Release 8.6.4.

[PR #8735/57e28e5a backport][stable-8] keycloak_identity_provider: get cleartext clientsecret (#8743 )
keycloak_identity_provider: get cleartext clientsecret (#8735) * get cleartext `clientSecret` from full realm info * add mock get_realm call to existing tests; add new no_change_when_present test * add changelog fragment * remove blank lines * Update changelog. --------- Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit 57e28e5a73) Co-authored-by: fgruenbauer <gruenbauer@b1-systems.de>
2026-04-28 09:26:44 +00:00 · 2024-08-12 08:54:45 +02:00 · 2024-08-12 08:07:00 +02:00 · 2024-08-12 08:06:41 +02:00 · 2024-08-12 08:06:29 +02:00 · 2024-08-12 08:06:09 +02:00
227 changed files with 7272 additions and 2261 deletions
--- a/.azure-pipelines/azure-pipelines.yml
+++ b/.azure-pipelines/azure-pipelines.yml
@@ -29,14 +29,14 @@ schedules:
    always: true
    branches:
      include:
+        - stable-9
        - stable-8
-        - stable-7
  - cron: 0 11 * * 0
    displayName: Weekly (old stable branches)
    always: true
    branches:
      include:
-        - stable-6
+        - stable-7

 variables:
  - name: checkoutPath
@@ -53,7 +53,7 @@ variables:
 resources:
  containers:
    - container: default
-      image: quay.io/ansible/azure-pipelines-test-container:4.0.1
+      image: quay.io/ansible/azure-pipelines-test-container:6.0.0

 pool: Standard

@@ -73,6 +73,19 @@ stages:
            - test: 3
            - test: 4
            - test: extra
+  - stage: Sanity_2_17
+    displayName: Sanity 2.17
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Test {0}
+          testFormat: 2.17/sanity/{0}
+          targets:
+            - test: 1
+            - test: 2
+            - test: 3
+            - test: 4
  - stage: Sanity_2_16
    displayName: Sanity 2.16
    dependsOn: []
@@ -99,19 +112,6 @@ stages:
            - test: 2
            - test: 3
            - test: 4
-  - stage: Sanity_2_14
-    displayName: Sanity 2.14
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Test {0}
-          testFormat: 2.14/sanity/{0}
-          targets:
-            - test: 1
-            - test: 2
-            - test: 3
-            - test: 4
 ### Units
  - stage: Units_devel
    displayName: Units devel
@@ -122,12 +122,23 @@ stages:
          nameFormat: Python {0}
          testFormat: devel/units/{0}/1
          targets:
-            - test: 3.7
            - test: 3.8
            - test: 3.9
            - test: '3.10'
            - test: '3.11'
            - test: '3.12'
+            - test: '3.13'
+  - stage: Units_2_17
+    displayName: Units 2.17
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: 2.17/units/{0}/1
+          targets:
+            - test: 3.7
+            - test: "3.12"
  - stage: Units_2_16
    displayName: Units 2.16
    dependsOn: []
@@ -151,16 +162,6 @@ stages:
          targets:
            - test: 3.5
            - test: "3.10"
-  - stage: Units_2_14
-    displayName: Units 2.14
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Python {0}
-          testFormat: 2.14/units/{0}/1
-          targets:
-            - test: 3.9

 ## Remote
  - stage: Remote_devel_extra_vms
@@ -171,12 +172,14 @@ stages:
        parameters:
          testFormat: devel/{0}
          targets:
-            - name: Alpine 3.18
-              test: alpine/3.18
-            # - name: Fedora 39
-            #   test: fedora/39
+            - name: Alpine 3.20
+              test: alpine/3.20
+            # - name: Fedora 40
+            #   test: fedora/40
            - name: Ubuntu 22.04
              test: ubuntu/22.04
+            - name: Ubuntu 24.04
+              test: ubuntu/24.04
          groups:
            - vm
  - stage: Remote_devel
@@ -187,12 +190,30 @@ stages:
        parameters:
          testFormat: devel/{0}
          targets:
-            - name: macOS 13.2
-              test: macos/13.2
+            - name: macOS 14.3
+              test: macos/14.3
+            - name: RHEL 9.4
+              test: rhel/9.4
+            - name: FreeBSD 14.1
+              test: freebsd/14.1
+          groups:
+            - 1
+            - 2
+            - 3
+  - stage: Remote_2_17
+    displayName: Remote 2.17
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.17/{0}
+          targets:
+            - name: FreeBSD 13.3
+              test: freebsd/13.3
            - name: RHEL 9.3
              test: rhel/9.3
-            - name: FreeBSD 13.2
-              test: freebsd/13.2
+            - name: FreeBSD 14.0
+              test: freebsd/14.0
          groups:
            - 1
            - 2
@@ -205,14 +226,14 @@ stages:
        parameters:
          testFormat: 2.16/{0}
          targets:
-            #- name: macOS 13.2
-            #  test: macos/13.2
+            - name: macOS 13.2
+              test: macos/13.2
            - name: RHEL 9.2
              test: rhel/9.2
            - name: RHEL 8.8
              test: rhel/8.8
-            #- name: FreeBSD 13.2
-            #  test: freebsd/13.2
+            # - name: FreeBSD 13.2
+            #   test: freebsd/13.2
          groups:
            - 1
            - 2
@@ -239,24 +260,6 @@ stages:
            - 1
            - 2
            - 3
-  - stage: Remote_2_14
-    displayName: Remote 2.14
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.14/{0}
-          targets:
-            #- name: macOS 12.0
-            #  test: macos/12.0
-            - name: RHEL 9.0
-              test: rhel/9.0
-            #- name: FreeBSD 12.4
-            #  test: freebsd/12.4
-          groups:
-            - 1
-            - 2
-            - 3

 ### Docker
  - stage: Docker_devel
@@ -267,14 +270,32 @@ stages:
        parameters:
          testFormat: devel/linux/{0}
          targets:
-            - name: Fedora 39
-              test: fedora39
-            - name: Ubuntu 20.04
-              test: ubuntu2004
+            - name: Fedora 40
+              test: fedora40
+            - name: Alpine 3.20
+              test: alpine320
            - name: Ubuntu 22.04
              test: ubuntu2204
-            - name: Alpine 3
-              test: alpine3
+            - name: Ubuntu 24.04
+              test: ubuntu2404
+          groups:
+            - 1
+            - 2
+            - 3
+  - stage: Docker_2_17
+    displayName: Docker 2.17
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.17/linux/{0}
+          targets:
+            - name: Fedora 39
+              test: fedora39
+            - name: Alpine 3.19
+              test: alpine319
+            - name: Ubuntu 20.04
+              test: ubuntu2004
          groups:
            - 1
            - 2
@@ -291,6 +312,8 @@ stages:
              test: fedora38
            - name: openSUSE 15
              test: opensuse15
+            - name: Alpine 3
+              test: alpine3
          groups:
            - 1
            - 2
@@ -311,20 +334,6 @@ stages:
            - 1
            - 2
            - 3
-  - stage: Docker_2_14
-    displayName: Docker 2.14
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.14/linux/{0}
-          targets:
-            - name: Alpine 3
-              test: alpine3
-          groups:
-            - 1
-            - 2
-            - 3

 ### Community Docker
  - stage: Docker_community_devel
@@ -340,7 +349,7 @@ stages:
            - name: Debian Bookworm
              test: debian-bookworm/3.11
            - name: ArchLinux
-              test: archlinux/3.11
+              test: archlinux/3.12
          groups:
            - 1
            - 2
@@ -355,6 +364,18 @@ stages:
        parameters:
          nameFormat: Python {0}
          testFormat: devel/generic/{0}/1
+          targets:
+            - test: '3.8'
+            - test: '3.11'
+            - test: '3.13'
+  - stage: Generic_2_17
+    displayName: Generic 2.17
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: 2.17/generic/{0}/1
          targets:
            - test: '3.7'
            - test: '3.12'
@@ -380,42 +401,32 @@ stages:
          testFormat: 2.15/generic/{0}/1
          targets:
            - test: '3.9'
-  - stage: Generic_2_14
-    displayName: Generic 2.14
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Python {0}
-          testFormat: 2.14/generic/{0}/1
-          targets:
-            - test: '3.10'

  - stage: Summary
    condition: succeededOrFailed()
    dependsOn:
      - Sanity_devel
+      - Sanity_2_17
      - Sanity_2_16
      - Sanity_2_15
-      - Sanity_2_14
      - Units_devel
+      - Units_2_17
      - Units_2_16
      - Units_2_15
-      - Units_2_14
      - Remote_devel_extra_vms
      - Remote_devel
+      - Remote_2_17
      - Remote_2_16
      - Remote_2_15
-      - Remote_2_14
      - Docker_devel
+      - Docker_2_17
      - Docker_2_16
      - Docker_2_15
-      - Docker_2_14
      - Docker_community_devel
 # Right now all generic tests are disabled. Uncomment when at least one of them is re-enabled.
 #      - Generic_devel
+#      - Generic_2_17
 #      - Generic_2_16
 #      - Generic_2_15
-#      - Generic_2_14
    jobs:
      - template: templates/coverage.yml
--- a/.github/BOTMETA.yml
+++ b/.github/BOTMETA.yml
@@ -265,7 +265,7 @@ files:
    labels: manifold
    maintainers: galanoff
  $lookups/merge_variables.py:
-    maintainers: rlenferink m-a-r-k-e
+    maintainers: rlenferink m-a-r-k-e alpex8
  $lookups/onepass:
    labels: onepassword
    maintainers: samdoran
@@ -780,6 +780,8 @@ files:
    maintainers: laurpaum
  $modules/keycloak_component_info.py:
    maintainers: desand01
+  $modules/keycloak_client_rolescope.py:
+    maintainers: desand01
  $modules/keycloak_user_rolemapping.py:
    maintainers: bratwurzt
  $modules/keycloak_realm_rolemapping.py:
@@ -1354,6 +1356,8 @@ files:
    maintainers: nate-kingsley
  $modules/urpmi.py:
    maintainers: pmakowski
+  $modules/usb_facts.py:
+    maintainers: maxopoly
  $modules/utm_:
    keywords: sophos utm
    maintainers: $team_e_spirit
@@ -1443,6 +1447,8 @@ files:
    ignore: matze
    labels: zypper
    maintainers: $team_suse
+  $plugin_utils/unsafe.py:
+    maintainers: felixfontein
  $tests/a_module.py:
    maintainers: felixfontein
  $tests/fqdn_valid.py:
@@ -1499,7 +1505,6 @@ macros:
  becomes: plugins/become
  caches: plugins/cache
  callbacks: plugins/callback
-  cliconfs: plugins/cliconf
  connections: plugins/connection
  doc_fragments: plugins/doc_fragments
  filters: plugins/filter
@@ -1507,7 +1512,7 @@ macros:
  lookups: plugins/lookup
  module_utils: plugins/module_utils
  modules: plugins/modules
-  terminals: plugins/terminal
+  plugin_utils: plugins/plugin_utils
  tests: plugins/test
  team_ansible_core:
  team_aix: MorrisA bcoca d-little flynn1973 gforster kairoaraujo marvin-sinister mator molekuul ramooncamacho wtcross
--- a/.github/workflows/ansible-test.yml
+++ b/.github/workflows/ansible-test.yml
@@ -30,6 +30,7 @@ jobs:
      matrix:
        ansible:
          - '2.13'
+          - '2.14'
    # Ansible-test on various stable branches does not yet work well with cgroups v2.
    # Since ubuntu-latest now uses Ubuntu 22.04, we need to fall back to the ubuntu-20.04
    # image for these stable branches. The list of branches where this is necessary will
@@ -41,6 +42,7 @@ jobs:
        uses: felixfontein/ansible-test-gh-action@main
        with:
          ansible-core-version: stable-${{ matrix.ansible }}
+          codecov-token: ${{ secrets.CODECOV_TOKEN }}
          coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }}
          pull-request-change-detection: 'true'
          testing-type: sanity
@@ -72,6 +74,8 @@ jobs:
            python: '2.7'
          - ansible: '2.13'
            python: '3.8'
+          - ansible: '2.14'
+            python: '3.9'

    steps:
      - name: >-
@@ -80,6 +84,7 @@ jobs:
        uses: felixfontein/ansible-test-gh-action@main
        with:
          ansible-core-version: stable-${{ matrix.ansible }}
+          codecov-token: ${{ secrets.CODECOV_TOKEN }}
          coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }}
          pre-test-cmd: >-
            mkdir -p ../../ansible
@@ -148,11 +153,29 @@ jobs:
            docker: alpine3
            python: ''
            target: azp/posix/3/
+          # 2.14
+          - ansible: '2.14'
+            docker: alpine3
+            python: ''
+            target: azp/posix/1/
+          - ansible: '2.14'
+            docker: alpine3
+            python: ''
+            target: azp/posix/2/
+          - ansible: '2.14'
+            docker: alpine3
+            python: ''
+            target: azp/posix/3/
          # Right now all generic tests are disabled. Uncomment when at least one of them is re-enabled.
          # - ansible: '2.13'
          #   docker: default
          #   python: '3.9'
          #   target: azp/generic/1/
+          # Right now all generic tests are disabled. Uncomment when at least one of them is re-enabled.
+          # - ansible: '2.14'
+          #   docker: default
+          #   python: '3.10'
+          #   target: azp/generic/1/

    steps:
      - name: >-
@@ -162,6 +185,7 @@ jobs:
        uses: felixfontein/ansible-test-gh-action@main
        with:
          ansible-core-version: stable-${{ matrix.ansible }}
+          codecov-token: ${{ secrets.CODECOV_TOKEN }}
          coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }}
          docker-image: ${{ matrix.docker }}
          integration-continue-on-error: 'false'
--- a/.github/workflows/reuse.yml
+++ b/.github/workflows/reuse.yml
@@ -27,4 +27,4 @@ jobs:
          ref: ${{ github.event.pull_request.head.sha || '' }}

      - name: REUSE Compliance Check
-        uses: fsfe/reuse-action@v2
+        uses: fsfe/reuse-action@v4
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,67 +1,285 @@
 # Community General Release Notes

 **Topics**
+
+- <a href="#v8-6-4">v8\.6\.4</a>
+    - <a href="#release-summary">Release Summary</a>
+    - <a href="#minor-changes">Minor Changes</a>
+    - <a href="#bugfixes">Bugfixes</a>
+- <a href="#v8-6-3">v8\.6\.3</a>
+    - <a href="#release-summary-1">Release Summary</a>
+    - <a href="#minor-changes-1">Minor Changes</a>
+    - <a href="#bugfixes-1">Bugfixes</a>
+- <a href="#v8-6-2">v8\.6\.2</a>
+    - <a href="#release-summary-2">Release Summary</a>
+    - <a href="#bugfixes-2">Bugfixes</a>
+    - <a href="#known-issues">Known Issues</a>
+- <a href="#v8-6-1">v8\.6\.1</a>
+    - <a href="#release-summary-3">Release Summary</a>
+    - <a href="#security-fixes">Security Fixes</a>
+    - <a href="#bugfixes-3">Bugfixes</a>
+- <a href="#v8-6-0">v8\.6\.0</a>
+    - <a href="#release-summary-4">Release Summary</a>
+    - <a href="#minor-changes-2">Minor Changes</a>
+    - <a href="#deprecated-features">Deprecated Features</a>
+    - <a href="#bugfixes-4">Bugfixes</a>
+    - <a href="#new-modules">New Modules</a>
+- <a href="#v8-5-0">v8\.5\.0</a>
+    - <a href="#release-summary-5">Release Summary</a>
+    - <a href="#minor-changes-3">Minor Changes</a>
+    - <a href="#security-fixes-1">Security Fixes</a>
+    - <a href="#bugfixes-5">Bugfixes</a>
+    - <a href="#new-modules-1">New Modules</a>
 - <a href="#v8-4-0">v8\.4\.0</a>
-  - <a href="#release-summary">Release Summary</a>
-  - <a href="#minor-changes">Minor Changes</a>
-  - <a href="#bugfixes">Bugfixes</a>
-  - <a href="#new-plugins">New Plugins</a>
-    - <a href="#callback">Callback</a>
-    - <a href="#filter">Filter</a>
-  - <a href="#new-modules">New Modules</a>
+    - <a href="#release-summary-6">Release Summary</a>
+    - <a href="#minor-changes-4">Minor Changes</a>
+    - <a href="#bugfixes-6">Bugfixes</a>
+    - <a href="#new-plugins">New Plugins</a>
+        - <a href="#callback">Callback</a>
+        - <a href="#filter">Filter</a>
+    - <a href="#new-modules-2">New Modules</a>
 - <a href="#v8-3-0">v8\.3\.0</a>
-  - <a href="#release-summary-1">Release Summary</a>
-  - <a href="#minor-changes-1">Minor Changes</a>
-  - <a href="#deprecated-features">Deprecated Features</a>
-  - <a href="#bugfixes-1">Bugfixes</a>
-  - <a href="#new-modules-1">New Modules</a>
+    - <a href="#release-summary-7">Release Summary</a>
+    - <a href="#minor-changes-5">Minor Changes</a>
+    - <a href="#deprecated-features-1">Deprecated Features</a>
+    - <a href="#bugfixes-7">Bugfixes</a>
+    - <a href="#new-modules-3">New Modules</a>
 - <a href="#v8-2-0">v8\.2\.0</a>
-  - <a href="#release-summary-2">Release Summary</a>
-  - <a href="#minor-changes-2">Minor Changes</a>
-  - <a href="#bugfixes-2">Bugfixes</a>
-  - <a href="#new-plugins-1">New Plugins</a>
-    - <a href="#connection">Connection</a>
-    - <a href="#filter-1">Filter</a>
-    - <a href="#lookup">Lookup</a>
-  - <a href="#new-modules-2">New Modules</a>
+    - <a href="#release-summary-8">Release Summary</a>
+    - <a href="#minor-changes-6">Minor Changes</a>
+    - <a href="#bugfixes-8">Bugfixes</a>
+    - <a href="#new-plugins-1">New Plugins</a>
+        - <a href="#connection">Connection</a>
+        - <a href="#filter-1">Filter</a>
+        - <a href="#lookup">Lookup</a>
+    - <a href="#new-modules-4">New Modules</a>
 - <a href="#v8-1-0">v8\.1\.0</a>
-  - <a href="#release-summary-3">Release Summary</a>
-  - <a href="#minor-changes-3">Minor Changes</a>
-  - <a href="#bugfixes-3">Bugfixes</a>
-  - <a href="#new-plugins-2">New Plugins</a>
-    - <a href="#lookup-1">Lookup</a>
-    - <a href="#test">Test</a>
-  - <a href="#new-modules-3">New Modules</a>
+    - <a href="#release-summary-9">Release Summary</a>
+    - <a href="#minor-changes-7">Minor Changes</a>
+    - <a href="#bugfixes-9">Bugfixes</a>
+    - <a href="#new-plugins-2">New Plugins</a>
+        - <a href="#lookup-1">Lookup</a>
+        - <a href="#test">Test</a>
+    - <a href="#new-modules-5">New Modules</a>
 - <a href="#v8-0-2">v8\.0\.2</a>
-  - <a href="#release-summary-4">Release Summary</a>
-  - <a href="#bugfixes-4">Bugfixes</a>
+    - <a href="#release-summary-10">Release Summary</a>
+    - <a href="#bugfixes-10">Bugfixes</a>
 - <a href="#v8-0-1">v8\.0\.1</a>
-  - <a href="#release-summary-5">Release Summary</a>
-  - <a href="#bugfixes-5">Bugfixes</a>
+    - <a href="#release-summary-11">Release Summary</a>
+    - <a href="#bugfixes-11">Bugfixes</a>
 - <a href="#v8-0-0">v8\.0\.0</a>
-  - <a href="#release-summary-6">Release Summary</a>
-  - <a href="#minor-changes-4">Minor Changes</a>
-  - <a href="#breaking-changes--porting-guide">Breaking Changes / Porting Guide</a>
-  - <a href="#deprecated-features-1">Deprecated Features</a>
-  - <a href="#removed-features-previously-deprecated">Removed Features \(previously deprecated\)</a>
-  - <a href="#bugfixes-6">Bugfixes</a>
-  - <a href="#known-issues">Known Issues</a>
-  - <a href="#new-plugins-3">New Plugins</a>
-    - <a href="#lookup-2">Lookup</a>
-  - <a href="#new-modules-4">New Modules</a>
+    - <a href="#release-summary-12">Release Summary</a>
+    - <a href="#minor-changes-8">Minor Changes</a>
+    - <a href="#breaking-changes--porting-guide">Breaking Changes / Porting Guide</a>
+    - <a href="#deprecated-features-2">Deprecated Features</a>
+    - <a href="#removed-features-previously-deprecated">Removed Features \(previously deprecated\)</a>
+    - <a href="#bugfixes-12">Bugfixes</a>
+    - <a href="#known-issues-1">Known Issues</a>
+    - <a href="#new-plugins-3">New Plugins</a>
+        - <a href="#lookup-2">Lookup</a>
+    - <a href="#new-modules-6">New Modules</a>
 This changelog describes changes after version 7\.0\.0\.

-<a id="v8-4-0"></a>
-## v8\.4\.0
+<a id="v8-6-4"></a>
+## v8\.6\.4

 <a id="release-summary"></a>
 ### Release Summary

-Regular bugfix and feature release\.
+Regular bugfix release\.

