Updating of ansible-runner to 2.1.x

[whitfiea]

The current ansible-runner used in the operator image is 2.0.2 which has a known vulnerbility CVE-2021-4041 which is fixed in version 2.1.0 onwards. I can see the dependabot created this PR sometime ago to raise the version to 2.1.1: #6011

My question is, when will this PR be merged so that we can pickup the new operator-sdk image that resolves the vulnerbility?

[everettraven]

/unassign jmrodri

[balane3]

Is there any plan on when the operator image will have an updated version of ansible? There are a number of vulnerabilities that are fixed in later versions (e.g. CVE-2021-3701, CVE-2021-3583, CVE-2022-3697).

[openshift-bot]

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

[whitfiea]

/remove-lifecycle stale

[acornett21]

• Relates: update ansible operator #6483

[acornett21]

@everettraven I think you already resolved this.

[everettraven]

@acornett21 You're correct - thanks for following up on this! Closing it now.