Not sure if ansible-lint only supports the latest ansible version, or a range. In the latter case this should probably fall back to setting it again in < 2.19.

This (very likely) causes unwanted code execution, see #4643.

Hi @leegarrett, we're going to revert this change and release a patch fix because of #4643. If you could augment this change with a fix for the issue, that would be great. It appears there should be a version check, as you suggested in a comment originally.

I think the only proper fix is to stop evaluating Jinja2 expressions. This has always been problematic and dangerous (see #2681). Imagine a collection where one lookup deletes every file in your home folder. If the collection also contains a role that has a template expression somewhere that calls the lookup, running ansible-lint on that collection will wipe all your files. This is not something folks expect to happen when running a linter.

Also the core team seems to be completely unaware of ansible-lint using disable_lookups, since there is a comment Skipping a deferred deprecation due to no known usage outside ansible-core. next to where the deprecation is emitted. CC @nitzmahone

I'm fine with it being reverted. I however have no deeper knowledge on how to properly fix this and will pass on it. I just naively went with the 2.19 changelog, removed it, and gave it a quick test on my set of playbooks.

@leegarrett Thanks for the update, completely understood.
@felixfontein I see your point. We should have a deeper conversation on how to proceed on this. Can you open this as a discussion topic in this repo? Or open a new issue to discuss the broader topic? Instead of my fix in #4648, maybe we should just revert this change as mentioned above and decide where to go from there for 2.19 support.

@leegarrett We reverted this due to regression being detected. It will need to be redone with modifications to prevent that regression from happening.

I started a discussion here: #4652