 <a id="minor-changes"></a>
 ### Minor Changes

+* passwordstore lookup plugin \- add the current user to the lockfile file name to address issues on multi\-user systems \([https\://github\.com/ansible\-collections/community\.general/pull/8689](https\://github\.com/ansible\-collections/community\.general/pull/8689)\)\.
+
+<a id="bugfixes"></a>
+### Bugfixes
+
+* gitlab\_runner \- fix <code>paused</code> parameter being ignored \([https\://github\.com/ansible\-collections/community\.general/pull/8648](https\://github\.com/ansible\-collections/community\.general/pull/8648)\)\.
+* homebrew\_cask \- fix <code>upgrade\_all</code> returns <code>changed</code> when nothing upgraded \([https\://github\.com/ansible\-collections/community\.general/issues/8707](https\://github\.com/ansible\-collections/community\.general/issues/8707)\, [https\://github\.com/ansible\-collections/community\.general/pull/8708](https\://github\.com/ansible\-collections/community\.general/pull/8708)\)\.
+* keycloak\_user\_federation \- get cleartext IDP <code>clientSecret</code> from full realm info to detect changes to it \([https\://github\.com/ansible\-collections/community\.general/issues/8294](https\://github\.com/ansible\-collections/community\.general/issues/8294)\, [https\://github\.com/ansible\-collections/community\.general/pull/8735](https\://github\.com/ansible\-collections/community\.general/pull/8735)\)\.
+* keycloak\_user\_federation \- remove existing user federation mappers if they are not present in the federation configuration and will not be updated \([https\://github\.com/ansible\-collections/community\.general/issues/7169](https\://github\.com/ansible\-collections/community\.general/issues/7169)\, [https\://github\.com/ansible\-collections/community\.general/pull/8695](https\://github\.com/ansible\-collections/community\.general/pull/8695)\)\.
+
+<a id="v8-6-3"></a>
+## v8\.6\.3
+
+<a id="release-summary-1"></a>
+### Release Summary
+
+Regular bugfix release\.
+
+<a id="minor-changes-1"></a>
+### Minor Changes
+
+* wdc\_redfish\_command \- minor change to handle upgrade file for Redfish WD platforms \([https\://github\.com/ansible\-collections/community\.general/pull/8444](https\://github\.com/ansible\-collections/community\.general/pull/8444)\)\.
+
+<a id="bugfixes-1"></a>
+### Bugfixes
+
+* bitwarden lookup plugin \- fix <code>KeyError</code> in <code>search\_field</code> \([https\://github\.com/ansible\-collections/community\.general/issues/8549](https\://github\.com/ansible\-collections/community\.general/issues/8549)\, [https\://github\.com/ansible\-collections/community\.general/pull/8557](https\://github\.com/ansible\-collections/community\.general/pull/8557)\)\.
+* keycloak\_clientscope \- remove IDs from clientscope and its protocol mappers on comparison for changed check \([https\://github\.com/ansible\-collections/community\.general/pull/8545](https\://github\.com/ansible\-collections/community\.general/pull/8545)\)\.
+* nsupdate \- fix \'index out of range\' error when changing NS records by falling back to authority section of the response \([https\://github\.com/ansible\-collections/community\.general/issues/8612](https\://github\.com/ansible\-collections/community\.general/issues/8612)\, [https\://github\.com/ansible\-collections/community\.general/pull/8614](https\://github\.com/ansible\-collections/community\.general/pull/8614)\)\.
+* redfish\_utils module utils \- do not fail when language is not exactly \"en\" \([https\://github\.com/ansible\-collections/community\.general/pull/8613](https\://github\.com/ansible\-collections/community\.general/pull/8613)\)\.
+
+<a id="v8-6-2"></a>
+## v8\.6\.2
+
+<a id="release-summary-2"></a>
+### Release Summary
+
+Regular bugfix release\.
+
+<a id="bugfixes-2"></a>
+### Bugfixes
+
+* git\_config \- fix behavior of <code>state\=absent</code> if <code>value</code> is present \([https\://github\.com/ansible\-collections/community\.general/issues/8436](https\://github\.com/ansible\-collections/community\.general/issues/8436)\, [https\://github\.com/ansible\-collections/community\.general/pull/8452](https\://github\.com/ansible\-collections/community\.general/pull/8452)\)\.
+* homebrew \- do not fail when brew prints warnings \([https\://github\.com/ansible\-collections/community\.general/pull/8406](https\://github\.com/ansible\-collections/community\.general/pull/8406)\, [https\://github\.com/ansible\-collections/community\.general/issues/7044](https\://github\.com/ansible\-collections/community\.general/issues/7044)\)\.
+* keycloak\_client \- fix TypeError when sanitizing the <code>saml\.signing\.private\.key</code> attribute in the module\'s diff or state output\. The <code>sanitize\_cr</code> function expected a dict where in some cases a list might occur \([https\://github\.com/ansible\-collections/community\.general/pull/8403](https\://github\.com/ansible\-collections/community\.general/pull/8403)\)\.
+* keycloak\_realm \- add normalizations for <code>attributes</code> and <code>protocol\_mappers</code> \([https\://github\.com/ansible\-collections/community\.general/pull/8496](https\://github\.com/ansible\-collections/community\.general/pull/8496)\)\.
+* launched \- correctly report changed status in check mode \([https\://github\.com/ansible\-collections/community\.general/pull/8406](https\://github\.com/ansible\-collections/community\.general/pull/8406)\)\.
+* opennebula inventory plugin \- fix invalid reference to IP when inventory runs against NICs with no IPv4 address \([https\://github\.com/ansible\-collections/community\.general/pull/8489](https\://github\.com/ansible\-collections/community\.general/pull/8489)\)\.
+* opentelemetry callback \- do not save the JSON response when using the <code>ansible\.builtin\.uri</code> module \([https\://github\.com/ansible\-collections/community\.general/pull/8430](https\://github\.com/ansible\-collections/community\.general/pull/8430)\)\.
+* opentelemetry callback \- do not save the content response when using the <code>ansible\.builtin\.slurp</code> module \([https\://github\.com/ansible\-collections/community\.general/pull/8430](https\://github\.com/ansible\-collections/community\.general/pull/8430)\)\.
+* paman \- do not fail if an empty list of packages has been provided and there is nothing to do \([https\://github\.com/ansible\-collections/community\.general/pull/8514](https\://github\.com/ansible\-collections/community\.general/pull/8514)\)\.
+
+<a id="known-issues"></a>
+### Known Issues
+
+* homectl \- the module does not work under Python 3\.13 or newer\, since it relies on the removed <code>crypt</code> standard library module \([https\://github\.com/ansible\-collections/community\.general/issues/4691](https\://github\.com/ansible\-collections/community\.general/issues/4691)\, [https\://github\.com/ansible\-collections/community\.general/pull/8497](https\://github\.com/ansible\-collections/community\.general/pull/8497)\)\.
+* udm\_user \- the module does not work under Python 3\.13 or newer\, since it relies on the removed <code>crypt</code> standard library module \([https\://github\.com/ansible\-collections/community\.general/issues/4690](https\://github\.com/ansible\-collections/community\.general/issues/4690)\, [https\://github\.com/ansible\-collections/community\.general/pull/8497](https\://github\.com/ansible\-collections/community\.general/pull/8497)\)\.
+
+<a id="v8-6-1"></a>
+## v8\.6\.1
+
+<a id="release-summary-3"></a>
+### Release Summary
+
+Regular bugfix release\.
+
+<a id="security-fixes"></a>
+### Security Fixes
+
+* keycloak\_identity\_provider \- the client secret was not correctly sanitized by the module\. The return values <code>proposed</code>\, <code>existing</code>\, and <code>end\_state</code>\, as well as the diff\, did contain the client secret unmasked \([https\://github\.com/ansible\-collections/community\.general/pull/8355](https\://github\.com/ansible\-collections/community\.general/pull/8355)\)\.
+
+<a id="bugfixes-3"></a>
+### Bugfixes
+
+* keycloak\_user\_federation \- fix diff of empty <code>krbPrincipalAttribute</code> \([https\://github\.com/ansible\-collections/community\.general/pull/8320](https\://github\.com/ansible\-collections/community\.general/pull/8320)\)\.
+* merge\_variables lookup plugin \- fixing cross host merge\: providing access to foreign hosts variables to the perspective of the host that is performing the merge \([https\://github\.com/ansible\-collections/community\.general/pull/8303](https\://github\.com/ansible\-collections/community\.general/pull/8303)\)\.
+* opentelemetry callback plugin \- close spans always \([https\://github\.com/ansible\-collections/community\.general/pull/8367](https\://github\.com/ansible\-collections/community\.general/pull/8367)\)\.
+* opentelemetry callback plugin \- honour the <code>disable\_logs</code> option to avoid storing task results since they are not used regardless \([https\://github\.com/ansible\-collections/community\.general/pull/8373](https\://github\.com/ansible\-collections/community\.general/pull/8373)\)\.
+
+<a id="v8-6-0"></a>
+## v8\.6\.0
+
+<a id="release-summary-4"></a>
+### Release Summary
+
+Regular bugfix and features release\.
+
+<a id="minor-changes-2"></a>
+### Minor Changes
+
+* Use offset\-aware <code>datetime\.datetime</code> objects \(with timezone UTC\) instead of offset\-naive UTC timestamps\, which are deprecated in Python 3\.12 \([https\://github\.com/ansible\-collections/community\.general/pull/8222](https\://github\.com/ansible\-collections/community\.general/pull/8222)\)\.
+* apt\_rpm \- add new states <code>latest</code> and <code>present\_not\_latest</code>\. The value <code>latest</code> is equivalent to the current behavior of <code>present</code>\, which will upgrade a package if a newer version exists\. <code>present\_not\_latest</code> does what most users would expect <code>present</code> to do\: it does not upgrade if the package is already installed\. The current behavior of <code>present</code> will be deprecated in a later version\, and eventually changed to that of <code>present\_not\_latest</code> \([https\://github\.com/ansible\-collections/community\.general/issues/8217](https\://github\.com/ansible\-collections/community\.general/issues/8217)\, [https\://github\.com/ansible\-collections/community\.general/pull/8247](https\://github\.com/ansible\-collections/community\.general/pull/8247)\)\.
+* bitwarden lookup plugin \- add support to filter by organization ID \([https\://github\.com/ansible\-collections/community\.general/pull/8188](https\://github\.com/ansible\-collections/community\.general/pull/8188)\)\.
+* filesystem \- add bcachefs support \([https\://github\.com/ansible\-collections/community\.general/pull/8126](https\://github\.com/ansible\-collections/community\.general/pull/8126)\)\.
+* ini\_file \- add an optional parameter <code>section\_has\_values</code>\. If the target ini file contains more than one <code>section</code>\, use <code>section\_has\_values</code> to specify which one should be updated \([https\://github\.com/ansible\-collections/community\.general/pull/7505](https\://github\.com/ansible\-collections/community\.general/pull/7505)\)\.
+* java\_cert \- add <code>cert\_content</code> argument \([https\://github\.com/ansible\-collections/community\.general/pull/8153](https\://github\.com/ansible\-collections/community\.general/pull/8153)\)\.
+* keycloak\_client\, keycloak\_clientscope\, keycloak\_clienttemplate \- added <code>docker\-v2</code> protocol support\, enhancing alignment with Keycloak\'s protocol options \([https\://github\.com/ansible\-collections/community\.general/issues/8215](https\://github\.com/ansible\-collections/community\.general/issues/8215)\, [https\://github\.com/ansible\-collections/community\.general/pull/8216](https\://github\.com/ansible\-collections/community\.general/pull/8216)\)\.
+* nmcli \- adds OpenvSwitch support with new <code>type</code> values <code>ovs\-port</code>\, <code>ovs\-interface</code>\, and <code>ovs\-bridge</code>\, and new <code>slave\_type</code> value <code>ovs\-port</code> \([https\://github\.com/ansible\-collections/community\.general/pull/8154](https\://github\.com/ansible\-collections/community\.general/pull/8154)\)\.
+* osx\_defaults \- add option <code>check\_types</code> to enable changing the type of existing defaults on the fly \([https\://github\.com/ansible\-collections/community\.general/pull/8173](https\://github\.com/ansible\-collections/community\.general/pull/8173)\)\.
+* passwordstore lookup \- add <code>missing\_subkey</code> parameter defining the behavior of the lookup when a passwordstore subkey is missing \([https\://github\.com/ansible\-collections/community\.general/pull/8166](https\://github\.com/ansible\-collections/community\.general/pull/8166)\)\.
+* portage \- adds the possibility to explicitely tell portage to write packages to world file \([https\://github\.com/ansible\-collections/community\.general/issues/6226](https\://github\.com/ansible\-collections/community\.general/issues/6226)\, [https\://github\.com/ansible\-collections/community\.general/pull/8236](https\://github\.com/ansible\-collections/community\.general/pull/8236)\)\.
+* redfish\_command \- add command <code>ResetToDefaults</code> to reset manager to default state \([https\://github\.com/ansible\-collections/community\.general/issues/8163](https\://github\.com/ansible\-collections/community\.general/issues/8163)\)\.
+* redfish\_info \- add boolean return value <code>MultipartHttpPush</code> to <code>GetFirmwareUpdateCapabilities</code> \([https\://github\.com/ansible\-collections/community\.general/issues/8194](https\://github\.com/ansible\-collections/community\.general/issues/8194)\, [https\://github\.com/ansible\-collections/community\.general/pull/8195](https\://github\.com/ansible\-collections/community\.general/pull/8195)\)\.
+* ssh\_config \- allow <code>accept\-new</code> as valid value for <code>strict\_host\_key\_checking</code> \([https\://github\.com/ansible\-collections/community\.general/pull/8257](https\://github\.com/ansible\-collections/community\.general/pull/8257)\)\.
+
+<a id="deprecated-features"></a>
+### Deprecated Features
+
+* hipchat callback plugin \- the hipchat service has been discontinued and the self\-hosted variant has been End of Life since 2020\. The callback plugin is therefore deprecated and will be removed from community\.general 10\.0\.0 if nobody provides compelling reasons to still keep it \([https\://github\.com/ansible\-collections/community\.general/issues/8184](https\://github\.com/ansible\-collections/community\.general/issues/8184)\, [https\://github\.com/ansible\-collections/community\.general/pull/8189](https\://github\.com/ansible\-collections/community\.general/pull/8189)\)\.
+
+<a id="bugfixes-4"></a>
+### Bugfixes
+
+* aix\_filesystem \- fix <code>\_validate\_vg</code> not passing VG name to <code>lsvg\_cmd</code> \([https\://github\.com/ansible\-collections/community\.general/issues/8151](https\://github\.com/ansible\-collections/community\.general/issues/8151)\)\.
+* apt\_rpm \- when checking whether packages were installed after running <code>apt\-get \-y install \<packages\></code>\, only the last package name was checked \([https\://github\.com/ansible\-collections/community\.general/pull/8263](https\://github\.com/ansible\-collections/community\.general/pull/8263)\)\.
+* bitwarden\_secrets\_manager lookup plugin \- implements retry with exponential backoff to avoid lookup errors when Bitwardn\'s API rate limiting is encountered \([https\://github\.com/ansible\-collections/community\.general/issues/8230](https\://github\.com/ansible\-collections/community\.general/issues/8230)\, [https\://github\.com/ansible\-collections/community\.general/pull/8238](https\://github\.com/ansible\-collections/community\.general/pull/8238)\)\.
+* from\_ini filter plugin \- disabling interpolation of <code>ConfigParser</code> to allow converting values with a <code>\%</code> sign \([https\://github\.com/ansible\-collections/community\.general/issues/8183](https\://github\.com/ansible\-collections/community\.general/issues/8183)\, [https\://github\.com/ansible\-collections/community\.general/pull/8185](https\://github\.com/ansible\-collections/community\.general/pull/8185)\)\.
+* gitlab\_issue\, gitlab\_label\, gitlab\_milestone \- avoid crash during version comparison when the python\-gitlab Python module is not installed \([https\://github\.com/ansible\-collections/community\.general/pull/8158](https\://github\.com/ansible\-collections/community\.general/pull/8158)\)\.
+* haproxy \- fix an issue where HAProxy could get stuck in DRAIN mode when the backend was unreachable \([https\://github\.com/ansible\-collections/community\.general/issues/8092](https\://github\.com/ansible\-collections/community\.general/issues/8092)\)\.
+* inventory plugins \- add unsafe wrapper to avoid marking strings that do not contain <code>\{</code> or <code>\}</code> as unsafe\, to work around a bug in AWX \(\([https\://github\.com/ansible\-collections/community\.general/issues/8212](https\://github\.com/ansible\-collections/community\.general/issues/8212)\, [https\://github\.com/ansible\-collections/community\.general/pull/8225](https\://github\.com/ansible\-collections/community\.general/pull/8225)\)\.
+* ipa \- fix get version regex in IPA module\_utils \([https\://github\.com/ansible\-collections/community\.general/pull/8175](https\://github\.com/ansible\-collections/community\.general/pull/8175)\)\.
+* keycloak\_client \- add sorted <code>defaultClientScopes</code> and <code>optionalClientScopes</code> to normalizations \([https\://github\.com/ansible\-collections/community\.general/pull/8223](https\://github\.com/ansible\-collections/community\.general/pull/8223)\)\.
+* keycloak\_realm \- add normalizations for <code>enabledEventTypes</code> and <code>supportedLocales</code> \([https\://github\.com/ansible\-collections/community\.general/pull/8224](https\://github\.com/ansible\-collections/community\.general/pull/8224)\)\.
+* puppet \- add option <code>environment\_lang</code> to set the environment language encoding\. Defaults to lang <code>C</code>\. It is recommended to set it to <code>C\.UTF\-8</code> or <code>en\_US\.UTF\-8</code> depending on what is available on your system\. \([https\://github\.com/ansible\-collections/community\.general/issues/8000](https\://github\.com/ansible\-collections/community\.general/issues/8000)\)
+* riak \- support <code>riak admin</code> sub\-command in newer Riak KV versions beside the legacy <code>riak\-admin</code> main command \([https\://github\.com/ansible\-collections/community\.general/pull/8211](https\://github\.com/ansible\-collections/community\.general/pull/8211)\)\.
+* to\_ini filter plugin \- disabling interpolation of <code>ConfigParser</code> to allow converting values with a <code>\%</code> sign \([https\://github\.com/ansible\-collections/community\.general/issues/8183](https\://github\.com/ansible\-collections/community\.general/issues/8183)\, [https\://github\.com/ansible\-collections/community\.general/pull/8185](https\://github\.com/ansible\-collections/community\.general/pull/8185)\)\.
+* xml \- make module work with lxml 5\.1\.1\, which removed some internals that the module was relying on \([https\://github\.com/ansible\-collections/community\.general/pull/8169](https\://github\.com/ansible\-collections/community\.general/pull/8169)\)\.
+
+<a id="new-modules"></a>
+### New Modules
+
+* community\.general\.keycloak\_client\_rolescope \- Allows administration of Keycloak client roles scope to restrict the usage of certain roles to a other specific client applications\.
+
+<a id="v8-5-0"></a>
+## v8\.5\.0
+
+<a id="release-summary-5"></a>
+### Release Summary
+
+Regular feature and bugfix release with security fixes\.
+
+<a id="minor-changes-3"></a>
+### Minor Changes
+
+* bitwarden lookup plugin \- allows to fetch all records of a given collection ID\, by allowing to pass an empty value for <code>search\_value</code> when <code>collection\_id</code> is provided \([https\://github\.com/ansible\-collections/community\.general/pull/8013](https\://github\.com/ansible\-collections/community\.general/pull/8013)\)\.
+* icinga2 inventory plugin \- adds new parameter <code>group\_by\_hostgroups</code> in order to make grouping by Icinga2 hostgroups optional \([https\://github\.com/ansible\-collections/community\.general/pull/7998](https\://github\.com/ansible\-collections/community\.general/pull/7998)\)\.
+* ini\_file \- support optional spaces between section names and their surrounding brackets \([https\://github\.com/ansible\-collections/community\.general/pull/8075](https\://github\.com/ansible\-collections/community\.general/pull/8075)\)\.
+* java\_cert \- enable <code>owner</code>\, <code>group</code>\, <code>mode</code>\, and other generic file arguments \([https\://github\.com/ansible\-collections/community\.general/pull/8116](https\://github\.com/ansible\-collections/community\.general/pull/8116)\)\.
+* ldap\_attrs \- module now supports diff mode\, showing which attributes are changed within an operation \([https\://github\.com/ansible\-collections/community\.general/pull/8073](https\://github\.com/ansible\-collections/community\.general/pull/8073)\)\.
+* lxd\_container \- uses <code>/1\.0/instances</code> API endpoint\, if available\. Falls back to <code>/1\.0/containers</code> or <code>/1\.0/virtual\-machines</code>\. Fixes issue when using Incus or LXD 5\.19 due to migrating to <code>/1\.0/instances</code> endpoint \([https\://github\.com/ansible\-collections/community\.general/pull/7980](https\://github\.com/ansible\-collections/community\.general/pull/7980)\)\.
+* nmcli \- allow setting <code>MTU</code> for <code>bond\-slave</code> interface types \([https\://github\.com/ansible\-collections/community\.general/pull/8118](https\://github\.com/ansible\-collections/community\.general/pull/8118)\)\.
+* proxmox \- adds <code>startup</code> parameters to configure startup order\, startup delay and shutdown delay \([https\://github\.com/ansible\-collections/community\.general/pull/8038](https\://github\.com/ansible\-collections/community\.general/pull/8038)\)\.
+* revbitspss lookup plugin \- removed a redundant unicode prefix\. The prefix was not necessary for Python 3 and has been cleaned up to streamline the code \([https\://github\.com/ansible\-collections/community\.general/pull/8087](https\://github\.com/ansible\-collections/community\.general/pull/8087)\)\.
+
+<a id="security-fixes-1"></a>
+### Security Fixes
+
+* cobbler\, gitlab\_runners\, icinga2\, linode\, lxd\, nmap\, online\, opennebula\, proxmox\, scaleway\, stackpath\_compute\, virtualbox\, and xen\_orchestra inventory plugin \- make sure all data received from the remote servers is marked as unsafe\, so remote code execution by obtaining texts that can be evaluated as templates is not possible \([https\://www\.die\-welt\.net/2024/03/remote\-code\-execution\-in\-ansible\-dynamic\-inventory\-plugins/](https\://www\.die\-welt\.net/2024/03/remote\-code\-execution\-in\-ansible\-dynamic\-inventory\-plugins/)\, [https\://github\.com/ansible\-collections/community\.general/pull/8098](https\://github\.com/ansible\-collections/community\.general/pull/8098)\)\.
+
+<a id="bugfixes-5"></a>
+### Bugfixes
+
+* aix\_filesystem \- fix issue with empty list items in crfs logic and option order \([https\://github\.com/ansible\-collections/community\.general/pull/8052](https\://github\.com/ansible\-collections/community\.general/pull/8052)\)\.
+* consul\_token \- fix token creation without <code>accessor\_id</code> \([https\://github\.com/ansible\-collections/community\.general/pull/8091](https\://github\.com/ansible\-collections/community\.general/pull/8091)\)\.
+* homebrew \- error returned from brew command was ignored and tried to parse empty JSON\. Fix now checks for an error and raises it to give accurate error message to users \([https\://github\.com/ansible\-collections/community\.general/issues/8047](https\://github\.com/ansible\-collections/community\.general/issues/8047)\)\.
+* ipa\_hbacrule \- the module uses a string for <code>ipaenabledflag</code> for new FreeIPA versions while the returned value is a boolean \([https\://github\.com/ansible\-collections/community\.general/pull/7880](https\://github\.com/ansible\-collections/community\.general/pull/7880)\)\.
+* ipa\_sudorule \- the module uses a string for <code>ipaenabledflag</code> for new FreeIPA versions while the returned value is a boolean \([https\://github\.com/ansible\-collections/community\.general/pull/7880](https\://github\.com/ansible\-collections/community\.general/pull/7880)\)\.
+* iptables\_state \- fix idempotency issues when restoring incomplete iptables dumps \([https\://github\.com/ansible\-collections/community\.general/issues/8029](https\://github\.com/ansible\-collections/community\.general/issues/8029)\)\.
+* linode inventory plugin \- add descriptive error message for linode inventory plugin \([https\://github\.com/ansible\-collections/community\.general/pull/8133](https\://github\.com/ansible\-collections/community\.general/pull/8133)\)\.
+* pacemaker\_cluster \- actually implement check mode\, which the module claims to support\. This means that until now the module also did changes in check mode \([https\://github\.com/ansible\-collections/community\.general/pull/8081](https\://github\.com/ansible\-collections/community\.general/pull/8081)\)\.
+* pam\_limits \- when the file does not exist\, do not create it in check mode \([https\://github\.com/ansible\-collections/community\.general/issues/8050](https\://github\.com/ansible\-collections/community\.general/issues/8050)\, [https\://github\.com/ansible\-collections/community\.general/pull/8057](https\://github\.com/ansible\-collections/community\.general/pull/8057)\)\.
+* proxmox\_kvm \- fixed status check getting from node\-specific API endpoint \([https\://github\.com/ansible\-collections/community\.general/issues/7817](https\://github\.com/ansible\-collections/community\.general/issues/7817)\)\.
+
+<a id="new-modules-1"></a>
+### New Modules
+
+* community\.general\.usb\_facts \- Allows listing information about USB devices
+
+<a id="v8-4-0"></a>
+## v8\.4\.0
+
+<a id="release-summary-6"></a>
+### Release Summary
+
+Regular bugfix and feature release\.
+
+<a id="minor-changes-4"></a>
+### Minor Changes
+
 * bitwarden lookup plugin \- add <code>bw\_session</code> option\, to pass session key instead of reading from env \([https\://github\.com/ansible\-collections/community\.general/pull/7994](https\://github\.com/ansible\-collections/community\.general/pull/7994)\)\.
 * gitlab\_deploy\_key\, gitlab\_group\_members\, gitlab\_group\_variable\, gitlab\_hook\, gitlab\_instance\_variable\, gitlab\_project\_badge\, gitlab\_project\_variable\, gitlab\_user \- improve API pagination and compatibility with different versions of <code>python\-gitlab</code> \([https\://github\.com/ansible\-collections/community\.general/pull/7790](https\://github\.com/ansible\-collections/community\.general/pull/7790)\)\.
 * gitlab\_hook \- adds <code>releases\_events</code> parameter for supporting Releases events triggers on GitLab hooks \([https\://github\.com/ansible\-collections/community\.general/pull/7956](https\://github\.com/ansible\-collections/community\.general/pull/7956)\)\.
@@ -72,7 +290,7 @@ Regular bugfix and feature release\.
 * sudoers \- add support for the <code>NOEXEC</code> tag in sudoers rules \([https\://github\.com/ansible\-collections/community\.general/pull/7983](https\://github\.com/ansible\-collections/community\.general/pull/7983)\)\.
 * terraform \- fix <code>diff\_mode</code> in state <code>absent</code> and when terraform <code>resource\_changes</code> does not exist \([https\://github\.com/ansible\-collections/community\.general/pull/7963](https\://github\.com/ansible\-collections/community\.general/pull/7963)\)\.

