Log Message:
ansible-core: updated to 2.18.0

v2.18.0
=======

Minor Changes
-------------

- Add ``gid_min``, ``gid_max`` to the group plugin to overwrite the defaults \ 
provided by the ``/etc/login.defs`` file \ 
(https://github.com/ansible/ansible/pull/81770).
- Add ``python3.13`` to the default ``INTERPRETER_PYTHON_FALLBACK`` list.
- Add ``uid_min``, ``uid_max`` to the user plugin to overwrite the defaults \ 
provided by the ``/etc/login.defs`` file \ 
(https://github.com/ansible/ansible/pull/81770).
- Add a new meta task ``end_role`` (https://github.com/ansible/ansible/issues/22286)
- Add a new mount_facts module to support gathering information about mounts \ 
that are excluded by default fact gathering.
- Introducing COLOR_INCLUDED parameter. This can set a specific color for \ 
"included" events.
- Removed the shell ``environment`` config entry as this is already covered by \ 
the play/task directives documentation and the value itself is not used in the \ 
shell plugins. This should remove any confusion around how people set the \ 
environment for a task.
- Suppress cryptography deprecation warnings for Blowfish and TripleDES when the \ 
``paramiko`` Python module is installed.
- The minimum supported Python version on targets is now Python 3.8.
- ``ansible-galaxy collection publish`` - add configuration options for the \ 
initial poll interval and the exponential when checking the import status of a \ 
collection, since the default is relatively slow.
- ansible-config has new 'validate' option to find mispelled/forgein \ 
configurations in ini file or environment variables.
- ansible-doc - show examples in role entrypoint argument specs \ 
(https://github.com/ansible/ansible/pull/82671).
- ansible-galaxy - Handle authentication errors and token expiration
- ansible-test - Add Ubuntu 24.04 remote.
- ansible-test - Add support for Python 3.13.
- ansible-test - An ``ansible_core.egg-info`` directory is no longer generated \ 
when running tests.
- ansible-test - Connection options can be set for ansible-test managed remote \ 
Windows instances.
- ansible-test - Default to Python 3.13 in the ``base`` and ``default`` containers.
- ansible-test - Disable the ``deprecated-`` prefixed ``pylint`` rules as their \ 
results vary by Python version.
- ansible-test - Improve container runtime probe error handling. When unexpected \ 
probe output is encountered, an error with more useful debugging information is \ 
provided.
- ansible-test - Improve the error message shown when an unknown ``--remote`` or \ 
``--docker`` option is given.
- ansible-test - Remove Python 2.7 compatibility imports.
- ansible-test - Removed the ``vyos/1.1.8`` network remote as it is no longer \ 
functional.
- ansible-test - Replace Alpine 3.19 container and remote with Alpine 3.20.
- ansible-test - Replace Fedora 39 container and remote with Fedora 40.
- ansible-test - Replace FreeBSD 14.0 remote with FreeBSD 14.1.
- ansible-test - Replace RHEL 9.3 remote with RHEL 9.4.
- ansible-test - Replace Ubuntu 20.04 container with Ubuntu 24.04 container.
- ansible-test - The ``empty-init`` sanity test no longer applies to \ 
``module_utils`` packages.
- ansible-test - Update ``ansible-test-utility-container`` to version 3.1.0.
- ansible-test - Update ``base`` and ``default`` containers to omit Python 3.7.
- ansible-test - Update ``coverage`` to version 7.6.1.
- ansible-test - Update ``http-test-container`` to version 3.0.0.
- ansible-test - Update ``nios-test-container`` to version 5.0.0.
- ansible-test - Update ``pylint`` sanity test to use version 3.3.1.
- ansible-test - Update ``pypi-test-container`` to version 3.2.0.
- ansible-test - Update the ``base`` and ``default`` containers.
- ansible-test - Updated the frozen requirements for all sanity tests.
- ansible-test - Upgrade ``pip`` used in ansible-test managed virtual \ 
environments from version 24.0 to 24.2.
- ansible-test - Virtual environments created by ansible-test no longer include \ 
the ``wheel`` or ``setuptools`` packages.
- ansible-test - update HTTP test container to 3.2.0 \ 
(https://github.com/ansible/ansible/pull/83469).
- ansible.log now also shows log severity field
- distribution.py - Added SL-Micro in Suse OS Family. \ 
(https://github.com/ansible/ansible/pull/83541)
- dnf - minor internal changes in how the errors from the dnf API are handled; \ 
rely solely on the exceptions rather than inspecting text embedded in them
- dnf - remove legacy code for unsupported dnf versions
- dnf5 - implement ``enable_plugin`` and ``disable_plugin`` options
- fact gathering - Gather /proc/sysinfo facts on s390 Linux on Z
- facts - add systemd version and features
- find - change the datatype of ``elements`` to ``path`` in option ``paths`` \ 
(https://github.com/ansible/ansible/pull/83575).
- ini lookup - add new ``interpolation`` option \ 
(https://github.com/ansible/ansible/issues/83755)
- isidentifier - remove unwanted Python 2 specific code.
- loop_control - add a break_when option to to break out of a task loop early \ 
based on Jinja2 expressions (https://github.com/ansible/ansible/issues/83442).
- package_facts module now supports using aliases for supported package \ 
managers, for example managers=yum or managers=dnf will resolve to using the \ 
underlying rpm.
- plugins, deprecations and warnings concerning configuration are now displayed \ 
to the user, technical issue that prevented 'de-duplication' have been resolved.
- psrp - Remove connection plugin extras vars lookup. This should have no affect \ 
on existing users as all options have been documented.
- remove extraneous selinux import (https://github.com/ansible/ansible/issues/83657).
- replace random with secrets library.
- rpm_key - allow validation of gpg key with a subkey fingerprint
- rpm_key - enable gpg validation that requires presence of multiple fingerprints
- service_mgr - add support for dinit service manager \ 
(https://github.com/ansible/ansible/pull/83489).
- task timeout now returns timedout key with frame/code that was in execution \ 
when the timeout is triggered.
- timedout test for checking if a task result represents a 'timed out' task.
- unarchive - Remove Python 2.7 compatibility imports.
- validate-modules sanity test - detect if names of an option (option name + \ 
aliases) do not match between argument spec and documentation \ 
(https://github.com/ansible/ansible/issues/83598, \ 
https://github.com/ansible/ansible/pull/83599).
- validate-modules sanity test - reject option/aliases names that are identical \ 
up to casing but belong to different options \ 
(https://github.com/ansible/ansible/pull/83530).
- vaulted_file test filter added, to test if the provided path is an 'Ansible \ 
vaulted' file
- yum_repository - add ``excludepkgs`` alias to the ``exclude`` option.

