is 2.10.0, but need to support ansible 2.9
+            reason: Fixed ansible version is 2.10.0, but we support older ansible versions
         54229:
-            reason: Not yet fixed in any ansible version, but need to support ansible 2.9
+            reason: Fixed ansible version is 2.10.5, but we support older ansible versions
         54230:
-            reason: Not yet fixed in any ansible version, but need to support ansible 2.9
+            reason: Fixed ansible version is 2.10.5, but we support older ansible versions
         54564:
-            reason: Fixed ansible version is 7.0.0, but need to support ansible 2.9
+            reason: Fixed ansible version is 7.0.0, but we support older ansible versions
         63066:
-            reason: Fixed ansible-core version 2.15.8 requires Python>=3.9 and is used on Python>=3.12
+            reason: Fixed ansible-core version is 2.15.8, but we support older ansible versions
         65511:
-            reason: Fixed ansible-core version 2.13.13 requires Python>=3.8 and 2.13.x is not used
+            reason: Fixed ansible-core version is 2.13.13, but we support older ansible versions
         66667:
-            reason: Fixed ansible-core version 2.12.0 requires Python>=3.8 and is used on Python>=3.10
+            reason: Fixed ansible-core version is 2.12.0, but we support older ansible versions
         66700:
-            reason: Fixed ansible-core version 2.14.14 requires Python>=3.9 and is used on Python>=3.11
-        67599:
-            reason: Disputed issue in pip version 23.3 - No known fix
+            reason: Fixed ansible-core versions are 2.14.14 and 2.16.3, but we support older ansible versions
         70612:
-            reason: Disputed issue in jinja2 version 3.1.3 - No known fix
+            reason: Safety issue and CVE do not list a fixed version of Jinja2
         70895:
-            reason: Fixed ansible-core version 2.15.2 requires Python>=3.9 and is used on Python>=3.12
+            reason: Fixed ansible-core version is 2.15.2, but we support older ansible versions
 
     # Continue with exit code 0 when vulnerabilities are found.
     continue-on-vulnerability-error: False
diff --git a/minimum-constraints-develop.txt b/minimum-constraints-develop.txt
@@ -42,7 +42,7 @@ rstcheck==3.3.1; python_version <= '3.9'  # ansible <= 2.10 (on minimum package
 
 # ansible-lint
 ansible-lint==6.14.0; python_version >= '3.10'
-black==22.8.0; python_version >= '3.10'
+black==24.3.0; python_version >= '3.10'
 rich==12.0.0; python_version >= '3.10'
 wcmatch==8.5; python_version >= '3.10'
 ansible-compat==4.1.10; python_version >= '3.10'
@@ -138,7 +138,7 @@ keyring==21.4.0
 more-itertools==5.0.0
 pathlib2==2.2.1
 ply==3.10
-py==1.11.0
+py==1.11.0  # Still required by pytest 6.2.5
 requests-toolbelt==0.8.0
 smmap==3.0.1
 snowballstemmer==2.0.0

diff --git a/minimum-constraints-install.txt b/minimum-constraints-install.txt
@@ -26,7 +26,7 @@ ansible==9.0.1; python_version >= '3.12'
 ansible-core==2.11.12; python_version == '3.9'
 ansible-core==2.12.10; python_version == '3.10'
 ansible-core==2.14.14; python_version == '3.11'
-ansible-core==2.16.0; python_version >= '3.12'
+ansible-core==2.16.3; python_version >= '3.12'
 
 # other ansible or ansible-core dependencies
 resolvelib==0.5.3; python_version == '3.9'
@@ -53,7 +53,7 @@ cryptography==42.0.5
 
 importlib-metadata==4.8.3
 
-packaging==21.3
+packaging==22.0
 PyYAML==6.0.1
 
 python-dateutil==2.8.2

diff --git a/requirements.txt b/requirements.txt
@@ -61,8 +61,8 @@ cryptography>=42.0.5
 # importlib-metadata is used for development by flake8 (and others).
 importlib-metadata>=4.8.3
 
-# packaging is used by TBD, and for dev also by pytest, pip-check-reqs, sphinx
-packaging>=21.3
+# packaging is used by ansible-core (and for dev also by pytest, pip-check-reqs, sphinx and others)
+packaging>=22.0
 
 # PyYAML 5.3 has wheel archives for Python 2.7, 3.5 - 3.9
 # PyYAML 5.4 has wheel archives for Python 2.7, 3.6 - 3.9