-<a id="bugfixes"></a>
+<a id="bugfixes-6"></a>
 ### Bugfixes

 * cargo \- fix idempotency issues when using a custom installation path for packages \(using the <code>\-\-path</code> parameter\)\. The initial installation runs fine\, but subsequent runs use the <code>get\_installed\(\)</code> function which did not check the given installation location\, before running <code>cargo install</code>\. This resulted in a false <code>changed</code> state\. Also the removal of packeges using <code>state\: absent</code> failed\, as the installation check did not use the given parameter \([https\://github\.com/ansible\-collections/community\.general/pull/7970](https\://github\.com/ansible\-collections/community\.general/pull/7970)\)\.
@@ -91,31 +309,31 @@ Regular bugfix and feature release\.
 <a id="callback"></a>
 #### Callback

-* default\_without\_diff \- The default ansible callback without diff output
+* community\.general\.default\_without\_diff \- The default ansible callback without diff output

 <a id="filter"></a>
 #### Filter

-* lists\_difference \- Difference of lists with a predictive order
-* lists\_intersect \- Intersection of lists with a predictive order
-* lists\_symmetric\_difference \- Symmetric Difference of lists with a predictive order
-* lists\_union \- Union of lists with a predictive order
+* community\.general\.lists\_difference \- Difference of lists with a predictive order
+* community\.general\.lists\_intersect \- Intersection of lists with a predictive order
+* community\.general\.lists\_symmetric\_difference \- Symmetric Difference of lists with a predictive order
+* community\.general\.lists\_union \- Union of lists with a predictive order

-<a id="new-modules"></a>
+<a id="new-modules-2"></a>
 ### New Modules

-* gitlab\_group\_access\_token \- Manages GitLab group access tokens
-* gitlab\_project\_access\_token \- Manages GitLab project access tokens
+* community\.general\.gitlab\_group\_access\_token \- Manages GitLab group access tokens
+* community\.general\.gitlab\_project\_access\_token \- Manages GitLab project access tokens

 <a id="v8-3-0"></a>
 ## v8\.3\.0

-<a id="release-summary-1"></a>
+<a id="release-summary-7"></a>
 ### Release Summary

 Regular bugfix and feature release\.

-<a id="minor-changes-1"></a>
+<a id="minor-changes-5"></a>
 ### Minor Changes

 * consul\_auth\_method\, consul\_binding\_rule\, consul\_policy\, consul\_role\, consul\_session\, consul\_token \- added action group <code>community\.general\.consul</code> \([https\://github\.com/ansible\-collections/community\.general/pull/7897](https\://github\.com/ansible\-collections/community\.general/pull/7897)\)\.
@@ -128,12 +346,12 @@ Regular bugfix and feature release\.
 * redfish\_info \- add command <code>GetServiceIdentification</code> to get service identification \([https\://github\.com/ansible\-collections/community\.general/issues/7882](https\://github\.com/ansible\-collections/community\.general/issues/7882)\)\.
 * terraform \- add support for <code>diff\_mode</code> for terraform resource\_changes \([https\://github\.com/ansible\-collections/community\.general/pull/7896](https\://github\.com/ansible\-collections/community\.general/pull/7896)\)\.

-<a id="deprecated-features"></a>
+<a id="deprecated-features-1"></a>
 ### Deprecated Features

 * consul\_acl \- the module has been deprecated and will be removed in community\.general 10\.0\.0\. <code>consul\_token</code> and <code>consul\_policy</code> can be used instead \([https\://github\.com/ansible\-collections/community\.general/pull/7901](https\://github\.com/ansible\-collections/community\.general/pull/7901)\)\.

-<a id="bugfixes-1"></a>
+<a id="bugfixes-7"></a>
 ### Bugfixes

 * homebrew \- detect already installed formulae and casks using JSON output from <code>brew info</code> \([https\://github\.com/ansible\-collections/community\.general/issues/864](https\://github\.com/ansible\-collections/community\.general/issues/864)\)\.
@@ -144,25 +362,25 @@ Regular bugfix and feature release\.
 * nmcli \- fix <code>connection\.slave\-type</code> wired to <code>bond</code> and not with parameter <code>slave\_type</code> in case of connection type <code>wifi</code> \([https\://github\.com/ansible\-collections/community\.general/issues/7389](https\://github\.com/ansible\-collections/community\.general/issues/7389)\)\.
 * proxmox \- fix updating a container config if the setting does not already exist \([https\://github\.com/ansible\-collections/community\.general/pull/7872](https\://github\.com/ansible\-collections/community\.general/pull/7872)\)\.

-<a id="new-modules-1"></a>
+<a id="new-modules-3"></a>
 ### New Modules

-* consul\_acl\_bootstrap \- Bootstrap ACLs in Consul
-* consul\_auth\_method \- Manipulate Consul auth methods
-* consul\_binding\_rule \- Manipulate Consul binding rules
-* consul\_token \- Manipulate Consul tokens
-* gitlab\_label \- Creates/updates/deletes GitLab Labels belonging to project or group\.
-* gitlab\_milestone \- Creates/updates/deletes GitLab Milestones belonging to project or group
+* community\.general\.consul\_acl\_bootstrap \- Bootstrap ACLs in Consul
+* community\.general\.consul\_auth\_method \- Manipulate Consul auth methods
+* community\.general\.consul\_binding\_rule \- Manipulate Consul binding rules
+* community\.general\.consul\_token \- Manipulate Consul tokens
+* community\.general\.gitlab\_label \- Creates/updates/deletes GitLab Labels belonging to project or group\.
+* community\.general\.gitlab\_milestone \- Creates/updates/deletes GitLab Milestones belonging to project or group

 <a id="v8-2-0"></a>
 ## v8\.2\.0

-<a id="release-summary-2"></a>
+<a id="release-summary-8"></a>
 ### Release Summary

 Regular bugfix and feature release\.

-<a id="minor-changes-2"></a>
+<a id="minor-changes-6"></a>
 ### Minor Changes

 * ipa\_dnsrecord \- adds ability to manage NS record types \([https\://github\.com/ansible\-collections/community\.general/pull/7737](https\://github\.com/ansible\-collections/community\.general/pull/7737)\)\.
@@ -178,7 +396,7 @@ Regular bugfix and feature release\.
 * ssh\_config \- new feature to set <code>IdentitiesOnly</code> option to <code>yes</code> or <code>no</code> \([https\://github\.com/ansible\-collections/community\.general/pull/7704](https\://github\.com/ansible\-collections/community\.general/pull/7704)\)\.
 * xcc\_redfish\_command \- added support for raw POSTs \(<code>command\=PostResource</code> in <code>category\=Raw</code>\) without a specific action info \([https\://github\.com/ansible\-collections/community\.general/pull/7746](https\://github\.com/ansible\-collections/community\.general/pull/7746)\)\.

-<a id="bugfixes-2"></a>
+<a id="bugfixes-8"></a>
 ### Bugfixes

 * keycloak\_identity\_provider \- <code>mappers</code> processing was not idempotent if the mappers configuration list had not been sorted by name \(in ascending order\)\. Fix resolves the issue by sorting mappers in the desired state using the same key which is used for obtaining existing state \([https\://github\.com/ansible\-collections/community\.general/pull/7418](https\://github\.com/ansible\-collections/community\.general/pull/7418)\)\.
@@ -193,37 +411,37 @@ Regular bugfix and feature release\.
 <a id="connection"></a>
 #### Connection

-* incus \- Run tasks in Incus instances via the Incus CLI\.
+* community\.general\.incus \- Run tasks in Incus instances via the Incus CLI\.

 <a id="filter-1"></a>
 #### Filter

-* from\_ini \- Converts INI text input into a dictionary
-* to\_ini \- Converts a dictionary to the INI file format
+* community\.general\.from\_ini \- Converts INI text input into a dictionary
+* community\.general\.to\_ini \- Converts a dictionary to the INI file format

 <a id="lookup"></a>
 #### Lookup

-* github\_app\_access\_token \- Obtain short\-lived Github App Access tokens
+* community\.general\.github\_app\_access\_token \- Obtain short\-lived Github App Access tokens

-<a id="new-modules-2"></a>
+<a id="new-modules-4"></a>
 ### New Modules

-* dnf\_config\_manager \- Enable or disable dnf repositories using config\-manager
-* keycloak\_component\_info \- Retrive component info in Keycloak
-* keycloak\_realm\_rolemapping \- Allows administration of Keycloak realm role mappings into groups with the Keycloak API
-* proxmox\_node\_info \- Retrieve information about one or more Proxmox VE nodes
-* proxmox\_storage\_contents\_info \- List content from a Proxmox VE storage
+* community\.general\.dnf\_config\_manager \- Enable or disable dnf repositories using config\-manager
+* community\.general\.keycloak\_component\_info \- Retrive component info in Keycloak
+* community\.general\.keycloak\_realm\_rolemapping \- Allows administration of Keycloak realm role mappings into groups with the Keycloak API
+* community\.general\.proxmox\_node\_info \- Retrieve information about one or more Proxmox VE nodes
+* community\.general\.proxmox\_storage\_contents\_info \- List content from a Proxmox VE storage

 <a id="v8-1-0"></a>
 ## v8\.1\.0

-<a id="release-summary-3"></a>
+<a id="release-summary-9"></a>
 ### Release Summary

 Regular bugfix and feature release\.

-<a id="minor-changes-3"></a>
+<a id="minor-changes-7"></a>
 ### Minor Changes

 * bitwarden lookup plugin \- when looking for items using an item ID\, the item is now accessed directly with <code>bw get item</code> instead of searching through all items\. This doubles the lookup speed \([https\://github\.com/ansible\-collections/community\.general/pull/7468](https\://github\.com/ansible\-collections/community\.general/pull/7468)\)\.
@@ -260,7 +478,7 @@ Regular bugfix and feature release\.
 * redfish\_info \- adding the <code>BootProgress</code> property when getting <code>Systems</code> info \([https\://github\.com/ansible\-collections/community\.general/pull/7626](https\://github\.com/ansible\-collections/community\.general/pull/7626)\)\.
 * ssh\_config \- adds <code>controlmaster</code>\, <code>controlpath</code> and <code>controlpersist</code> parameters \([https\://github\.com/ansible\-collections/community\.general/pull/7456](https\://github\.com/ansible\-collections/community\.general/pull/7456)\)\.

-<a id="bugfixes-3"></a>
+<a id="bugfixes-9"></a>
 ### Bugfixes

 * apt\-rpm \- the module did not upgrade packages if a newer version exists\. Now the package will be reinstalled if the candidate is newer than the installed version \([https\://github\.com/ansible\-collections/community\.general/issues/7414](https\://github\.com/ansible\-collections/community\.general/issues/7414)\)\.
@@ -284,29 +502,29 @@ Regular bugfix and feature release\.
 <a id="lookup-1"></a>
 #### Lookup

-* onepassword\_doc \- Fetch documents stored in 1Password
+* community\.general\.onepassword\_doc \- Fetch documents stored in 1Password

 <a id="test"></a>
 #### Test

-* fqdn\_valid \- Validates fully\-qualified domain names against RFC 1123
+* community\.general\.fqdn\_valid \- Validates fully\-qualified domain names against RFC 1123

-<a id="new-modules-3"></a>
+<a id="new-modules-5"></a>
 ### New Modules

-* git\_config\_info \- Read git configuration
-* gitlab\_issue \- Create\, update\, or delete GitLab issues
-* nomad\_token \- Manage Nomad ACL tokens
+* community\.general\.git\_config\_info \- Read git configuration
+* community\.general\.gitlab\_issue \- Create\, update\, or delete GitLab issues
+* community\.general\.nomad\_token \- Manage Nomad ACL tokens

 <a id="v8-0-2"></a>
 ## v8\.0\.2

-<a id="release-summary-4"></a>
+<a id="release-summary-10"></a>
 ### Release Summary

 Bugfix release for inclusion in Ansible 9\.0\.0rc1\.

-<a id="bugfixes-4"></a>
+<a id="bugfixes-10"></a>
 ### Bugfixes

 * ocapi\_utils\, oci\_utils\, redfish\_utils module utils \- replace <code>type\(\)</code> calls with <code>isinstance\(\)</code> calls \([https\://github\.com/ansible\-collections/community\.general/pull/7501](https\://github\.com/ansible\-collections/community\.general/pull/7501)\)\.
@@ -315,12 +533,12 @@ Bugfix release for inclusion in Ansible 9\.0\.0rc1\.
 <a id="v8-0-1"></a>
 ## v8\.0\.1

-<a id="release-summary-5"></a>
+<a id="release-summary-11"></a>
 ### Release Summary

 Bugfix release for inclusion in Ansible 9\.0\.0b1\.

-<a id="bugfixes-5"></a>
+<a id="bugfixes-11"></a>
 ### Bugfixes

 * gitlab\_group\_members \- fix gitlab constants call in <code>gitlab\_group\_members</code> module \([https\://github\.com/ansible\-collections/community\.general/issues/7467](https\://github\.com/ansible\-collections/community\.general/issues/7467)\)\.
@@ -333,12 +551,12 @@ Bugfix release for inclusion in Ansible 9\.0\.0b1\.
 <a id="v8-0-0"></a>
 ## v8\.0\.0

-<a id="release-summary-6"></a>
+<a id="release-summary-12"></a>
 ### Release Summary

 This is release 8\.0\.0 of <code>community\.general</code>\, released on 2023\-11\-01\.

-<a id="minor-changes-4"></a>
+<a id="minor-changes-8"></a>
 ### Minor Changes

 * The collection will start using semantic markup \([https\://github\.com/ansible\-collections/community\.general/pull/6539](https\://github\.com/ansible\-collections/community\.general/pull/6539)\)\.
@@ -477,7 +695,7 @@ This is release 8\.0\.0 of <code>community\.general</code>\, released on 2023\-1
 * vardict module utils \- <code>VarDict</code> will no longer accept variables named <code>\_var</code>\, <code>get\_meta</code>\, and <code>as\_dict</code> \([https\://github\.com/ansible\-collections/community\.general/pull/6647](https\://github\.com/ansible\-collections/community\.general/pull/6647)\)\.
 * version module util \- remove fallback for ansible\-core 2\.11\. All modules and plugins that do version collections no longer work with ansible\-core 2\.11 \([https\://github\.com/ansible\-collections/community\.general/pull/7269](https\://github\.com/ansible\-collections/community\.general/pull/7269)\)\.

-<a id="deprecated-features-1"></a>
+<a id="deprecated-features-2"></a>
 ### Deprecated Features

 * CmdRunner module utils \- deprecate <code>cmd\_runner\_fmt\.as\_default\_type\(\)</code> formatter \([https\://github\.com/ansible\-collections/community\.general/pull/6601](https\://github\.com/ansible\-collections/community\.general/pull/6601)\)\.
@@ -537,7 +755,7 @@ This is release 8\.0\.0 of <code>community\.general</code>\, released on 2023\-1
 * proxmox module utils \- removed unused imports \([https\://github\.com/ansible\-collections/community\.general/pull/6873](https\://github\.com/ansible\-collections/community\.general/pull/6873)\)\.
 * xfconf \- the deprecated <code>disable\_facts</code> option was removed \([https\://github\.com/ansible\-collections/community\.general/pull/7358](https\://github\.com/ansible\-collections/community\.general/pull/7358)\)\.

-<a id="bugfixes-6"></a>
+<a id="bugfixes-12"></a>
 ### Bugfixes

 * CmdRunner module utils \- does not attempt to resolve path if executable is a relative or absolute path \([https\://github\.com/ansible\-collections/community\.general/pull/7200](https\://github\.com/ansible\-collections/community\.general/pull/7200)\)\.
@@ -619,7 +837,7 @@ This is release 8\.0\.0 of <code>community\.general</code>\, released on 2023\-1
 * tss lookup plugin \- fix multiple issues when using <code>fetch\_attachments\=true</code> \([https\://github\.com/ansible\-collections/community\.general/pull/6720](https\://github\.com/ansible\-collections/community\.general/pull/6720)\)\.
 * zypper \- added handling of zypper exitcode 102\. Changed state is set correctly now and rc 102 is still preserved to be evaluated by the playbook \([https\://github\.com/ansible\-collections/community\.general/pull/6534](https\://github\.com/ansible\-collections/community\.general/pull/6534)\)\.

-<a id="known-issues"></a>
+<a id="known-issues-1"></a>
 ### Known Issues

 * Ansible markup will show up in raw form on ansible\-doc text output for ansible\-core before 2\.15\. If you have trouble deciphering the documentation markup\, please upgrade to ansible\-core 2\.15 \(or newer\)\, or read the HTML documentation on [https\://docs\.ansible\.com/ansible/devel/collections/community/general/](https\://docs\.ansible\.com/ansible/devel/collections/community/general/) \([https\://github\.com/ansible\-collections/community\.general/pull/6539](https\://github\.com/ansible\-collections/community\.general/pull/6539)\)\.
@@ -630,27 +848,27 @@ This is release 8\.0\.0 of <code>community\.general</code>\, released on 2023\-1
 <a id="lookup-2"></a>
 #### Lookup

-* bitwarden\_secrets\_manager \- Retrieve secrets from Bitwarden Secrets Manager
+* community\.general\.bitwarden\_secrets\_manager \- Retrieve secrets from Bitwarden Secrets Manager

-<a id="new-modules-4"></a>
+<a id="new-modules-6"></a>
 ### New Modules

-* consul\_policy \- Manipulate Consul policies
-* consul\_role \- Manipulate Consul roles
-* facter\_facts \- Runs the discovery program C\(facter\) on the remote system and return Ansible facts
-* gio\_mime \- Set default handler for MIME type\, for applications using Gnome GIO
-* gitlab\_instance\_variable \- Creates\, updates\, or deletes GitLab instance variables
-* gitlab\_merge\_request \- Create\, update\, or delete GitLab merge requests
-* jenkins\_build\_info \- Get information about Jenkins builds
-* keycloak\_authentication\_required\_actions \- Allows administration of Keycloak authentication required actions
-* keycloak\_authz\_custom\_policy \- Allows administration of Keycloak client custom Javascript policies via Keycloak API
-* keycloak\_authz\_permission \- Allows administration of Keycloak client authorization permissions via Keycloak API
-* keycloak\_authz\_permission\_info \- Query Keycloak client authorization permissions information
-* keycloak\_realm\_key \- Allows administration of Keycloak realm keys via Keycloak API
-* keycloak\_user \- Create and configure a user in Keycloak
-* lvg\_rename \- Renames LVM volume groups
-* pnpm \- Manage node\.js packages with pnpm
-* proxmox\_pool \- Pool management for Proxmox VE cluster
-* proxmox\_pool\_member \- Add or delete members from Proxmox VE cluster pools
-* proxmox\_vm\_info \- Retrieve information about one or more Proxmox VE virtual machines
-* simpleinit\_msb \- Manage services on Source Mage GNU/Linux
+* community\.general\.consul\_policy \- Manipulate Consul policies
+* community\.general\.consul\_role \- Manipulate Consul roles
+* community\.general\.facter\_facts \- Runs the discovery program C\(facter\) on the remote system and return Ansible facts
+* community\.general\.gio\_mime \- Set default handler for MIME type\, for applications using Gnome GIO
+* community\.general\.gitlab\_instance\_variable \- Creates\, updates\, or deletes GitLab instance variables
+* community\.general\.gitlab\_merge\_request \- Create\, update\, or delete GitLab merge requests
+* community\.general\.jenkins\_build\_info \- Get information about Jenkins builds
+* community\.general\.keycloak\_authentication\_required\_actions \- Allows administration of Keycloak authentication required actions
+* community\.general\.keycloak\_authz\_custom\_policy \- Allows administration of Keycloak client custom Javascript policies via Keycloak API
+* community\.general\.keycloak\_authz\_permission \- Allows administration of Keycloak client authorization permissions via Keycloak API
+* community\.general\.keycloak\_authz\_permission\_info \- Query Keycloak client authorization permissions information
+* community\.general\.keycloak\_realm\_key \- Allows administration of Keycloak realm keys via Keycloak API
+* community\.general\.keycloak\_user \- Create and configure a user in Keycloak
+* community\.general\.lvg\_rename \- Renames LVM volume groups
+* community\.general\.pnpm \- Manage node\.js packages with pnpm
+* community\.general\.proxmox\_pool \- Pool management for Proxmox VE cluster
+* community\.general\.proxmox\_pool\_member \- Add or delete members from Proxmox VE cluster pools
+* community\.general\.proxmox\_vm\_info \- Retrieve information about one or more Proxmox VE virtual machines
+* community\.general\.simpleinit\_msb \- Manage services on Source Mage GNU/Linux
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -6,6 +6,195 @@ Community General Release Notes

 This changelog describes changes after version 7.0.0.