Breaking Changes / Porting Guide
--------------------------------

- Stopped wrapping all commands sent over SSH on a Windows target with a \ 
``powershell.exe`` executable. This results in one less process being started on \ 
each command for Windows to improve efficiency, simplify the code, and make \ 
``raw`` an actual raw command run with the default shell configured on the \ 
Windows sshd settings. This should have no affect on most tasks except for \ 
``raw`` which now is not guaranteed to always be running in a PowerShell shell \ 
and from having the console output codepage set to UTF-8. To avoid this issue \ 
either swap to using ``ansible.windows.win_command``, \ 
``ansible.windows.win_shell``, ``ansible.windows.win_powershell`` or manually \ 
wrap the raw command with the shell commands needed to set the output console \ 
encoding.
- persistent connection plugins - The ``ANSIBLE_CONNECTION_PATH`` config option \ 
no longer has any effect.

Deprecated Features
-------------------

- Deprecate ``ansible.module_utils.basic.AnsibleModule.safe_eval`` and \ 
``ansible.module_utils.common.safe_eval`` as they are no longer used.
- persistent connection plugins - The ``ANSIBLE_CONNECTION_PATH`` config option \ 
no longer has any effect, and will be removed in a future release.
- yum_repository - deprecate ``async`` option as it has been removed in RHEL 8 \ 
and will be removed in ansible-core 2.22.
- yum_repository - the following options are deprecated: \ 
``deltarpm_metadata_percentage``, ``gpgcakey``, ``http_caching``, ``keepalive``, \ 
``metadata_expire_filter``, ``mirrorlist_expire``, ``protect``, \ 
``ssl_check_cert_permissions``, ``ui_repoid_vars`` as they have no effect for \ 
dnf as an underlying package manager. The options will be removed in \ 
ansible-core 2.22.

Removed Features (previously deprecated)
----------------------------------------

- Play - removed deprecated ``ROLE_CACHE`` property in favor of ``role_cache``.
- Remove deprecated `VariableManager._get_delegated_vars` method \ 
(https://github.com/ansible/ansible/issues/82950)
- Removed Python 3.10 as a supported version on the controller. Python 3.11 or \ 
newer is required.
- Removed support for setting the ``vars`` keyword to lists of dictionaries. It \ 
is now required to be a single dictionary.
- loader - remove deprecated non-inclusive words \ 
(https://github.com/ansible/ansible/issues/82947).
- paramiko_ssh - removed deprecated ssh_args from the paramiko_ssh connection \ 
plugin (https://github.com/ansible/ansible/issues/82939).
- paramiko_ssh - removed deprecated ssh_common_args from the paramiko_ssh \ 
connection plugin (https://github.com/ansible/ansible/issues/82940).
- paramiko_ssh - removed deprecated ssh_extra_args from the paramiko_ssh \ 
connection plugin (https://github.com/ansible/ansible/issues/82941).
- play_context - remove deprecated PlayContext.verbosity property \ 
(https://github.com/ansible/ansible/issues/82945).
- utils/listify - remove deprecated 'loader' argument from \ 
listify_lookup_plugin_terms API \ 
(https://github.com/ansible/ansible/issues/82949).

Security Fixes
--------------

- include_vars action - Ensure that result masking is correctly requested when \ 
vault-encrypted files are read. (CVE-2024-8775)
- task result processing - Ensure that action-sourced result masking \ 
(``_ansible_no_log=True``) is preserved. (CVE-2024-8775)
- user action won't allow ssh-keygen, chown and chmod to run on existing ssh \ 
public key file, avoiding traversal on existing symlinks (CVE-2024-9902).