+v8.6.4
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Minor Changes
+-------------
+
+- passwordstore lookup plugin - add the current user to the lockfile file name to address issues on multi-user systems (https://github.com/ansible-collections/community.general/pull/8689).
+
+Bugfixes
+--------
+
+- gitlab_runner - fix ``paused`` parameter being ignored (https://github.com/ansible-collections/community.general/pull/8648).
+- homebrew_cask - fix ``upgrade_all`` returns ``changed`` when nothing upgraded (https://github.com/ansible-collections/community.general/issues/8707, https://github.com/ansible-collections/community.general/pull/8708).
+- keycloak_user_federation - get cleartext IDP ``clientSecret`` from full realm info to detect changes to it (https://github.com/ansible-collections/community.general/issues/8294, https://github.com/ansible-collections/community.general/pull/8735).
+- keycloak_user_federation - remove existing user federation mappers if they are not present in the federation configuration and will not be updated (https://github.com/ansible-collections/community.general/issues/7169, https://github.com/ansible-collections/community.general/pull/8695).
+
+v8.6.3
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Minor Changes
+-------------
+
+- wdc_redfish_command - minor change to handle upgrade file for Redfish WD platforms (https://github.com/ansible-collections/community.general/pull/8444).
+
+Bugfixes
+--------
+
+- bitwarden lookup plugin - fix ``KeyError`` in ``search_field`` (https://github.com/ansible-collections/community.general/issues/8549, https://github.com/ansible-collections/community.general/pull/8557).
+- keycloak_clientscope - remove IDs from clientscope and its protocol mappers on comparison for changed check (https://github.com/ansible-collections/community.general/pull/8545).
+- nsupdate - fix 'index out of range' error when changing NS records by falling back to authority section of the response (https://github.com/ansible-collections/community.general/issues/8612, https://github.com/ansible-collections/community.general/pull/8614).
+- redfish_utils module utils - do not fail when language is not exactly "en" (https://github.com/ansible-collections/community.general/pull/8613).
+
+v8.6.2
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Bugfixes
+--------
+
+- git_config - fix behavior of ``state=absent`` if ``value`` is present (https://github.com/ansible-collections/community.general/issues/8436, https://github.com/ansible-collections/community.general/pull/8452).
+- homebrew - do not fail when brew prints warnings (https://github.com/ansible-collections/community.general/pull/8406, https://github.com/ansible-collections/community.general/issues/7044).
+- keycloak_client - fix TypeError when sanitizing the ``saml.signing.private.key`` attribute in the module's diff or state output. The ``sanitize_cr`` function expected a dict where in some cases a list might occur (https://github.com/ansible-collections/community.general/pull/8403).
+- keycloak_realm - add normalizations for ``attributes`` and ``protocol_mappers`` (https://github.com/ansible-collections/community.general/pull/8496).
+- launched - correctly report changed status in check mode (https://github.com/ansible-collections/community.general/pull/8406).
+- opennebula inventory plugin - fix invalid reference to IP when inventory runs against NICs with no IPv4 address (https://github.com/ansible-collections/community.general/pull/8489).
+- opentelemetry callback - do not save the JSON response when using the ``ansible.builtin.uri`` module (https://github.com/ansible-collections/community.general/pull/8430).
+- opentelemetry callback - do not save the content response when using the ``ansible.builtin.slurp`` module (https://github.com/ansible-collections/community.general/pull/8430).
+- paman - do not fail if an empty list of packages has been provided and there is nothing to do (https://github.com/ansible-collections/community.general/pull/8514).
+
+Known Issues
+------------
+
+- homectl - the module does not work under Python 3.13 or newer, since it relies on the removed ``crypt`` standard library module (https://github.com/ansible-collections/community.general/issues/4691, https://github.com/ansible-collections/community.general/pull/8497).
+- udm_user - the module does not work under Python 3.13 or newer, since it relies on the removed ``crypt`` standard library module (https://github.com/ansible-collections/community.general/issues/4690, https://github.com/ansible-collections/community.general/pull/8497).
+
+v8.6.1
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Security Fixes
+--------------
+
+- keycloak_identity_provider - the client secret was not correctly sanitized by the module. The return values ``proposed``, ``existing``, and ``end_state``, as well as the diff, did contain the client secret unmasked (https://github.com/ansible-collections/community.general/pull/8355).
+
+Bugfixes
+--------
+
+- keycloak_user_federation - fix diff of empty ``krbPrincipalAttribute`` (https://github.com/ansible-collections/community.general/pull/8320).
+- merge_variables lookup plugin - fixing cross host merge: providing access to foreign hosts variables to the perspective of the host that is performing the merge (https://github.com/ansible-collections/community.general/pull/8303).
+- opentelemetry callback plugin - close spans always (https://github.com/ansible-collections/community.general/pull/8367).
+- opentelemetry callback plugin - honour the ``disable_logs`` option to avoid storing task results since they are not used regardless (https://github.com/ansible-collections/community.general/pull/8373).
+
+v8.6.0
+======
+
+Release Summary
+---------------
+
+Regular bugfix and features release.
+
+Minor Changes
+-------------
+
+- Use offset-aware ``datetime.datetime`` objects (with timezone UTC) instead of offset-naive UTC timestamps, which are deprecated in Python 3.12 (https://github.com/ansible-collections/community.general/pull/8222).
+- apt_rpm - add new states ``latest`` and ``present_not_latest``. The value ``latest`` is equivalent to the current behavior of ``present``, which will upgrade a package if a newer version exists. ``present_not_latest`` does what most users would expect ``present`` to do: it does not upgrade if the package is already installed. The current behavior of ``present`` will be deprecated in a later version, and eventually changed to that of ``present_not_latest`` (https://github.com/ansible-collections/community.general/issues/8217, https://github.com/ansible-collections/community.general/pull/8247).
+- bitwarden lookup plugin - add support to filter by organization ID (https://github.com/ansible-collections/community.general/pull/8188).
+- filesystem - add bcachefs support (https://github.com/ansible-collections/community.general/pull/8126).
+- ini_file - add an optional parameter ``section_has_values``. If the target ini file contains more than one ``section``, use ``section_has_values`` to specify which one should be updated (https://github.com/ansible-collections/community.general/pull/7505).
+- java_cert - add ``cert_content`` argument (https://github.com/ansible-collections/community.general/pull/8153).
+- keycloak_client, keycloak_clientscope, keycloak_clienttemplate - added ``docker-v2`` protocol support, enhancing alignment with Keycloak's protocol options (https://github.com/ansible-collections/community.general/issues/8215, https://github.com/ansible-collections/community.general/pull/8216).
+- nmcli - adds OpenvSwitch support with new ``type`` values ``ovs-port``, ``ovs-interface``, and ``ovs-bridge``, and new ``slave_type`` value ``ovs-port`` (https://github.com/ansible-collections/community.general/pull/8154).
+- osx_defaults - add option ``check_types`` to enable changing the type of existing defaults on the fly (https://github.com/ansible-collections/community.general/pull/8173).
+- passwordstore lookup - add ``missing_subkey`` parameter defining the behavior of the lookup when a passwordstore subkey is missing (https://github.com/ansible-collections/community.general/pull/8166).
+- portage - adds the possibility to explicitely tell portage to write packages to world file (https://github.com/ansible-collections/community.general/issues/6226, https://github.com/ansible-collections/community.general/pull/8236).
+- redfish_command - add command ``ResetToDefaults`` to reset manager to default state (https://github.com/ansible-collections/community.general/issues/8163).
+- redfish_info - add boolean return value ``MultipartHttpPush`` to ``GetFirmwareUpdateCapabilities`` (https://github.com/ansible-collections/community.general/issues/8194, https://github.com/ansible-collections/community.general/pull/8195).
+- ssh_config - allow ``accept-new`` as valid value for ``strict_host_key_checking`` (https://github.com/ansible-collections/community.general/pull/8257).
+
+Deprecated Features
+-------------------
+
+- hipchat callback plugin - the hipchat service has been discontinued and the self-hosted variant has been End of Life since 2020. The callback plugin is therefore deprecated and will be removed from community.general 10.0.0 if nobody provides compelling reasons to still keep it (https://github.com/ansible-collections/community.general/issues/8184, https://github.com/ansible-collections/community.general/pull/8189).
+
+Bugfixes
+--------
+
+- aix_filesystem - fix ``_validate_vg`` not passing VG name to ``lsvg_cmd`` (https://github.com/ansible-collections/community.general/issues/8151).
+- apt_rpm - when checking whether packages were installed after running ``apt-get -y install <packages>``, only the last package name was checked (https://github.com/ansible-collections/community.general/pull/8263).
+- bitwarden_secrets_manager lookup plugin - implements retry with exponential backoff to avoid lookup errors when Bitwardn's API rate limiting is encountered (https://github.com/ansible-collections/community.general/issues/8230, https://github.com/ansible-collections/community.general/pull/8238).
+- from_ini filter plugin - disabling interpolation of ``ConfigParser`` to allow converting values with a ``%`` sign (https://github.com/ansible-collections/community.general/issues/8183, https://github.com/ansible-collections/community.general/pull/8185).
+- gitlab_issue, gitlab_label, gitlab_milestone - avoid crash during version comparison when the python-gitlab Python module is not installed (https://github.com/ansible-collections/community.general/pull/8158).
+- haproxy - fix an issue where HAProxy could get stuck in DRAIN mode when the backend was unreachable (https://github.com/ansible-collections/community.general/issues/8092).
+- inventory plugins - add unsafe wrapper to avoid marking strings that do not contain ``{`` or ``}`` as unsafe, to work around a bug in AWX ((https://github.com/ansible-collections/community.general/issues/8212, https://github.com/ansible-collections/community.general/pull/8225).
+- ipa - fix get version regex in IPA module_utils (https://github.com/ansible-collections/community.general/pull/8175).
+- keycloak_client - add sorted ``defaultClientScopes`` and ``optionalClientScopes`` to normalizations (https://github.com/ansible-collections/community.general/pull/8223).
+- keycloak_realm - add normalizations for ``enabledEventTypes`` and ``supportedLocales`` (https://github.com/ansible-collections/community.general/pull/8224).
+- puppet - add option ``environment_lang`` to set the environment language encoding. Defaults to lang ``C``. It is recommended to set it to ``C.UTF-8`` or ``en_US.UTF-8`` depending on what is available on your system. (https://github.com/ansible-collections/community.general/issues/8000)
+- riak - support ``riak admin`` sub-command in newer Riak KV versions beside the legacy ``riak-admin`` main command (https://github.com/ansible-collections/community.general/pull/8211).
+- to_ini filter plugin - disabling interpolation of ``ConfigParser`` to allow converting values with a ``%`` sign (https://github.com/ansible-collections/community.general/issues/8183, https://github.com/ansible-collections/community.general/pull/8185).
+- xml - make module work with lxml 5.1.1, which removed some internals that the module was relying on (https://github.com/ansible-collections/community.general/pull/8169).
+
+New Modules
+-----------
+
+- community.general.keycloak_client_rolescope - Allows administration of Keycloak client roles scope to restrict the usage of certain roles to a other specific client applications.
+
+v8.5.0
+======
+
+Release Summary
+---------------
+
+Regular feature and bugfix release with security fixes.
+
+Minor Changes
+-------------
+
+- bitwarden lookup plugin - allows to fetch all records of a given collection ID, by allowing to pass an empty value for ``search_value`` when ``collection_id`` is provided (https://github.com/ansible-collections/community.general/pull/8013).
+- icinga2 inventory plugin - adds new parameter ``group_by_hostgroups`` in order to make grouping by Icinga2 hostgroups optional (https://github.com/ansible-collections/community.general/pull/7998).
+- ini_file - support optional spaces between section names and their surrounding brackets (https://github.com/ansible-collections/community.general/pull/8075).
+- java_cert - enable ``owner``, ``group``, ``mode``, and other generic file arguments (https://github.com/ansible-collections/community.general/pull/8116).
+- ldap_attrs - module now supports diff mode, showing which attributes are changed within an operation (https://github.com/ansible-collections/community.general/pull/8073).
+- lxd_container - uses ``/1.0/instances`` API endpoint, if available. Falls back to ``/1.0/containers`` or ``/1.0/virtual-machines``. Fixes issue when using Incus or LXD 5.19 due to migrating to ``/1.0/instances`` endpoint (https://github.com/ansible-collections/community.general/pull/7980).
+- nmcli - allow setting ``MTU`` for ``bond-slave`` interface types (https://github.com/ansible-collections/community.general/pull/8118).
+- proxmox - adds ``startup`` parameters to configure startup order, startup delay and shutdown delay (https://github.com/ansible-collections/community.general/pull/8038).
+- revbitspss lookup plugin - removed a redundant unicode prefix. The prefix was not necessary for Python 3 and has been cleaned up to streamline the code (https://github.com/ansible-collections/community.general/pull/8087).
+
+Security Fixes
+--------------
+
+- cobbler, gitlab_runners, icinga2, linode, lxd, nmap, online, opennebula, proxmox, scaleway, stackpath_compute, virtualbox, and xen_orchestra inventory plugin - make sure all data received from the remote servers is marked as unsafe, so remote code execution by obtaining texts that can be evaluated as templates is not possible (https://www.die-welt.net/2024/03/remote-code-execution-in-ansible-dynamic-inventory-plugins/, https://github.com/ansible-collections/community.general/pull/8098).
+
+Bugfixes
+--------
+
+- aix_filesystem - fix issue with empty list items in crfs logic and option order (https://github.com/ansible-collections/community.general/pull/8052).
+- consul_token - fix token creation without ``accessor_id`` (https://github.com/ansible-collections/community.general/pull/8091).
+- homebrew - error returned from brew command was ignored and tried to parse empty JSON. Fix now checks for an error and raises it to give accurate error message to users (https://github.com/ansible-collections/community.general/issues/8047).
+- ipa_hbacrule - the module uses a string for ``ipaenabledflag`` for new FreeIPA versions while the returned value is a boolean (https://github.com/ansible-collections/community.general/pull/7880).
+- ipa_sudorule - the module uses a string for ``ipaenabledflag`` for new FreeIPA versions while the returned value is a boolean (https://github.com/ansible-collections/community.general/pull/7880).
+- iptables_state - fix idempotency issues when restoring incomplete iptables dumps (https://github.com/ansible-collections/community.general/issues/8029).
+- linode inventory plugin - add descriptive error message for linode inventory plugin (https://github.com/ansible-collections/community.general/pull/8133).
+- pacemaker_cluster - actually implement check mode, which the module claims to support. This means that until now the module also did changes in check mode (https://github.com/ansible-collections/community.general/pull/8081).
+- pam_limits - when the file does not exist, do not create it in check mode (https://github.com/ansible-collections/community.general/issues/8050, https://github.com/ansible-collections/community.general/pull/8057).
+- proxmox_kvm - fixed status check getting from node-specific API endpoint (https://github.com/ansible-collections/community.general/issues/7817).
+
+New Modules
+-----------
+
+- community.general.usb_facts - Allows listing information about USB devices
+
 v8.4.0
 ======

@@ -46,21 +235,21 @@ New Plugins
 Callback
 ~~~~~~~~

- default_without_diff - The default ansible callback without diff output
+- community.general.default_without_diff - The default ansible callback without diff output

 Filter
 ~~~~~~

- lists_difference - Difference of lists with a predictive order
- lists_intersect - Intersection of lists with a predictive order
- lists_symmetric_difference - Symmetric Difference of lists with a predictive order
- lists_union - Union of lists with a predictive order
+- community.general.lists_difference - Difference of lists with a predictive order
+- community.general.lists_intersect - Intersection of lists with a predictive order
+- community.general.lists_symmetric_difference - Symmetric Difference of lists with a predictive order
+- community.general.lists_union - Union of lists with a predictive order

 New Modules
 -----------

- gitlab_group_access_token - Manages GitLab group access tokens
- gitlab_project_access_token - Manages GitLab project access tokens
+- community.general.gitlab_group_access_token - Manages GitLab group access tokens
+- community.general.gitlab_project_access_token - Manages GitLab project access tokens

 v8.3.0
 ======
@@ -102,12 +291,12 @@ Bugfixes
 New Modules
 -----------

- consul_acl_bootstrap - Bootstrap ACLs in Consul
- consul_auth_method - Manipulate Consul auth methods
- consul_binding_rule - Manipulate Consul binding rules
- consul_token - Manipulate Consul tokens
- gitlab_label - Creates/updates/deletes GitLab Labels belonging to project or group.
- gitlab_milestone - Creates/updates/deletes GitLab Milestones belonging to project or group
+- community.general.consul_acl_bootstrap - Bootstrap ACLs in Consul
+- community.general.consul_auth_method - Manipulate Consul auth methods
+- community.general.consul_binding_rule - Manipulate Consul binding rules
+- community.general.consul_token - Manipulate Consul tokens
+- community.general.gitlab_label - Creates/updates/deletes GitLab Labels belonging to project or group.
+- community.general.gitlab_milestone - Creates/updates/deletes GitLab Milestones belonging to project or group

 v8.2.0
 ======
@@ -148,27 +337,27 @@ New Plugins
 Connection
 ~~~~~~~~~~

- incus - Run tasks in Incus instances via the Incus CLI.
+- community.general.incus - Run tasks in Incus instances via the Incus CLI.

 Filter
 ~~~~~~

- from_ini - Converts INI text input into a dictionary
- to_ini - Converts a dictionary to the INI file format
+- community.general.from_ini - Converts INI text input into a dictionary
+- community.general.to_ini - Converts a dictionary to the INI file format

 Lookup
 ~~~~~~

- github_app_access_token - Obtain short-lived Github App Access tokens
+- community.general.github_app_access_token - Obtain short-lived Github App Access tokens

 New Modules
 -----------

- dnf_config_manager - Enable or disable dnf repositories using config-manager
- keycloak_component_info - Retrive component info in Keycloak
- keycloak_realm_rolemapping - Allows administration of Keycloak realm role mappings into groups with the Keycloak API
- proxmox_node_info - Retrieve information about one or more Proxmox VE nodes
- proxmox_storage_contents_info - List content from a Proxmox VE storage
+- community.general.dnf_config_manager - Enable or disable dnf repositories using config-manager
+- community.general.keycloak_component_info - Retrive component info in Keycloak
+- community.general.keycloak_realm_rolemapping - Allows administration of Keycloak realm role mappings into groups with the Keycloak API
+- community.general.proxmox_node_info - Retrieve information about one or more Proxmox VE nodes
+- community.general.proxmox_storage_contents_info - List content from a Proxmox VE storage

 v8.1.0
 ======
@@ -239,19 +428,19 @@ New Plugins
 Lookup
 ~~~~~~

- onepassword_doc - Fetch documents stored in 1Password
+- community.general.onepassword_doc - Fetch documents stored in 1Password

 Test
 ~~~~

- fqdn_valid - Validates fully-qualified domain names against RFC 1123
+- community.general.fqdn_valid - Validates fully-qualified domain names against RFC 1123

 New Modules
 -----------

- git_config_info - Read git configuration
- gitlab_issue - Create, update, or delete GitLab issues
- nomad_token - Manage Nomad ACL tokens
+- community.general.git_config_info - Read git configuration
+- community.general.gitlab_issue - Create, update, or delete GitLab issues
+- community.general.nomad_token - Manage Nomad ACL tokens

 v8.0.2
 ======
@@ -585,27 +774,27 @@ New Plugins
 Lookup
 ~~~~~~

- bitwarden_secrets_manager - Retrieve secrets from Bitwarden Secrets Manager
+- community.general.bitwarden_secrets_manager - Retrieve secrets from Bitwarden Secrets Manager

 New Modules
 -----------

- consul_policy - Manipulate Consul policies
- consul_role - Manipulate Consul roles
- facter_facts - Runs the discovery program C(facter) on the remote system and return Ansible facts
- gio_mime - Set default handler for MIME type, for applications using Gnome GIO
- gitlab_instance_variable - Creates, updates, or deletes GitLab instance variables
- gitlab_merge_request - Create, update, or delete GitLab merge requests
- jenkins_build_info - Get information about Jenkins builds
- keycloak_authentication_required_actions - Allows administration of Keycloak authentication required actions
- keycloak_authz_custom_policy - Allows administration of Keycloak client custom Javascript policies via Keycloak API
- keycloak_authz_permission - Allows administration of Keycloak client authorization permissions via Keycloak API
- keycloak_authz_permission_info - Query Keycloak client authorization permissions information
- keycloak_realm_key - Allows administration of Keycloak realm keys via Keycloak API
- keycloak_user - Create and configure a user in Keycloak
- lvg_rename - Renames LVM volume groups
- pnpm - Manage node.js packages with pnpm
- proxmox_pool - Pool management for Proxmox VE cluster
- proxmox_pool_member - Add or delete members from Proxmox VE cluster pools
- proxmox_vm_info - Retrieve information about one or more Proxmox VE virtual machines
- simpleinit_msb - Manage services on Source Mage GNU/Linux
+- community.general.consul_policy - Manipulate Consul policies
+- community.general.consul_role - Manipulate Consul roles
+- community.general.facter_facts - Runs the discovery program C(facter) on the remote system and return Ansible facts
+- community.general.gio_mime - Set default handler for MIME type, for applications using Gnome GIO
+- community.general.gitlab_instance_variable - Creates, updates, or deletes GitLab instance variables
+- community.general.gitlab_merge_request - Create, update, or delete GitLab merge requests
+- community.general.jenkins_build_info - Get information about Jenkins builds
+- community.general.keycloak_authentication_required_actions - Allows administration of Keycloak authentication required actions
+- community.general.keycloak_authz_custom_policy - Allows administration of Keycloak client custom Javascript policies via Keycloak API
+- community.general.keycloak_authz_permission - Allows administration of Keycloak client authorization permissions via Keycloak API
+- community.general.keycloak_authz_permission_info - Query Keycloak client authorization permissions information
+- community.general.keycloak_realm_key - Allows administration of Keycloak realm keys via Keycloak API
+- community.general.keycloak_user - Create and configure a user in Keycloak
+- community.general.lvg_rename - Renames LVM volume groups
+- community.general.pnpm - Manage node.js packages with pnpm
+- community.general.proxmox_pool - Pool management for Proxmox VE cluster
+- community.general.proxmox_pool_member - Add or delete members from Proxmox VE cluster pools
+- community.general.proxmox_vm_info - Retrieve information about one or more Proxmox VE virtual machines
+- community.general.simpleinit_msb - Manage services on Source Mage GNU/Linux
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -31,7 +31,9 @@ Also, consider taking up a valuable, reviewed, but abandoned pull request which
 * Try committing your changes with an informative but short commit message.
 * Do not squash your commits and force-push to your branch if not needed. Reviews of your pull request are much easier with individual commits to comprehend the pull request history. All commits of your pull request branch will be squashed into one commit by GitHub upon merge.
 * Do not add merge commits to your PR. The bot will complain and you will have to rebase ([instructions for rebasing](https://docs.ansible.com/ansible/latest/dev_guide/developing_rebasing.html)) to remove them before your PR can be merged. To avoid that git automatically does merges during pulls, you can configure it to do rebases instead by running `git config pull.rebase true` inside the repository checkout.
-* Make sure your PR includes a [changelog fragment](https://docs.ansible.com/ansible/devel/community/development_process.html#creating-changelog-fragments). (You must not include a fragment for new modules or new plugins. Also you shouldn't include one for docs-only changes. If you're not sure, simply don't include one, we'll tell you whether one is needed or not :) )
+* Make sure your PR includes a [changelog fragment](https://docs.ansible.com/ansible/devel/community/collection_development_process.html#creating-a-changelog-fragment).
+  * You must not include a fragment for new modules or new plugins. Also you shouldn't include one for docs-only changes. (If you're not sure, simply don't include one, we'll tell you whether one is needed or not :) )
+  * Please always include a link to the pull request itself, and if the PR is about an issue, also a link to the issue. Also make sure the fragment ends with a period, and begins with a lower-case letter after `-`. (Again, if you don't do this, we'll add suggestions to fix it, so don't worry too much :) )
 * Avoid reformatting unrelated parts of the codebase in your PR. These types of changes will likely be requested for reversion, create additional work for reviewers, and may cause approval to be delayed.

 You can also read [our Quick-start development guide](https://github.com/ansible/community-docs/blob/main/create_pr_quick_start_guide.rst).
@@ -54,6 +56,8 @@ cd ~/dev/ansible_collections/community/general

 Then you can run `ansible-test` (which is a part of [ansible-core](https://pypi.org/project/ansible-core/)) inside the checkout. The following example commands expect that you have installed Docker or Podman. Note that Podman has only been supported by more recent ansible-core releases. If you are using Docker, the following will work with Ansible 2.9+.

+### Sanity tests
+
 The following commands show how to run sanity tests:

 ```.bash
@@ -64,6 +68,8 @@ ansible-test sanity --docker -v
 ansible-test sanity --docker -v plugins/modules/system/pids.py tests/integration/targets/pids/
 ```

+### Unit tests
+
 The following commands show how to run unit tests:

 ```.bash
@@ -77,13 +83,32 @@ ansible-test units --docker -v --python 3.8
 ansible-test units --docker -v --python 3.8 tests/unit/plugins/modules/net_tools/test_nmcli.py
 ```

+### Integration tests
+
 The following commands show how to run integration tests:

-```.bash
-# Run integration tests for the interfaces_files module in a Docker container using the
-# fedora35 operating system image (the supported images depend on your ansible-core version):
-ansible-test integration --docker fedora35 -v interfaces_file
+#### In Docker

+Integration tests on Docker have the following parameters:
+- `image_name` (required): The name of the Docker image. To get the list of supported Docker images, run
+  `ansible-test integration --help` and look for _target docker images_.
+- `test_name` (optional): The name of the integration test.  
+  For modules, this equals the short name of the module; for example, `pacman` in case of `community.general.pacman`.  
+  For plugins, the plugin type is added before the plugin's short name, for example `callback_yaml` for the `community.general.yaml` callback.
+```.bash
+# Test all plugins/modules on fedora40
+ansible-test integration -v --docker fedora40
+
+# Template
+ansible-test integration -v --docker image_name test_name
+
+# Example community.general.ini_file module on fedora40 Docker image:
+ansible-test integration -v --docker fedora40 ini_file
+```
+
+#### Without isolation
+
+```.bash
 # Run integration tests for the flattened lookup **without any isolation**:
 ansible-test integration -v lookup_flattened
 ```
--- a/README.md
+++ b/README.md
@@ -9,6 +9,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 [![Build Status](https://dev.azure.com/ansible/community.general/_apis/build/status/CI?branchName=stable-8)](https://dev.azure.com/ansible/community.general/_build?definitionId=31)
 [![EOL CI](https://github.com/ansible-collections/community.general/workflows/EOL%20CI/badge.svg?event=push)](https://github.com/ansible-collections/community.general/actions)
 [![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/community.general)](https://codecov.io/gh/ansible-collections/community.general)
+[![REUSE status](https://api.reuse.software/badge/github.com/ansible-collections/community.general)](https://api.reuse.software/info/github.com/ansible-collections/community.general)

 This repository contains the `community.general` Ansible Collection. The collection is a part of the Ansible package and includes many modules and plugins supported by Ansible community which are not part of more specialized community collections.

@@ -24,7 +25,7 @@ If you encounter abusive behavior violating the [Ansible Code of Conduct](https:

 ## Tested with Ansible

-Tested with the current ansible-core 2.13, ansible-core 2.14, ansible-core 2.15, ansible-core 2.16 releases and the current development version of ansible-core. Ansible-core versions before 2.13.0 are not supported. This includes all ansible-base 2.10 and Ansible 2.9 releases.
+Tested with the current ansible-core 2.13, ansible-core 2.14, ansible-core 2.15, ansible-core 2.16, ansible-core 2.17 releases and the current development version of ansible-core. Ansible-core versions before 2.13.0 are not supported. This includes all ansible-base 2.10 and Ansible 2.9 releases.

 ## External requirements

--- a/changelogs/changelog.yaml
+++ b/changelogs/changelog.yaml
--- a/changelogs/config.yaml
+++ b/changelogs/config.yaml
@@ -18,20 +18,25 @@ output_formats:
 prelude_section_name: release_summary
 prelude_section_title: Release Summary
 sections:
- - major_changes
-  - Major Changes
- - minor_changes
-  - Minor Changes
- - breaking_changes
-  - Breaking Changes / Porting Guide
- - deprecated_features
-  - Deprecated Features
- - removed_features
-  - Removed Features (previously deprecated)
- - security_fixes
-  - Security Fixes
- - bugfixes
-  - Bugfixes
- - known_issues
-  - Known Issues
+  - - major_changes
+    - Major Changes
+  - - minor_changes
+    - Minor Changes
+  - - breaking_changes
+    - Breaking Changes / Porting Guide
+  - - deprecated_features
+    - Deprecated Features
+  - - removed_features
+    - Removed Features (previously deprecated)
+  - - security_fixes
+    - Security Fixes
+  - - bugfixes
+    - Bugfixes
+  - - known_issues
+    - Known Issues
 title: Community General
+trivial_section_name: trivial
+use_fqcn: true
+add_plugin_period: true
+changelog_nice_yaml: true
+changelog_sort: version
--- a/docs/docsite/config.yml
+++ b/docs/docsite/config.yml
@@ -0,0 +1,7 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+changelog:
+  write_changelog: true
--- a/docs/docsite/helper/lists_mergeby/default-common.yml
+++ b/docs/docsite/helper/lists_mergeby/default-common.yml
@@ -2,17 +2,11 @@
 # Copyright (c) Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-
 list1:
-  - name: foo
-    extra: true
-  - name: bar
-    extra: false
-  - name: meh
-    extra: true
+  - {name: foo, extra: true}
+  - {name: bar, extra: false}
+  - {name: meh, extra: true}

 list2:
-  - name: foo
-    path: /foo
-  - name: baz
-    path: /baz
+  - {name: foo, path: /foo}
+  - {name: baz, path: /baz}
--- a/docs/docsite/helper/lists_mergeby/default-recursive-true.yml
+++ b/docs/docsite/helper/lists_mergeby/default-recursive-true.yml
@@ -2,14 +2,12 @@
 # Copyright (c) Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-
 list1:
  - name: myname01
    param01:
      x: default_value
      y: default_value
-      list:
-        - default_value
+      list: [default_value]
  - name: myname02
    param01: [1, 1, 2, 3]

@@ -18,7 +16,6 @@ list2:
    param01:
      y: patch_value
      z: patch_value
-      list:
-        - patch_value
+      list: [patch_value]
  - name: myname02
-    param01: [3, 4, 4, {key: value}]
+    param01: [3, 4, 4]
--- a/docs/docsite/helper/lists_mergeby/example-001.yml
+++ b/docs/docsite/helper/lists_mergeby/example-001.yml
@@ -8,7 +8,7 @@
    dir: example-001_vars
 - debug:
    var: list3
-  when: debug|d(false)|bool
+  when: debug | d(false) | bool
 - template:
    src: list3.out.j2
    dest: example-001.out
--- a/docs/docsite/helper/lists_mergeby/example-001_vars/list3.yml
+++ b/docs/docsite/helper/lists_mergeby/example-001_vars/list3.yml
@@ -2,6 +2,5 @@
 # Copyright (c) Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-
-list3: "{{ list1|
+list3: "{{ list1 |
           community.general.lists_mergeby(list2, 'name') }}"
--- a/docs/docsite/helper/lists_mergeby/example-002.yml
+++ b/docs/docsite/helper/lists_mergeby/example-002.yml
@@ -8,7 +8,7 @@
    dir: example-002_vars
 - debug:
    var: list3
-  when: debug|d(false)|bool
+  when: debug | d(false) | bool
 - template:
    src: list3.out.j2
    dest: example-002.out
--- a/docs/docsite/helper/lists_mergeby/example-002_vars/list3.yml
+++ b/docs/docsite/helper/lists_mergeby/example-002_vars/list3.yml
@@ -2,6 +2,5 @@
 # Copyright (c) Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-
-list3: "{{ [list1, list2]|
+list3: "{{ [list1, list2] |
           community.general.lists_mergeby('name') }}"
--- a/docs/docsite/helper/lists_mergeby/example-003.yml
+++ b/docs/docsite/helper/lists_mergeby/example-003.yml
@@ -8,7 +8,7 @@
    dir: example-003_vars
 - debug:
    var: list3
-  when: debug|d(false)|bool
+  when: debug | d(false) | bool
 - template:
    src: list3.out.j2
    dest: example-003.out
--- a/docs/docsite/helper/lists_mergeby/example-003_vars/list3.yml
+++ b/docs/docsite/helper/lists_mergeby/example-003_vars/list3.yml
@@ -2,7 +2,6 @@
 # Copyright (c) Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-
-list3: "{{ [list1, list2]|
+list3: "{{ [list1, list2] |
           community.general.lists_mergeby('name',
                                           recursive=true) }}"
--- a/docs/docsite/helper/lists_mergeby/example-004.yml
+++ b/docs/docsite/helper/lists_mergeby/example-004.yml
@@ -8,7 +8,7 @@
    dir: example-004_vars
 - debug:
    var: list3
-  when: debug|d(false)|bool
+  when: debug | d(false) | bool
 - template:
    src: list3.out.j2
    dest: example-004.out
--- a/docs/docsite/helper/lists_mergeby/example-004_vars/list3.yml
+++ b/docs/docsite/helper/lists_mergeby/example-004_vars/list3.yml
@@ -2,8 +2,7 @@
 # Copyright (c) Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-
-list3: "{{ [list1, list2]|
+list3: "{{ [list1, list2] |
           community.general.lists_mergeby('name',
                                           recursive=true,
                                           list_merge='keep') }}"
--- a/docs/docsite/helper/lists_mergeby/example-005.yml
+++ b/docs/docsite/helper/lists_mergeby/example-005.yml
@@ -8,7 +8,7 @@
    dir: example-005_vars
 - debug:
    var: list3
-  when: debug|d(false)|bool
+  when: debug | d(false) | bool
 - template:
    src: list3.out.j2
    dest: example-005.out
--- a/docs/docsite/helper/lists_mergeby/example-005_vars/list3.yml
+++ b/docs/docsite/helper/lists_mergeby/example-005_vars/list3.yml
@@ -2,8 +2,7 @@
 # Copyright (c) Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-
-list3: "{{ [list1, list2]|
+list3: "{{ [list1, list2] |
           community.general.lists_mergeby('name',
                                           recursive=true,
                                           list_merge='append') }}"
--- a/docs/docsite/helper/lists_mergeby/example-006.yml
+++ b/docs/docsite/helper/lists_mergeby/example-006.yml
@@ -8,7 +8,7 @@
    dir: example-006_vars
 - debug:
    var: list3
-  when: debug|d(false)|bool
+  when: debug | d(false) | bool
 - template:
    src: list3.out.j2
    dest: example-006.out
--- a/docs/docsite/helper/lists_mergeby/example-006_vars/list3.yml
+++ b/docs/docsite/helper/lists_mergeby/example-006_vars/list3.yml
@@ -2,8 +2,7 @@
 # Copyright (c) Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-
-list3: "{{ [list1, list2]|
+list3: "{{ [list1, list2] |
           community.general.lists_mergeby('name',
                                           recursive=true,
                                           list_merge='prepend') }}"
--- a/docs/docsite/helper/lists_mergeby/example-007.yml
+++ b/docs/docsite/helper/lists_mergeby/example-007.yml
@@ -8,7 +8,7 @@
    dir: example-007_vars
 - debug:
    var: list3
-  when: debug|d(false)|bool
+  when: debug|d(false) | bool
 - template:
    src: list3.out.j2
    dest: example-007.out
--- a/docs/docsite/helper/lists_mergeby/example-007_vars/list3.yml
+++ b/docs/docsite/helper/lists_mergeby/example-007_vars/list3.yml
@@ -2,8 +2,7 @@
 # Copyright (c) Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-
-list3: "{{ [list1, list2]|
+list3: "{{ [list1, list2] |
           community.general.lists_mergeby('name',
                                           recursive=true,
                                           list_merge='append_rp') }}"
--- a/docs/docsite/helper/lists_mergeby/example-008.yml
+++ b/docs/docsite/helper/lists_mergeby/example-008.yml
@@ -8,7 +8,7 @@
    dir: example-008_vars
 - debug:
    var: list3
-  when: debug|d(false)|bool
+  when: debug | d(false) | bool
 - template:
    src: list3.out.j2
    dest: example-008.out
--- a/docs/docsite/helper/lists_mergeby/example-008_vars/list3.yml
+++ b/docs/docsite/helper/lists_mergeby/example-008_vars/list3.yml
@@ -2,8 +2,7 @@
 # Copyright (c) Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-
-list3: "{{ [list1, list2]|
+list3: "{{ [list1, list2] |
           community.general.lists_mergeby('name',
                                           recursive=true,
                                           list_merge='prepend_rp') }}"
--- a/docs/docsite/helper/lists_mergeby/example-009.yml
+++ b/docs/docsite/helper/lists_mergeby/example-009.yml
@@ -0,0 +1,14 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+- name: 9. Merge single list by common attribute 'name'
+  include_vars:
+    dir: example-009_vars
+- debug:
+    var: list3
+  when: debug | d(false) | bool
+- template:
+    src: list3.out.j2
+    dest: example-009.out
--- a/docs/docsite/helper/lists_mergeby/example-009_vars/default-common.yml
+++ b/docs/docsite/helper/lists_mergeby/example-009_vars/default-common.yml
@@ -0,0 +1 @@
+../default-common.yml
--- a/docs/docsite/helper/lists_mergeby/example-009_vars/list3.yml
+++ b/docs/docsite/helper/lists_mergeby/example-009_vars/list3.yml
@@ -0,0 +1,6 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+list3: "{{ [list1 + list2, []] |
+           community.general.lists_mergeby('name') }}"
--- a/docs/docsite/helper/lists_mergeby/examples.yml
+++ b/docs/docsite/helper/lists_mergeby/examples.yml
@@ -4,51 +4,75 @@
 # SPDX-License-Identifier: GPL-3.0-or-later

 examples:
-  - label: 'In the example below the lists are merged by the attribute ``name``:'
+  - title: Two lists
+    description: 'In the example below the lists are merged by the attribute ``name``:'
    file: example-001_vars/list3.yml
    lang: 'yaml+jinja'
-  - label: 'This produces:'
+  - title:
+    description: 'This produces:'
    file: example-001.out
    lang: 'yaml'
-  - label: 'It is possible to use a list of lists as an input of the filter:'
+  - title: List of two lists
+    description: 'It is possible to use a list of lists as an input of the filter:'
    file: example-002_vars/list3.yml
    lang: 'yaml+jinja'
-  - label: 'This produces the same result as in the previous example:'
+  - title:
+    description: 'This produces the same result as in the previous example:'
    file: example-002.out
    lang: 'yaml'
-  - label: 'Example ``list_merge=replace`` (default):'
+  - title: Single list
+    description: 'It is possible to merge single list:'
+    file: example-009_vars/list3.yml
+    lang: 'yaml+jinja'
+  - title:
+    description: 'This produces the same result as in the previous example:'
+    file: example-009.out
+    lang: 'yaml'
+  - title: list_merge=replace (default)
+    description: 'Example :ansopt:`community.general.lists_mergeby#filter:list_merge=replace` (default):'
    file: example-003_vars/list3.yml
    lang: 'yaml+jinja'
-  - label: 'This produces:'
+  - title:
+    description: 'This produces:'
    file: example-003.out
    lang: 'yaml'
-  - label: 'Example ``list_merge=keep``:'
+  - title: list_merge=keep
+    description: 'Example :ansopt:`community.general.lists_mergeby#filter:list_merge=keep`:'
    file: example-004_vars/list3.yml
    lang: 'yaml+jinja'
-  - label: 'This produces:'
+  - title:
+    description: 'This produces:'
    file: example-004.out
    lang: 'yaml'
-  - label: 'Example ``list_merge=append``:'
+  - title: list_merge=append
+    description: 'Example :ansopt:`community.general.lists_mergeby#filter:list_merge=append`:'
    file: example-005_vars/list3.yml
    lang: 'yaml+jinja'
-  - label: 'This produces:'
+  - title:
+    description: 'This produces:'
    file: example-005.out
    lang: 'yaml'
-  - label: 'Example ``list_merge=prepend``:'
+  - title: list_merge=prepend
+    description: 'Example :ansopt:`community.general.lists_mergeby#filter:list_merge=prepend`:'
    file: example-006_vars/list3.yml
    lang: 'yaml+jinja'
-  - label: 'This produces:'
+  - title:
+    description: 'This produces:'
    file: example-006.out
    lang: 'yaml'
-  - label: 'Example ``list_merge=append_rp``:'
+  - title: list_merge=append_rp
+    description: 'Example :ansopt:`community.general.lists_mergeby#filter:list_merge=append_rp`:'
    file: example-007_vars/list3.yml
    lang: 'yaml+jinja'
-  - label: 'This produces:'
+  - title:
+    description: 'This produces:'
    file: example-007.out
    lang: 'yaml'
-  - label: 'Example ``list_merge=prepend_rp``:'
+  - title: list_merge=prepend_rp
+    description: 'Example :ansopt:`community.general.lists_mergeby#filter:list_merge=prepend_rp`:'
    file: example-008_vars/list3.yml
    lang: 'yaml+jinja'
-  - label: 'This produces:'
+  - title:
+    description: 'This produces:'
    file: example-008.out
    lang: 'yaml'
--- a/docs/docsite/helper/lists_mergeby/examples_all.rst.j2
+++ b/docs/docsite/helper/lists_mergeby/examples_all.rst.j2
@@ -4,10 +4,10 @@
  SPDX-License-Identifier: GPL-3.0-or-later

 {% for i in examples %}
-{{ i.label }}
+{{ i.description }}

 .. code-block:: {{ i.lang }}

-  {{ lookup('file', i.file)|indent(2) }}
+  {{ lookup('file', i.file) | split('\n') | reject('match', '^(#|---)') | join ('\n') | indent(2) }}

 {% endfor %}
--- a/docs/docsite/helper/lists_mergeby/extra-vars.yml
+++ b/docs/docsite/helper/lists_mergeby/extra-vars.yml
@@ -0,0 +1,7 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+examples_one: true
+examples_all: true
+merging_lists_of_dictionaries: true
--- a/docs/docsite/helper/lists_mergeby/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst.j2
+++ b/docs/docsite/helper/lists_mergeby/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst.j2
@@ -6,57 +6,69 @@
 Merging lists of dictionaries
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

-If you have two or more lists of dictionaries and want to combine them into a list of merged dictionaries, where the dictionaries are merged by an attribute, you can use the ``lists_mergeby`` filter.
+If you have two or more lists of dictionaries and want to combine them into a list of merged dictionaries, where the dictionaries are merged by an attribute, you can use the :ansplugin:`community.general.lists_mergeby <community.general.lists_mergeby#filter>` filter.

-.. note:: The output of the examples in this section use the YAML callback plugin. Quoting: "Ansible output that can be quite a bit easier to read than the default JSON formatting." See :ref:`the documentation for the community.general.yaml callback plugin <ansible_collections.community.general.yaml_callback>`.
+.. note:: The output of the examples in this section use the YAML callback plugin. Quoting: "Ansible output that can be quite a bit easier to read than the default JSON formatting." See the documentation for the :ansplugin:`community.general.yaml callback plugin <community.general.yaml#callback>`.

 Let us use the lists below in the following examples:

 .. code-block:: yaml

-  {{ lookup('file', 'default-common.yml')|indent(2) }}
+  {{ lookup('file', 'default-common.yml') | split('\n') | reject('match', '^(#|---)') | join ('\n')  | indent(2) }}

 {% for i in examples[0:2] %}
-{{ i.label }}
+{% if i.title | d('', true) | length > 0 %}
+{{ i.title }}
+{{ "%s" % ('"' * i.title|length) }}
+{% endif %}
+{{ i.description }}

 .. code-block:: {{ i.lang }}

-  {{ lookup('file', i.file)|indent(2) }}
+  {{ lookup('file', i.file) | split('\n') | reject('match', '^(#|---)') | join ('\n') | indent(2) }}

 {% endfor %}

 .. versionadded:: 2.0.0

-{% for i in examples[2:4] %}
-{{ i.label }}
+{% for i in examples[2:6] %}
+{% if i.title | d('', true) | length > 0 %}
+{{ i.title }}
+{{ "%s" % ('"' * i.title|length) }}
+{% endif %}
+{{ i.description }}

 .. code-block:: {{ i.lang }}

-  {{ lookup('file', i.file)|indent(2) }}
+  {{ lookup('file', i.file) | split('\n') | reject('match', '^(#|---)') | join ('\n') | indent(2) }}

 {% endfor %}

-The filter also accepts two optional parameters: ``recursive`` and ``list_merge``. These parameters are only supported when used with ansible-base 2.10 or ansible-core, but not with Ansible 2.9. This is available since community.general 4.4.0.
+The filter also accepts two optional parameters: :ansopt:`community.general.lists_mergeby#filter:recursive` and :ansopt:`community.general.lists_mergeby#filter:list_merge`. This is available since community.general 4.4.0.

 **recursive**
-    Is a boolean, default to ``False``. Should the ``community.general.lists_mergeby`` recursively merge nested hashes. Note: It does not depend on the value of the ``hash_behaviour`` setting in ``ansible.cfg``.
+    Is a boolean, default to ``false``. Should the :ansplugin:`community.general.lists_mergeby#filter` filter recursively merge nested hashes. Note: It does not depend on the value of the ``hash_behaviour`` setting in ``ansible.cfg``.

 **list_merge**
-    Is a string, its possible values are ``replace`` (default), ``keep``, ``append``, ``prepend``, ``append_rp`` or ``prepend_rp``. It modifies the behaviour of ``community.general.lists_mergeby`` when the hashes to merge contain arrays/lists.
+    Is a string, its possible values are :ansval:`replace` (default), :ansval:`keep`, :ansval:`append`, :ansval:`prepend`, :ansval:`append_rp` or :ansval:`prepend_rp`. It modifies the behaviour of :ansplugin:`community.general.lists_mergeby#filter` when the hashes to merge contain arrays/lists.

-The examples below set ``recursive=true`` and display the differences among all six options of ``list_merge``. Functionality of the parameters is exactly the same as in the filter ``combine``. See :ref:`Combining hashes/dictionaries <combine_filter>` to learn details about these options.
+The examples below set :ansopt:`community.general.lists_mergeby#filter:recursive=true` and display the differences among all six options of :ansopt:`community.general.lists_mergeby#filter:list_merge`. Functionality of the parameters is exactly the same as in the filter :ansplugin:`ansible.builtin.combine#filter`. See :ref:`Combining hashes/dictionaries <combine_filter>` to learn details about these options.

 Let us use the lists below in the following examples

 .. code-block:: yaml

-  {{ lookup('file', 'default-recursive-true.yml')|indent(2) }}
+  {{ lookup('file', 'default-recursive-true.yml') | split('\n') | reject('match', '^(#|---)') | join ('\n') |indent(2) }}

-{% for i in examples[4:16] %}
-{{ i.label }}
+{% for i in examples[6:] %}
+{% if i.title | d('', true) | length > 0 %}
+{{ i.title }}
+{{ "%s" % ('"' * i.title|length) }}
+{% endif %}
+{{ i.description }}

 .. code-block:: {{ i.lang }}

-  {{ lookup('file', i.file)|indent(2) }}
+  {{ lookup('file', i.file) | split('\n') | reject('match', '^(#|---)') | join ('\n') |indent(2) }}

 {% endfor %}
--- a/docs/docsite/helper/lists_mergeby/list3.out.j2
+++ b/docs/docsite/helper/lists_mergeby/list3.out.j2
@@ -4,4 +4,4 @@ GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://w
 SPDX-License-Identifier: GPL-3.0-or-later
 #}
 list3:
-{{ list3|to_nice_yaml(indent=0) }}
+  {{ list3 | to_yaml(indent=2, sort_keys=false) | indent(2) }}
--- a/docs/docsite/helper/lists_mergeby/playbook.yml
+++ b/docs/docsite/helper/lists_mergeby/playbook.yml
@@ -5,7 +5,7 @@

 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 # 1) Run all examples and create example-XXX.out
-# shell> ansible-playbook playbook.yml -e examples=true
+# shell> ansible-playbook playbook.yml -e examples_one=true
 #
 # 2) Optionally, for testing, create examples_all.rst
 # shell> ansible-playbook playbook.yml -e examples_all=true
@@ -45,18 +45,20 @@
          tags: t007
        - import_tasks: example-008.yml
          tags: t008
-      when: examples|d(false)|bool
+        - import_tasks: example-009.yml
+          tags: t009
+      when: examples_one | d(false) | bool

    - block:
        - include_vars: examples.yml
        - template:
            src: examples_all.rst.j2
            dest: examples_all.rst
-      when: examples_all|d(false)|bool
+      when: examples_all | d(false) | bool

    - block:
        - include_vars: examples.yml
        - template:
            src: filter_guide_abstract_informations_merging_lists_of_dictionaries.rst.j2
            dest: filter_guide_abstract_informations_merging_lists_of_dictionaries.rst
-      when: merging_lists_of_dictionaries|d(false)|bool
+      when: merging_lists_of_dictionaries | d(false) | bool
--- a/docs/docsite/links.yml
+++ b/docs/docsite/links.yml
@@ -25,3 +25,7 @@ communication:
  mailing_lists:
    - topic: Ansible Project List
      url: https://groups.google.com/g/ansible-project
+  forums:
+    - topic: Ansible Forum
+      # The following URL directly points to the "Get Help" section
+      url: https://forum.ansible.com/c/help/6/none
--- a/docs/docsite/rst/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst
+++ b/docs/docsite/rst/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst
@@ -6,33 +6,30 @@
 Merging lists of dictionaries
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

-If you have two or more lists of dictionaries and want to combine them into a list of merged dictionaries, where the dictionaries are merged by an attribute, you can use the :ansplugin:`community.general.lists_mergeby filter <community.general.lists_mergeby#filter>`.
+If you have two or more lists of dictionaries and want to combine them into a list of merged dictionaries, where the dictionaries are merged by an attribute, you can use the :ansplugin:`community.general.lists_mergeby <community.general.lists_mergeby#filter>` filter.

-.. note:: The output of the examples in this section use the YAML callback plugin. Quoting: "Ansible output that can be quite a bit easier to read than the default JSON formatting." See :ref:`the documentation for the community.general.yaml callback plugin <ansible_collections.community.general.yaml_callback>`.
+.. note:: The output of the examples in this section use the YAML callback plugin. Quoting: "Ansible output that can be quite a bit easier to read than the default JSON formatting." See the documentation for the :ansplugin:`community.general.yaml callback plugin <community.general.yaml#callback>`.

 Let us use the lists below in the following examples:

 .. code-block:: yaml

  list1:
-    - name: foo
-      extra: true
-    - name: bar
-      extra: false
-    - name: meh
-      extra: true
+    - {name: foo, extra: true}
+    - {name: bar, extra: false}
+    - {name: meh, extra: true}

  list2:
-    - name: foo
-      path: /foo
-    - name: baz
-      path: /baz
+    - {name: foo, path: /foo}
+    - {name: baz, path: /baz}

+Two lists
+"""""""""
 In the example below the lists are merged by the attribute ``name``:

 .. code-block:: yaml+jinja

-  list3: "{{ list1|
+  list3: "{{ list1 |
             community.general.lists_mergeby(list2, 'name') }}"

 This produces:
@@ -40,24 +37,21 @@ This produces:
 .. code-block:: yaml

  list3:
-  - extra: false
-    name: bar
-  - name: baz
-    path: /baz
-  - extra: true
-    name: foo
-    path: /foo
-  - extra: true
-    name: meh
+    - {name: bar, extra: false}
+    - {name: baz, path: /baz}
+    - {name: foo, extra: true, path: /foo}
+    - {name: meh, extra: true}


 .. versionadded:: 2.0.0

+List of two lists
+"""""""""""""""""
 It is possible to use a list of lists as an input of the filter:

 .. code-block:: yaml+jinja

-  list3: "{{ [list1, list2]|
+  list3: "{{ [list1, list2] |
             community.general.lists_mergeby('name') }}"

 This produces the same result as in the previous example:
@@ -65,15 +59,29 @@ This produces the same result as in the previous example:
 .. code-block:: yaml

  list3:
-  - extra: false
-    name: bar
-  - name: baz
-    path: /baz
-  - extra: true
-    name: foo
-    path: /foo
-  - extra: true
-    name: meh
+    - {name: bar, extra: false}
+    - {name: baz, path: /baz}
+    - {name: foo, extra: true, path: /foo}
+    - {name: meh, extra: true}
+
+Single list
+"""""""""""
+It is possible to merge single list:
+
+.. code-block:: yaml+jinja
+
+  list3: "{{ [list1 + list2, []] |
+             community.general.lists_mergeby('name') }}"
+
+This produces the same result as in the previous example:
+
+.. code-block:: yaml
+
+  list3:
+    - {name: bar, extra: false}
+    - {name: baz, path: /baz}
+    - {name: foo, extra: true, path: /foo}
+    - {name: meh, extra: true}


 The filter also accepts two optional parameters: :ansopt:`community.general.lists_mergeby#filter:recursive` and :ansopt:`community.general.lists_mergeby#filter:list_merge`. This is available since community.general 4.4.0.
@@ -95,8 +103,7 @@ Let us use the lists below in the following examples
      param01:
        x: default_value
        y: default_value
-        list:
-          - default_value
+        list: [default_value]
    - name: myname02
      param01: [1, 1, 2, 3]

@@ -105,16 +112,17 @@ Let us use the lists below in the following examples
      param01:
        y: patch_value
        z: patch_value
-        list:
-          - patch_value
+        list: [patch_value]
    - name: myname02
-      param01: [3, 4, 4, {key: value}]
+      param01: [3, 4, 4]

+list_merge=replace (default)
+""""""""""""""""""""""""""""
 Example :ansopt:`community.general.lists_mergeby#filter:list_merge=replace` (default):

 .. code-block:: yaml+jinja

-  list3: "{{ [list1, list2]|
+  list3: "{{ [list1, list2] |
             community.general.lists_mergeby('name',
                                             recursive=true) }}"

@@ -123,25 +131,22 @@ This produces:
 .. code-block:: yaml

  list3:
-  - name: myname01
-    param01:
-      list:
-      - patch_value
-      x: default_value
-      y: patch_value
-      z: patch_value
-  - name: myname02
-    param01:
-    - 3
-    - 4
-    - 4
-    - key: value
+    - name: myname01
+      param01:
+        x: default_value
+        y: patch_value
+        list: [patch_value]
+        z: patch_value
+    - name: myname02
+      param01: [3, 4, 4]

+list_merge=keep
+"""""""""""""""
 Example :ansopt:`community.general.lists_mergeby#filter:list_merge=keep`:

 .. code-block:: yaml+jinja

-  list3: "{{ [list1, list2]|
+  list3: "{{ [list1, list2] |
             community.general.lists_mergeby('name',
                                             recursive=true,
                                             list_merge='keep') }}"
@@ -151,25 +156,22 @@ This produces:
 .. code-block:: yaml

  list3:
-  - name: myname01
-    param01:
-      list:
-      - default_value
-      x: default_value
-      y: patch_value
-      z: patch_value
-  - name: myname02
-    param01:
-    - 1
-    - 1
-    - 2
-    - 3
+    - name: myname01
+      param01:
+        x: default_value
+        y: patch_value
+        list: [default_value]
+        z: patch_value
+    - name: myname02
+      param01: [1, 1, 2, 3]

+list_merge=append
+"""""""""""""""""
 Example :ansopt:`community.general.lists_mergeby#filter:list_merge=append`:

 .. code-block:: yaml+jinja

-  list3: "{{ [list1, list2]|
+  list3: "{{ [list1, list2] |
             community.general.lists_mergeby('name',
                                             recursive=true,
                                             list_merge='append') }}"
@@ -179,30 +181,22 @@ This produces:
 .. code-block:: yaml

  list3:
-  - name: myname01
-    param01:
-      list:
-      - default_value
-      - patch_value
-      x: default_value
-      y: patch_value
-      z: patch_value
-  - name: myname02
-    param01:
-    - 1
-    - 1
-    - 2
-    - 3
-    - 3
-    - 4
-    - 4
-    - key: value
+    - name: myname01
+      param01:
+        x: default_value
+        y: patch_value
+        list: [default_value, patch_value]
+        z: patch_value
+    - name: myname02
+      param01: [1, 1, 2, 3, 3, 4, 4]

+list_merge=prepend
+""""""""""""""""""
 Example :ansopt:`community.general.lists_mergeby#filter:list_merge=prepend`:

 .. code-block:: yaml+jinja

-  list3: "{{ [list1, list2]|
+  list3: "{{ [list1, list2] |
             community.general.lists_mergeby('name',
                                             recursive=true,
                                             list_merge='prepend') }}"
@@ -212,30 +206,22 @@ This produces:
 .. code-block:: yaml

  list3:
-  - name: myname01
-    param01:
-      list:
-      - patch_value
-      - default_value
-      x: default_value
-      y: patch_value
-      z: patch_value
-  - name: myname02
-    param01:
-    - 3
-    - 4
-    - 4
-    - key: value
-    - 1
-    - 1
-    - 2
-    - 3
+    - name: myname01
+      param01:
+        x: default_value
+        y: patch_value
+        list: [patch_value, default_value]
+        z: patch_value
+    - name: myname02
+      param01: [3, 4, 4, 1, 1, 2, 3]

+list_merge=append_rp
+""""""""""""""""""""
 Example :ansopt:`community.general.lists_mergeby#filter:list_merge=append_rp`:

 .. code-block:: yaml+jinja

-  list3: "{{ [list1, list2]|
+  list3: "{{ [list1, list2] |
             community.general.lists_mergeby('name',
                                             recursive=true,
                                             list_merge='append_rp') }}"
@@ -245,29 +231,22 @@ This produces:
 .. code-block:: yaml

  list3:
-  - name: myname01
-    param01:
-      list:
-      - default_value
-      - patch_value
-      x: default_value
-      y: patch_value
-      z: patch_value
-  - name: myname02
-    param01:
-    - 1
-    - 1
-    - 2
-    - 3
-    - 4
-    - 4
-    - key: value
+    - name: myname01
+      param01:
+        x: default_value
+        y: patch_value
+        list: [default_value, patch_value]
+        z: patch_value
+    - name: myname02
+      param01: [1, 1, 2, 3, 4, 4]

+list_merge=prepend_rp
+"""""""""""""""""""""
 Example :ansopt:`community.general.lists_mergeby#filter:list_merge=prepend_rp`:

 .. code-block:: yaml+jinja

-  list3: "{{ [list1, list2]|
+  list3: "{{ [list1, list2] |
             community.general.lists_mergeby('name',
                                             recursive=true,
                                             list_merge='prepend_rp') }}"
@@ -277,21 +256,12 @@ This produces:
 .. code-block:: yaml

  list3:
-  - name: myname01
-    param01:
-      list:
-      - patch_value
-      - default_value
-      x: default_value
-      y: patch_value
-      z: patch_value
-  - name: myname02
-    param01:
-    - 3
-    - 4
-    - 4
-    - key: value
-    - 1
-    - 1
-    - 2
+    - name: myname01
+      param01:
+        x: default_value
+        y: patch_value
+        list: [patch_value, default_value]
+        z: patch_value
+    - name: myname02
+      param01: [3, 4, 4, 1, 1, 2]

--- a/galaxy.yml
+++ b/galaxy.yml
@@ -5,7 +5,7 @@

 namespace: community
 name: general
-version: 8.4.0
+version: 8.6.4
 readme: README.md
 authors:
  - Ansible (https://github.com/ansible)
--- a/meta/runtime.yml
+++ b/meta/runtime.yml
@@ -13,6 +13,28 @@ action_groups:
    - consul_session
    - consul_token
 plugin_routing:
+  callback:
+    actionable:
+      tombstone:
+        removal_version: 2.0.0
+        warning_text: Use the 'default' callback plugin with 'display_skipped_hosts
+          = no' and 'display_ok_hosts = no' options.
+    full_skip:
+      tombstone:
+        removal_version: 2.0.0
+        warning_text: Use the 'default' callback plugin with 'display_skipped_hosts
+          = no' option.
+    hipchat:
+      deprecation:
+        removal_version: 10.0.0
+        warning_text: The hipchat service has been discontinued and the self-hosted variant has been End of Life since 2020.
+    osx_say:
+      redirect: community.general.say
+    stderr:
+      tombstone:
+        removal_version: 2.0.0
+        warning_text: Use the 'default' callback plugin with 'display_failed_stderr
+          = yes' option.
  connection:
    docker:
      redirect: community.docker.docker
@@ -4707,24 +4729,6 @@ plugin_routing:
      redirect: dellemc.openmanage.dellemc_idrac
    remote_management.dellemc.ome:
      redirect: dellemc.openmanage.ome
-  callback:
-    actionable:
-      tombstone:
-        removal_version: 2.0.0
-        warning_text: Use the 'default' callback plugin with 'display_skipped_hosts
-          = no' and 'display_ok_hosts = no' options.
-    full_skip:
-      tombstone:
-        removal_version: 2.0.0
-        warning_text: Use the 'default' callback plugin with 'display_skipped_hosts
-          = no' option.
-    osx_say:
-      redirect: community.general.say
-    stderr:
-      tombstone:
-        removal_version: 2.0.0
-        warning_text: Use the 'default' callback plugin with 'display_failed_stderr
-          = yes' option.
  inventory:
    docker_machine:
      redirect: community.docker.docker_machine
--- a/plugins/action/iptables_state.py
+++ b/plugins/action/iptables_state.py
@@ -88,6 +88,10 @@ class ActionModule(ActionBase):
            max_timeout = self._connection._play_context.timeout
            module_args = self._task.args

+            async_status_args = {}
+            starter_cmd = None
+            confirm_cmd = None
+
            if module_args.get('state', None) == 'restored':
                if not wrap_async:
                    if not check_mode:
--- a/plugins/callback/hipchat.py
+++ b/plugins/callback/hipchat.py
@@ -18,6 +18,10 @@ DOCUMENTATION = '''
    description:
      - This callback plugin sends status updates to a HipChat channel during playbook execution.
      - Before 2.4 only environment variables were available for configuring this plugin.
+    deprecated:
+      removed_in: 10.0.0
+      why: The hipchat service has been discontinued and the self-hosted variant has been End of Life since 2020.
+      alternative: There is none.
    options:
      token:
        description: HipChat API token for v1 or v2 API.
--- a/plugins/callback/loganalytics.py
+++ b/plugins/callback/loganalytics.py
@@ -59,13 +59,16 @@ import uuid
 import socket
 import getpass

-from datetime import datetime
 from os.path import basename

 from ansible.module_utils.urls import open_url
 from ansible.parsing.ajson import AnsibleJSONEncoder
 from ansible.plugins.callback import CallbackBase

+from ansible_collections.community.general.plugins.module_utils.datetime import (
+    now,
+)
+

 class AzureLogAnalyticsSource(object):
    def __init__(self):
@@ -93,7 +96,7 @@ class AzureLogAnalyticsSource(object):
        return "https://{0}.ods.opinsights.azure.com/api/logs?api-version=2016-04-01".format(workspace_id)

    def __rfc1123date(self):
-        return datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT')
+        return now().strftime('%a, %d %b %Y %H:%M:%S GMT')

    def send_event(self, workspace_id, shared_key, state, result, runtime):
        if result._task_fields['args'].get('_ansible_check_mode') is True:
@@ -167,7 +170,7 @@ class CallbackModule(CallbackBase):

    def _seconds_since_start(self, result):
        return (
-            datetime.utcnow() -
+            now() -
            self.start_datetimes[result._task._uuid]
        ).total_seconds()

@@ -185,10 +188,10 @@ class CallbackModule(CallbackBase):
        self.loganalytics.ansible_playbook = basename(playbook._file_name)

    def v2_playbook_on_task_start(self, task, is_conditional):
-        self.start_datetimes[task._uuid] = datetime.utcnow()
+        self.start_datetimes[task._uuid] = now()

    def v2_playbook_on_handler_task_start(self, task):
-        self.start_datetimes[task._uuid] = datetime.utcnow()
+        self.start_datetimes[task._uuid] = now()

    def v2_runner_on_ok(self, result, **kwargs):
        self.loganalytics.send_event(
--- a/plugins/callback/logstash.py
+++ b/plugins/callback/logstash.py
@@ -99,7 +99,6 @@ from ansible import context
 import socket
 import uuid
 import logging
-from datetime import datetime

 try:
    import logstash
@@ -109,6 +108,10 @@ except ImportError:

 from ansible.plugins.callback import CallbackBase

+from ansible_collections.community.general.plugins.module_utils.datetime import (
+    now,
+)
+

 class CallbackModule(CallbackBase):

@@ -126,7 +129,7 @@ class CallbackModule(CallbackBase):
                                  "pip install python-logstash for Python 2"
                                  "pip install python3-logstash for Python 3")

-        self.start_time = datetime.utcnow()
+        self.start_time = now()

    def _init_plugin(self):
        if not self.disabled:
@@ -185,7 +188,7 @@ class CallbackModule(CallbackBase):
            self.logger.info("ansible start", extra=data)

    def v2_playbook_on_stats(self, stats):
-        end_time = datetime.utcnow()
+        end_time = now()
        runtime = end_time - self.start_time
        summarize_stat = {}
        for host in stats.processed.keys():
--- a/plugins/callback/opentelemetry.py
+++ b/plugins/callback/opentelemetry.py
@@ -304,6 +304,7 @@ class OpenTelemetrySource(object):
        status = Status(status_code=StatusCode.OK)
        if host_data.status != 'included':
            # Support loops
+            enriched_error_message = None
            if 'results' in host_data.result._result:
                if host_data.status == 'failed':
                    message = self.get_error_message_from_results(host_data.result._result['results'], task_data.action)
@@ -350,7 +351,8 @@ class OpenTelemetrySource(object):
        if not disable_logs:
            # This will avoid populating span attributes to the logs
            span.add_event(task_data.dump, attributes={} if disable_attributes_in_logs else attributes)
-            span.end(end_time=host_data.finish)
+        # Close span always
+        span.end(end_time=host_data.finish)

    def set_span_attributes(self, span, attributes):
        """ update the span attributes with the given attributes if not None """
@@ -497,6 +499,20 @@ class CallbackModule(CallbackBase):
        # See https://github.com/open-telemetry/opentelemetry-specification/issues/740
        self.traceparent = self.get_option('traceparent')

+    def dump_results(self, task, result):
+        """ dump the results if disable_logs is not enabled """
+        if self.disable_logs:
+            return ""
+        # ansible.builtin.uri contains the response in the json field
+        save = dict(result._result)
+
+        if "json" in save and task.action in ("ansible.builtin.uri", "ansible.legacy.uri", "uri"):
+            save.pop("json")
+        # ansible.builtin.slurp contains the response in the content field
+        if "content" in save and task.action in ("ansible.builtin.slurp", "ansible.legacy.slurp", "slurp"):
+            save.pop("content")
+        return self._dump_results(save)
+
    def v2_playbook_on_start(self, playbook):
        self.ansible_playbook = basename(playbook._file_name)

@@ -546,7 +562,7 @@ class CallbackModule(CallbackBase):
            self.tasks_data,
            status,
            result,
-            self._dump_results(result._result)
+            self.dump_results(self.tasks_data[result._task._uuid], result)
        )

    def v2_runner_on_ok(self, result):
@@ -554,7 +570,7 @@ class CallbackModule(CallbackBase):
            self.tasks_data,
            'ok',
            result,
-            self._dump_results(result._result)
+            self.dump_results(self.tasks_data[result._task._uuid], result)
        )

    def v2_runner_on_skipped(self, result):
@@ -562,7 +578,7 @@ class CallbackModule(CallbackBase):
            self.tasks_data,
            'skipped',
            result,
-            self._dump_results(result._result)
+            self.dump_results(self.tasks_data[result._task._uuid], result)
        )

    def v2_playbook_on_include(self, included_file):
--- a/plugins/callback/splunk.py
+++ b/plugins/callback/splunk.py
@@ -88,13 +88,16 @@ import uuid
 import socket
 import getpass

-from datetime import datetime
 from os.path import basename

 from ansible.module_utils.urls import open_url
 from ansible.parsing.ajson import AnsibleJSONEncoder
 from ansible.plugins.callback import CallbackBase

+from ansible_collections.community.general.plugins.module_utils.datetime import (
+    now,
+)
+

 class SplunkHTTPCollectorSource(object):
    def __init__(self):
@@ -134,7 +137,7 @@ class SplunkHTTPCollectorSource(object):
        else:
            time_format = '%Y-%m-%d %H:%M:%S +0000'

-        data['timestamp'] = datetime.utcnow().strftime(time_format)
+        data['timestamp'] = now().strftime(time_format)
        data['host'] = self.host
        data['ip_address'] = self.ip_address
        data['user'] = self.user
@@ -181,7 +184,7 @@ class CallbackModule(CallbackBase):

    def _runtime(self, result):
        return (
-            datetime.utcnow() -
+            now() -
            self.start_datetimes[result._task._uuid]
        ).total_seconds()

@@ -220,10 +223,10 @@ class CallbackModule(CallbackBase):
        self.splunk.ansible_playbook = basename(playbook._file_name)

    def v2_playbook_on_task_start(self, task, is_conditional):
-        self.start_datetimes[task._uuid] = datetime.utcnow()
+        self.start_datetimes[task._uuid] = now()

    def v2_playbook_on_handler_task_start(self, task):
-        self.start_datetimes[task._uuid] = datetime.utcnow()
+        self.start_datetimes[task._uuid] = now()

    def v2_runner_on_ok(self, result, **kwargs):
        self.splunk.send_event(
--- a/plugins/callback/sumologic.py
+++ b/plugins/callback/sumologic.py
@@ -46,13 +46,16 @@ import uuid
 import socket
 import getpass

-from datetime import datetime
 from os.path import basename

 from ansible.module_utils.urls import open_url
 from ansible.parsing.ajson import AnsibleJSONEncoder
 from ansible.plugins.callback import CallbackBase

+from ansible_collections.community.general.plugins.module_utils.datetime import (
+    now,
+)
+

 class SumologicHTTPCollectorSource(object):
    def __init__(self):
@@ -84,8 +87,7 @@ class SumologicHTTPCollectorSource(object):
        data['uuid'] = result._task._uuid
        data['session'] = self.session
        data['status'] = state
-        data['timestamp'] = datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S '
-                                                       '+0000')
+        data['timestamp'] = now().strftime('%Y-%m-%d %H:%M:%S +0000')
        data['host'] = self.host
        data['ip_address'] = self.ip_address
        data['user'] = self.user
@@ -123,7 +125,7 @@ class CallbackModule(CallbackBase):

    def _runtime(self, result):
        return (
-            datetime.utcnow() -
+            now() -
            self.start_datetimes[result._task._uuid]
        ).total_seconds()

@@ -144,10 +146,10 @@ class CallbackModule(CallbackBase):
        self.sumologic.ansible_playbook = basename(playbook._file_name)

    def v2_playbook_on_task_start(self, task, is_conditional):
-        self.start_datetimes[task._uuid] = datetime.utcnow()
+        self.start_datetimes[task._uuid] = now()

    def v2_playbook_on_handler_task_start(self, task):
-        self.start_datetimes[task._uuid] = datetime.utcnow()
+        self.start_datetimes[task._uuid] = now()

    def v2_runner_on_ok(self, result, **kwargs):
        self.sumologic.send_event(
--- a/plugins/callback/yaml.py
+++ b/plugins/callback/yaml.py
@@ -19,6 +19,16 @@ DOCUMENTATION = '''
      - default_callback
    requirements:
      - set as stdout in configuration
+    seealso:
+      - plugin: ansible.builtin.default
+        plugin_type: callback
+        description: >
+          There is a parameter O(ansible.builtin.default#callback:result_format) in P(ansible.builtin.default#callback)
+          that allows you to change the output format to YAML.
+    notes:
+      - >
+        With ansible-core 2.13 or newer, you can instead specify V(yaml) for the parameter O(ansible.builtin.default#callback:result_format)
+        in P(ansible.builtin.default#callback).
 '''

 import yaml
--- a/plugins/filter/from_ini.py
+++ b/plugins/filter/from_ini.py
@@ -57,7 +57,7 @@ class IniParser(ConfigParser):
    ''' Implements a configparser which is able to return a dict '''

    def __init__(self):
-        super().__init__()
+        super().__init__(interpolation=None)
        self.optionxform = str

    def as_dict(self):
--- a/plugins/filter/lists_mergeby.py
+++ b/plugins/filter/lists_mergeby.py
@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-# Copyright (c) 2020-2022, Vladimir Botka <vbotka@gmail.com>
+# Copyright (c) 2020-2024, Vladimir Botka <vbotka@gmail.com>
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

@@ -12,22 +12,32 @@ DOCUMENTATION = '''
  version_added: 2.0.0
  author: Vladimir Botka (@vbotka)
  description:
-    - Merge two or more lists by attribute O(index). Optional parameters O(recursive) and O(list_merge)
-      control the merging of the lists in values. The function merge_hash from ansible.utils.vars
-      is used. To learn details on how to use the parameters O(recursive) and O(list_merge) see
-      Ansible User's Guide chapter "Using filters to manipulate data" section "Combining
-      hashes/dictionaries".
+    - Merge two or more lists by attribute O(index). Optional
+      parameters O(recursive) and O(list_merge) control the merging of
+      the nested dictionaries and lists.
+    - The function C(merge_hash) from C(ansible.utils.vars) is used.
+    - To learn details on how to use the parameters O(recursive) and
+      O(list_merge) see Ansible User's Guide chapter "Using filters to
+      manipulate data" section R(Combining hashes/dictionaries, combine_filter) or the
+      filter P(ansible.builtin.combine#filter).
+
  positional: another_list, index
  options:
    _input:
-      description: A list of dictionaries.
+      description:
+        - A list of dictionaries, or a list of lists of dictionaries.
+        - The required type of the C(elements) is set to C(raw)
+          because all elements of O(_input) can be either dictionaries
+          or lists.
      type: list
-      elements: dictionary
+      elements: raw
      required: true
    another_list:
-      description: Another list of dictionaries. This parameter can be specified multiple times.
+      description:
+        - Another list of dictionaries, or a list of lists of dictionaries.
+        - This parameter can be specified multiple times.
      type: list
-      elements: dictionary
+      elements: raw
    index:
      description:
        - The dictionary key that must be present in every dictionary in every list that is used to
@@ -55,40 +65,134 @@ DOCUMENTATION = '''
 '''

 EXAMPLES = '''
- name: Merge two lists
+# Some results below are manually formatted for better readability. The
+# dictionaries' keys will be sorted alphabetically in real output.
+
+- name: Example 1. Merge two lists. The results r1 and r2 are the same.
  ansible.builtin.debug:
-    msg: >-
-      {{ list1 | community.general.lists_mergeby(
-                    list2,
-                    'index',
-                    recursive=True,
-                    list_merge='append'
-                 ) }}"
+    msg: |
+      r1: {{ r1 }}
+      r2: {{ r2 }}
  vars:
    list1:
-      - index: a
-        value: 123
-      - index: b
-        value: 42
+      - {index: a, value: 123}
+      - {index: b, value: 4}
    list2:
-      - index: a
-        foo: bar
-      - index: c
-        foo: baz
-  # Produces the following list of dictionaries:
-  #   {
-  #     "index": "a",
-  #     "foo": "bar",
-  #     "value": 123
-  #   },
-  #   {
-  #     "index": "b",
-  #     "value": 42
-  #   },
-  #   {
-  #     "index": "c",
-  #     "foo": "baz"
-  #   }
+      - {index: a, foo: bar}
+      - {index: c, foo: baz}
+    r1: "{{ list1 | community.general.lists_mergeby(list2, 'index') }}"
+    r2: "{{ [list1, list2] | community.general.lists_mergeby('index') }}"
+
+#  r1:
+#    - {index: a, foo: bar, value: 123}
+#    - {index: b, value: 4}
+#    - {index: c, foo: baz}
+#  r2:
+#    - {index: a, foo: bar, value: 123}
+#    - {index: b, value: 4}
+#    - {index: c, foo: baz}
+
+- name: Example 2. Merge three lists
+  ansible.builtin.debug:
+    var: r
+  vars:
+    list1:
+      - {index: a, value: 123}
+      - {index: b, value: 4}
+    list2:
+      - {index: a, foo: bar}
+      - {index: c, foo: baz}
+    list3:
+      - {index: d, foo: qux}
+    r: "{{ [list1, list2, list3] | community.general.lists_mergeby('index') }}"
+
+#  r:
+#    - {index: a, foo: bar, value: 123}
+#    - {index: b, value: 4}
+#    - {index: c, foo: baz}
+#    - {index: d, foo: qux}
+
+- name: Example 3. Merge single list. The result is the same as 2.
+  ansible.builtin.debug:
+    var: r
+  vars:
+    list1:
+      - {index: a, value: 123}
+      - {index: b, value: 4}
+      - {index: a, foo: bar}
+      - {index: c, foo: baz}
+      - {index: d, foo: qux}
+    r: "{{ [list1, []] | community.general.lists_mergeby('index') }}"
+
+#  r:
+#    - {index: a, foo: bar, value: 123}
+#    - {index: b, value: 4}
+#    - {index: c, foo: baz}
+#    - {index: d, foo: qux}
+
+- name: Example 4. Merge two lists. By default, replace nested lists.
+  ansible.builtin.debug:
+    var: r
+  vars:
+    list1:
+      - {index: a, foo: [X1, X2]}
+      - {index: b, foo: [X1, X2]}
+    list2:
+      - {index: a, foo: [Y1, Y2]}
+      - {index: b, foo: [Y1, Y2]}
+    r: "{{ [list1, list2] | community.general.lists_mergeby('index') }}"
+
+#  r:
+#    - {index: a, foo: [Y1, Y2]}
+#    - {index: b, foo: [Y1, Y2]}
+
+- name: Example 5. Merge two lists. Append nested lists.
+  ansible.builtin.debug:
+    var: r
+  vars:
+    list1:
+      - {index: a, foo: [X1, X2]}
+      - {index: b, foo: [X1, X2]}
+    list2:
+      - {index: a, foo: [Y1, Y2]}
+      - {index: b, foo: [Y1, Y2]}
+    r: "{{ [list1, list2] | community.general.lists_mergeby('index', list_merge='append') }}"
+
+#  r:
+#    - {index: a, foo: [X1, X2, Y1, Y2]}
+#    - {index: b, foo: [X1, X2, Y1, Y2]}
+
+- name: Example 6. Merge two lists. By default, do not merge nested dictionaries.
+  ansible.builtin.debug:
+    var: r
+  vars:
+    list1:
+      - {index: a, foo: {x: 1, y: 2}}
+      - {index: b, foo: [X1, X2]}
+    list2:
+      - {index: a, foo: {y: 3, z: 4}}
+      - {index: b, foo: [Y1, Y2]}
+    r: "{{ [list1, list2] | community.general.lists_mergeby('index') }}"
+
+#  r:
+#    - {index: a, foo: {y: 3, z: 4}}
+#    - {index: b, foo: [Y1, Y2]}
+
+- name: Example 7. Merge two lists. Merge nested dictionaries too.
+  ansible.builtin.debug:
+    var: r
+  vars:
+    list1:
+      - {index: a, foo: {x: 1, y: 2}}
+      - {index: b, foo: [X1, X2]}
+    list2:
+      - {index: a, foo: {y: 3, z: 4}}
+      - {index: b, foo: [Y1, Y2]}
+    r: "{{ [list1, list2] | community.general.lists_mergeby('index', recursive=true) }}"
+
+#  r:
+#    - {index: a, foo: {x:1, y: 3, z: 4}}
+#    - {index: b, foo: [Y1, Y2]}
 '''

 RETURN = '''
@@ -108,13 +212,14 @@ from operator import itemgetter


 def list_mergeby(x, y, index, recursive=False, list_merge='replace'):
-    ''' Merge 2 lists by attribute 'index'. The function merge_hash from ansible.utils.vars is used.
-        This function is used by the function lists_mergeby.
+    '''Merge 2 lists by attribute 'index'. The function 'merge_hash'
+       from ansible.utils.vars is used.  This function is used by the
+       function lists_mergeby.
    '''

    d = defaultdict(dict)
-    for l in (x, y):
-        for elem in l:
+    for lst in (x, y):
+        for elem in lst:
            if not isinstance(elem, Mapping):
                msg = "Elements of list arguments for lists_mergeby must be dictionaries. %s is %s"
                raise AnsibleFilterError(msg % (elem, type(elem)))
@@ -124,20 +229,9 @@ def list_mergeby(x, y, index, recursive=False, list_merge='replace'):


 def lists_mergeby(*terms, **kwargs):
-    ''' Merge 2 or more lists by attribute 'index'. Optional parameters 'recursive' and 'list_merge'
-        control the merging of the lists in values. The function merge_hash from ansible.utils.vars
-        is used. To learn details on how to use the parameters 'recursive' and 'list_merge' see
-        Ansible User's Guide chapter "Using filters to manipulate data" section "Combining
-        hashes/dictionaries".
-
-        Example:
-        - debug:
-            msg: "{{ list1|
-                     community.general.lists_mergeby(list2,
-                                                     'index',
-                                                     recursive=True,
-                                                     list_merge='append')|
-                     list }}"
+    '''Merge 2 or more lists by attribute 'index'. To learn details
+       on how to use the parameters 'recursive' and 'list_merge' see
+       the filter ansible.builtin.combine.
    '''

    recursive = kwargs.pop('recursive', False)
@@ -155,7 +249,7 @@ def lists_mergeby(*terms, **kwargs):
                   "must be lists. %s is %s")
            raise AnsibleFilterError(msg % (sublist, type(sublist)))
        if len(sublist) > 0:
-            if all(isinstance(l, Sequence) for l in sublist):
+            if all(isinstance(lst, Sequence) for lst in sublist):
                for item in sublist:
                    flat_list.append(item)
            else:
--- a/plugins/filter/to_ini.py
+++ b/plugins/filter/to_ini.py
@@ -63,7 +63,7 @@ class IniParser(ConfigParser):
    ''' Implements a configparser which sets the correct optionxform '''

    def __init__(self):
-        super().__init__()
+        super().__init__(interpolation=None)
        self.optionxform = str


--- a/plugins/inventory/cobbler.py
+++ b/plugins/inventory/cobbler.py
@@ -118,6 +118,8 @@ from ansible.module_utils.common.text.converters import to_text
 from ansible.plugins.inventory import BaseInventoryPlugin, Cacheable, to_safe_group_name
 from ansible.module_utils.six import text_type

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+
 # xmlrpc
 try:
    import xmlrpclib as xmlrpc_client
@@ -274,9 +276,9 @@ class InventoryModule(BaseInventoryPlugin, Cacheable):
        for host in self._get_systems():
            # Get the FQDN for the host and add it to the right groups
            if self.inventory_hostname == 'system':
-                hostname = host['name']  # None
+                hostname = make_unsafe(host['name'])  # None
            else:
-                hostname = host['hostname']  # None
+                hostname = make_unsafe(host['hostname'])  # None
            interfaces = host['interfaces']

            if set(host['mgmt_classes']) & set(self.include_mgmt_classes):
@@ -296,7 +298,7 @@ class InventoryModule(BaseInventoryPlugin, Cacheable):
                    if ivalue['management'] or not ivalue['static']:
                        this_dns_name = ivalue.get('dns_name', None)
                        if this_dns_name is not None and this_dns_name != "":
-                            hostname = this_dns_name
+                            hostname = make_unsafe(this_dns_name)
                            self.display.vvvv('Set hostname to %s from %s\n' % (hostname, iname))

            if hostname == '':
@@ -361,18 +363,18 @@ class InventoryModule(BaseInventoryPlugin, Cacheable):
            if ip_address is None and ip_address_first is not None:
                ip_address = ip_address_first
            if ip_address is not None:
-                self.inventory.set_variable(hostname, 'cobbler_ipv4_address', ip_address)
+                self.inventory.set_variable(hostname, 'cobbler_ipv4_address', make_unsafe(ip_address))
            if ipv6_address is None and ipv6_address_first is not None:
                ipv6_address = ipv6_address_first
            if ipv6_address is not None:
-                self.inventory.set_variable(hostname, 'cobbler_ipv6_address', ipv6_address)
+                self.inventory.set_variable(hostname, 'cobbler_ipv6_address', make_unsafe(ipv6_address))

            if self.get_option('want_facts'):
                try:
-                    self.inventory.set_variable(hostname, 'cobbler', host)
+                    self.inventory.set_variable(hostname, 'cobbler', make_unsafe(host))
                except ValueError as e:
                    self.display.warning("Could not set host info for %s: %s" % (hostname, to_text(e)))

        if self.get_option('want_ip_addresses'):
-            self.inventory.set_variable(self.group, 'cobbler_ipv4_addresses', ip_addresses)
-            self.inventory.set_variable(self.group, 'cobbler_ipv6_addresses', ipv6_addresses)
+            self.inventory.set_variable(self.group, 'cobbler_ipv4_addresses', make_unsafe(ip_addresses))
+            self.inventory.set_variable(self.group, 'cobbler_ipv6_addresses', make_unsafe(ipv6_addresses))
--- a/plugins/inventory/gitlab_runners.py
+++ b/plugins/inventory/gitlab_runners.py
@@ -84,6 +84,8 @@ from ansible.errors import AnsibleError, AnsibleParserError
 from ansible.module_utils.common.text.converters import to_native
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+
 try:
    import gitlab
    HAS_GITLAB = True
@@ -105,11 +107,11 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
            else:
                runners = gl.runners.all()
            for runner in runners:
-                host = str(runner['id'])
+                host = make_unsafe(str(runner['id']))
                ip_address = runner['ip_address']
-                host_attrs = vars(gl.runners.get(runner['id']))['_attrs']
+                host_attrs = make_unsafe(vars(gl.runners.get(runner['id']))['_attrs'])
                self.inventory.add_host(host, group='gitlab_runners')
-                self.inventory.set_variable(host, 'ansible_host', ip_address)
+                self.inventory.set_variable(host, 'ansible_host', make_unsafe(ip_address))
                if self.get_option('verbose_output', True):
                    self.inventory.set_variable(host, 'gitlab_runner_attributes', host_attrs)

--- a/plugins/inventory/icinga2.py
+++ b/plugins/inventory/icinga2.py
@@ -63,6 +63,12 @@ DOCUMENTATION = '''
        default: address
        choices: ['name', 'display_name', 'address']
        version_added: 4.2.0
+      group_by_hostgroups:
+        description:
+          - Uses Icinga2 hostgroups as groups.
+        type: boolean
+        default: true
+        version_added: 8.4.0
 '''

 EXAMPLES = r'''
@@ -97,6 +103,8 @@ from ansible.plugins.inventory import BaseInventoryPlugin, Constructable
 from ansible.module_utils.urls import open_url
 from ansible.module_utils.six.moves.urllib.error import HTTPError

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+

 class InventoryModule(BaseInventoryPlugin, Constructable):
    ''' Host inventory parser for ansible using Icinga2 as source. '''
@@ -114,6 +122,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
        self.ssl_verify = None
        self.host_filter = None
        self.inventory_attr = None
+        self.group_by_hostgroups = None

        self.cache_key = None
        self.use_cache = None
@@ -233,31 +242,32 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
        """Convert Icinga2 API data to JSON format for Ansible"""
        groups_dict = {"_meta": {"hostvars": {}}}
        for entry in json_data:
-            host_attrs = entry['attrs']
+            host_attrs = make_unsafe(entry['attrs'])
            if self.inventory_attr == "name":
-                host_name = entry.get('name')
+                host_name = make_unsafe(entry.get('name'))
            if self.inventory_attr == "address":
                # When looking for address for inventory, if missing fallback to object name
                if host_attrs.get('address', '') != '':
-                    host_name = host_attrs.get('address')
+                    host_name = make_unsafe(host_attrs.get('address'))
                else:
-                    host_name = entry.get('name')
+                    host_name = make_unsafe(entry.get('name'))
            if self.inventory_attr == "display_name":
                host_name = host_attrs.get('display_name')
            if host_attrs['state'] == 0:
                host_attrs['state'] = 'on'
            else:
                host_attrs['state'] = 'off'
-            host_groups = host_attrs.get('groups')
            self.inventory.add_host(host_name)
-            for group in host_groups:
-                if group not in self.inventory.groups.keys():
-                    self.inventory.add_group(group)
-                self.inventory.add_child(group, host_name)
+            if self.group_by_hostgroups:
+                host_groups = host_attrs.get('groups')
+                for group in host_groups:
+                    if group not in self.inventory.groups.keys():
+                        self.inventory.add_group(group)
+                    self.inventory.add_child(group, host_name)
            # If the address attribute is populated, override ansible_host with the value
            if host_attrs.get('address') != '':
                self.inventory.set_variable(host_name, 'ansible_host', host_attrs.get('address'))
-            self.inventory.set_variable(host_name, 'hostname', entry.get('name'))
+            self.inventory.set_variable(host_name, 'hostname', make_unsafe(entry.get('name')))
            self.inventory.set_variable(host_name, 'display_name', host_attrs.get('display_name'))
            self.inventory.set_variable(host_name, 'state',
                                        host_attrs['state'])
@@ -283,6 +293,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
        self.ssl_verify = self.get_option('validate_certs')
        self.host_filter = self.get_option('host_filter')
        self.inventory_attr = self.get_option('inventory_attr')
+        self.group_by_hostgroups = self.get_option('group_by_hostgroups')

        if self.templar.is_template(self.icinga2_url):
            self.icinga2_url = self.templar.template(variable=self.icinga2_url, disable_lookups=False)
--- a/plugins/inventory/linode.py
+++ b/plugins/inventory/linode.py
@@ -123,6 +123,8 @@ compose:
 from ansible.errors import AnsibleError
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+

 try:
    from linode_api4 import LinodeClient
@@ -198,20 +200,21 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
    def _add_instances_to_groups(self):
        """Add instance names to their dynamic inventory groups."""
        for instance in self.instances:
-            self.inventory.add_host(instance.label, group=instance.group)
+            self.inventory.add_host(make_unsafe(instance.label), group=instance.group)

    def _add_hostvars_for_instances(self):
        """Add hostvars for instances in the dynamic inventory."""
        ip_style = self.get_option('ip_style')
        for instance in self.instances:
            hostvars = instance._raw_json
+            hostname = make_unsafe(instance.label)
            for hostvar_key in hostvars:
                if ip_style == 'api' and hostvar_key in ['ipv4', 'ipv6']:
                    continue
                self.inventory.set_variable(
-                    instance.label,
+                    hostname,
                    hostvar_key,
-                    hostvars[hostvar_key]
+                    make_unsafe(hostvars[hostvar_key])
                )
            if ip_style == 'api':
                ips = instance.ips.ipv4.public + instance.ips.ipv4.private
@@ -220,9 +223,9 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):

                for ip_type in set(ip.type for ip in ips):
                    self.inventory.set_variable(
-                        instance.label,
+                        hostname,
                        ip_type,
-                        self._ip_data([ip for ip in ips if ip.type == ip_type])
+                        make_unsafe(self._ip_data([ip for ip in ips if ip.type == ip_type]))
                    )

    def _ip_data(self, ip_list):
@@ -253,30 +256,44 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
        self._add_instances_to_groups()
        self._add_hostvars_for_instances()
        for instance in self.instances:
-            variables = self.inventory.get_host(instance.label).get_vars()
+            hostname = make_unsafe(instance.label)
+            variables = self.inventory.get_host(hostname).get_vars()
            self._add_host_to_composed_groups(
                self.get_option('groups'),
                variables,
-                instance.label,
+                hostname,
                strict=strict)
            self._add_host_to_keyed_groups(
                self.get_option('keyed_groups'),
                variables,
-                instance.label,
+                hostname,
                strict=strict)
            self._set_composite_vars(
                self.get_option('compose'),
                variables,
-                instance.label,
+                hostname,
                strict=strict)

    def verify_file(self, path):
-        """Verify the Linode configuration file."""
+        """Verify the Linode configuration file.
+
+        Return true/false if the config-file is valid for this plugin
+
+        Args:
+            str(path): path to the config
+        Kwargs:
+            None
+        Raises:
+            None
+        Returns:
+            bool(valid): is valid config file"""
+        valid = False
        if super(InventoryModule, self).verify_file(path):
-            endings = ('linode.yaml', 'linode.yml')
-            if any((path.endswith(ending) for ending in endings)):
-                return True
-        return False
+            if path.endswith(("linode.yaml", "linode.yml")):
+                valid = True
+            else:
+                self.display.vvv('Inventory source not ending in "linode.yaml" or "linode.yml"')
+        return valid

    def parse(self, inventory, loader, path, cache=True):
        """Dynamically parse Linode the cloud inventory."""
--- a/plugins/inventory/lxd.py
+++ b/plugins/inventory/lxd.py
@@ -175,6 +175,7 @@ from ansible.module_utils.six import raise_from
 from ansible.errors import AnsibleError, AnsibleParserError
 from ansible.module_utils.six.moves.urllib.parse import urlencode
 from ansible_collections.community.general.plugins.module_utils.lxd import LXDClient, LXDClientException
+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe

 try:
    import ipaddress
@@ -670,7 +671,7 @@ class InventoryModule(BaseInventoryPlugin):

        if self._get_data_entry('inventory/{0}/network_interfaces'.format(instance_name)):  # instance have network interfaces
            self.inventory.set_variable(instance_name, 'ansible_connection', 'ssh')
-            self.inventory.set_variable(instance_name, 'ansible_host', interface_selection(instance_name))
+            self.inventory.set_variable(instance_name, 'ansible_host', make_unsafe(interface_selection(instance_name)))
        else:
            self.inventory.set_variable(instance_name, 'ansible_connection', 'local')

@@ -696,31 +697,39 @@ class InventoryModule(BaseInventoryPlugin):
                if self.filter.lower() != instance_state:
                    continue
            # add instance
+            instance_name = make_unsafe(instance_name)
            self.inventory.add_host(instance_name)
            # add network information
            self.build_inventory_network(instance_name)
            # add os
            v = self._get_data_entry('inventory/{0}/os'.format(instance_name))
            if v:
-                self.inventory.set_variable(instance_name, 'ansible_lxd_os', v.lower())
+                self.inventory.set_variable(instance_name, 'ansible_lxd_os', make_unsafe(v.lower()))
            # add release
            v = self._get_data_entry('inventory/{0}/release'.format(instance_name))
            if v:
-                self.inventory.set_variable(instance_name, 'ansible_lxd_release', v.lower())
+                self.inventory.set_variable(
+                    instance_name, 'ansible_lxd_release', make_unsafe(v.lower()))
            # add profile
-            self.inventory.set_variable(instance_name, 'ansible_lxd_profile', self._get_data_entry('inventory/{0}/profile'.format(instance_name)))
+            self.inventory.set_variable(
+                instance_name, 'ansible_lxd_profile', make_unsafe(self._get_data_entry('inventory/{0}/profile'.format(instance_name))))
            # add state
-            self.inventory.set_variable(instance_name, 'ansible_lxd_state', instance_state)
+            self.inventory.set_variable(
+                instance_name, 'ansible_lxd_state', make_unsafe(instance_state))
            # add type
-            self.inventory.set_variable(instance_name, 'ansible_lxd_type', self._get_data_entry('inventory/{0}/type'.format(instance_name)))
+            self.inventory.set_variable(
+                instance_name, 'ansible_lxd_type', make_unsafe(self._get_data_entry('inventory/{0}/type'.format(instance_name))))
            # add location information
            if self._get_data_entry('inventory/{0}/location'.format(instance_name)) != "none":  # wrong type by lxd 'none' != 'None'
-                self.inventory.set_variable(instance_name, 'ansible_lxd_location', self._get_data_entry('inventory/{0}/location'.format(instance_name)))
+                self.inventory.set_variable(
+                    instance_name, 'ansible_lxd_location', make_unsafe(self._get_data_entry('inventory/{0}/location'.format(instance_name))))
            # add VLAN_ID information
            if self._get_data_entry('inventory/{0}/vlan_ids'.format(instance_name)):
-                self.inventory.set_variable(instance_name, 'ansible_lxd_vlan_ids', self._get_data_entry('inventory/{0}/vlan_ids'.format(instance_name)))
+                self.inventory.set_variable(
+                    instance_name, 'ansible_lxd_vlan_ids', make_unsafe(self._get_data_entry('inventory/{0}/vlan_ids'.format(instance_name))))
            # add project
-            self.inventory.set_variable(instance_name, 'ansible_lxd_project', self._get_data_entry('inventory/{0}/project'.format(instance_name)))
+            self.inventory.set_variable(
+                instance_name, 'ansible_lxd_project', make_unsafe(self._get_data_entry('inventory/{0}/project'.format(instance_name))))

    def build_inventory_groups_location(self, group_name):
        """create group by attribute: location
@@ -993,7 +1002,7 @@ class InventoryModule(BaseInventoryPlugin):
            for group_name in self.groupby:
                if not group_name.isalnum():
                    raise AnsibleParserError('Invalid character(s) in groupname: {0}'.format(to_native(group_name)))
-                group_type(group_name)
+                group_type(make_unsafe(group_name))

    def build_inventory(self):
        """Build dynamic inventory
--- a/plugins/inventory/nmap.py
+++ b/plugins/inventory/nmap.py
@@ -127,6 +127,8 @@ from ansible.module_utils.common.text.converters import to_native, to_text
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable
 from ansible.module_utils.common.process import get_bin_path

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+

 class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):

@@ -143,6 +145,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
        strict = self.get_option('strict')

        for host in hosts:
+            host = make_unsafe(host)
            hostname = host['name']
            self.inventory.add_host(hostname)
            for var, value in host.items():
--- a/plugins/inventory/online.py
+++ b/plugins/inventory/online.py
@@ -69,6 +69,8 @@ from ansible.module_utils.common.text.converters import to_text
 from ansible.module_utils.ansible_release import __version__ as ansible_version
 from ansible.module_utils.six.moves.urllib.parse import urljoin

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+

 class InventoryModule(BaseInventoryPlugin):
    NAME = 'community.general.online'
@@ -169,20 +171,20 @@ class InventoryModule(BaseInventoryPlugin):
            "support"
        )
        for attribute in targeted_attributes:
-            self.inventory.set_variable(hostname, attribute, host_infos[attribute])
+            self.inventory.set_variable(hostname, attribute, make_unsafe(host_infos[attribute]))

        if self.extract_public_ipv4(host_infos=host_infos):
-            self.inventory.set_variable(hostname, "public_ipv4", self.extract_public_ipv4(host_infos=host_infos))
-            self.inventory.set_variable(hostname, "ansible_host", self.extract_public_ipv4(host_infos=host_infos))
+            self.inventory.set_variable(hostname, "public_ipv4", make_unsafe(self.extract_public_ipv4(host_infos=host_infos)))
+            self.inventory.set_variable(hostname, "ansible_host", make_unsafe(self.extract_public_ipv4(host_infos=host_infos)))

        if self.extract_private_ipv4(host_infos=host_infos):
-            self.inventory.set_variable(hostname, "public_ipv4", self.extract_private_ipv4(host_infos=host_infos))
+            self.inventory.set_variable(hostname, "public_ipv4", make_unsafe(self.extract_private_ipv4(host_infos=host_infos)))

        if self.extract_os_name(host_infos=host_infos):
-            self.inventory.set_variable(hostname, "os_name", self.extract_os_name(host_infos=host_infos))
+            self.inventory.set_variable(hostname, "os_name", make_unsafe(self.extract_os_name(host_infos=host_infos)))

        if self.extract_os_version(host_infos=host_infos):
-            self.inventory.set_variable(hostname, "os_version", self.extract_os_name(host_infos=host_infos))
+            self.inventory.set_variable(hostname, "os_version", make_unsafe(self.extract_os_name(host_infos=host_infos)))

    def _filter_host(self, host_infos, hostname_preferences):

@@ -201,6 +203,8 @@ class InventoryModule(BaseInventoryPlugin):
        if not hostname:
            return

+        hostname = make_unsafe(hostname)
+
        self.inventory.add_host(host=hostname)
        self._fill_host_variables(hostname=hostname, host_infos=host_infos)

@@ -210,6 +214,8 @@ class InventoryModule(BaseInventoryPlugin):
            if not group:
                return

+            group = make_unsafe(group)
+
            self.inventory.add_group(group=group)
            self.inventory.add_host(group=group, host=hostname)

--- a/plugins/inventory/opennebula.py
+++ b/plugins/inventory/opennebula.py
@@ -98,6 +98,8 @@ from ansible.errors import AnsibleError
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable
 from ansible.module_utils.common.text.converters import to_native

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+
 from collections import namedtuple
 import os

@@ -141,7 +143,8 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
            nic = [nic]

        for net in nic:
-            return net['IP']
+            if net.get('IP'):
+                return net['IP']

        return False

@@ -215,6 +218,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
        filter_by_label = self.get_option('filter_by_label')
        servers = self._retrieve_servers(filter_by_label)
        for server in servers:
+            server = make_unsafe(server)
            hostname = server['name']
            # check for labels
            if group_by_labels and server['LABELS']:
--- a/plugins/inventory/proxmox.py
+++ b/plugins/inventory/proxmox.py
@@ -228,6 +228,7 @@ from ansible.module_utils.six.moves.urllib.parse import urlencode
 from ansible.utils.display import Display

 from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe

 # 3rd party imports
 try:
@@ -334,7 +335,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):

            self._cache[self.cache_key][url] = data

-        return self._cache[self.cache_key][url]
+        return make_unsafe(self._cache[self.cache_key][url])

    def _get_nodes(self):
        return self._get_json("%s/api2/json/nodes" % self.proxmox_url)
--- a/plugins/inventory/scaleway.py
+++ b/plugins/inventory/scaleway.py
@@ -121,6 +121,7 @@ else:
 from ansible.errors import AnsibleError
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable
 from ansible_collections.community.general.plugins.module_utils.scaleway import SCALEWAY_LOCATION, parse_pagination_link
+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
 from ansible.module_utils.urls import open_url
 from ansible.module_utils.common.text.converters import to_native, to_text
 from ansible.module_utils.six import raise_from
@@ -279,7 +280,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
        zone_info = SCALEWAY_LOCATION[zone]

        url = _build_server_url(zone_info["api_endpoint"])
-        raw_zone_hosts_infos = _fetch_information(url=url, token=token)
+        raw_zone_hosts_infos = make_unsafe(_fetch_information(url=url, token=token))

        for host_infos in raw_zone_hosts_infos:

@@ -341,4 +342,4 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
        hostname_preference = self.get_option("hostnames")

        for zone in self._get_zones(config_zones):
-            self.do_zone_inventory(zone=zone, token=token, tags=tags, hostname_preferences=hostname_preference)
+            self.do_zone_inventory(zone=make_unsafe(zone), token=token, tags=tags, hostname_preferences=hostname_preference)
--- a/plugins/inventory/stackpath_compute.py
+++ b/plugins/inventory/stackpath_compute.py
@@ -73,6 +73,8 @@ from ansible.plugins.inventory import (
 )
 from ansible.utils.display import Display

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+

 display = Display()

@@ -271,7 +273,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
        if not cache or cache_needs_update:
            results = self._query()

-        self._populate(results)
+        self._populate(make_unsafe(results))

        # If the cache has expired/doesn't exist or
        # if refresh_inventory/flush cache is used
--- a/plugins/inventory/virtualbox.py
+++ b/plugins/inventory/virtualbox.py
@@ -63,6 +63,8 @@ from ansible.module_utils.common._collections_compat import MutableMapping
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable
 from ansible.module_utils.common.process import get_bin_path

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+

 class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
    ''' Host inventory parser for ansible using local virtualbox. '''
@@ -116,6 +118,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
            self._add_host_to_keyed_groups(self.get_option('keyed_groups'), hostvars[host], host, strict=strict)

    def _populate_from_cache(self, source_data):
+        source_data = make_unsafe(source_data)
        hostvars = source_data.pop('_meta', {}).get('hostvars', {})
        for group in source_data:
            if group == 'all':
@@ -162,7 +165,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
            v = v.strip()
            # found host
            if k.startswith('Name') and ',' not in v:  # some setting strings appear in Name
-                current_host = v
+                current_host = make_unsafe(v)
                if current_host not in hostvars:
                    hostvars[current_host] = {}
                    self.inventory.add_host(current_host)
@@ -170,12 +173,13 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
                # try to get network info
                netdata = self._query_vbox_data(current_host, netinfo)
                if netdata:
-                    self.inventory.set_variable(current_host, 'ansible_host', netdata)
+                    self.inventory.set_variable(current_host, 'ansible_host', make_unsafe(netdata))

            # found groups
            elif k == 'Groups':
                for group in v.split('/'):
                    if group:
+                        group = make_unsafe(group)
                        group = self.inventory.add_group(group)
                        self.inventory.add_child(group, current_host)
                        if group not in cacheable_results:
@@ -185,17 +189,17 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):

            else:
                # found vars, accumulate in hostvars for clean inventory set
-                pref_k = 'vbox_' + k.strip().replace(' ', '_')
+                pref_k = make_unsafe('vbox_' + k.strip().replace(' ', '_'))
                leading_spaces = len(k) - len(k.lstrip(' '))
                if 0 < leading_spaces <= 2:
                    if prevkey not in hostvars[current_host] or not isinstance(hostvars[current_host][prevkey], dict):
                        hostvars[current_host][prevkey] = {}
-                    hostvars[current_host][prevkey][pref_k] = v
+                    hostvars[current_host][prevkey][pref_k] = make_unsafe(v)
                elif leading_spaces > 2:
                    continue
                else:
                    if v != '':
-                        hostvars[current_host][pref_k] = v
+                        hostvars[current_host][pref_k] = make_unsafe(v)
                if self._ungrouped_host(current_host, cacheable_results):
                    if 'ungrouped' not in cacheable_results:
                        cacheable_results['ungrouped'] = {'hosts': []}
--- a/plugins/inventory/xen_orchestra.py
+++ b/plugins/inventory/xen_orchestra.py
@@ -84,6 +84,7 @@ from ansible.errors import AnsibleError
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable

 from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe

 # 3rd party imports
 try:
@@ -347,4 +348,4 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
            self.protocol = 'ws'

        objects = self._get_objects()
-        self._populate(objects)
+        self._populate(make_unsafe(objects))
--- a/plugins/lookup/bitwarden.py
+++ b/plugins/lookup/bitwarden.py
@@ -29,6 +29,7 @@ DOCUMENTATION = """
          - Field to retrieve, for example V(name) or V(id).
          - If set to V(id), only zero or one element can be returned.
            Use the Jinja C(first) filter to get the only list element.
+          - If set to V(None) or V(''), or if O(_terms) is empty, records are not filtered by fields.
        type: str
        default: name
        version_added: 5.7.0
@@ -39,6 +40,10 @@ DOCUMENTATION = """
        description: Collection ID to filter results by collection. Leave unset to skip filtering.
        type: str
        version_added: 6.3.0
+      organization_id:
+        description: Organization ID to filter results by organization. Leave unset to skip filtering.
+        type: str
+        version_added: 8.5.0
      bw_session:
        description: Pass session key instead of reading from env.
        type: str
@@ -75,6 +80,11 @@ EXAMPLES = """
  ansible.builtin.debug:
    msg: >-
      {{ lookup('community.general.bitwarden', 'a_test', field='password', bw_session='bXZ9B5TXi6...') }}
+
+- name: "Get all Bitwarden records from collection"
+  ansible.builtin.debug:
+    msg: >-
+      {{ lookup('community.general.bitwarden', None, collection_id='bafba515-af11-47e6-abe3-af1200cd18b2') }}
 """

 RETURN = """
@@ -136,7 +146,7 @@ class Bitwarden(object):
            raise BitwardenException(err)
        return to_text(out, errors='surrogate_or_strict'), to_text(err, errors='surrogate_or_strict')

-    def _get_matches(self, search_value, search_field, collection_id):
+    def _get_matches(self, search_value, search_field, collection_id=None, organization_id=None):
        """Return matching records whose search_field is equal to key.
        """

@@ -144,30 +154,37 @@ class Bitwarden(object):
        if search_field == 'id':
            params = ['get', 'item', search_value]
        else:
-            params = ['list', 'items', '--search', search_value]
+            params = ['list', 'items']
+            if search_value:
+                params.extend(['--search', search_value])

        if collection_id:
            params.extend(['--collectionid', collection_id])
+        if organization_id:
+            params.extend(['--organizationid', organization_id])

        out, err = self._run(params)

        # This includes things that matched in different fields.
        initial_matches = AnsibleJSONDecoder().raw_decode(out)[0]
+
        if search_field == 'id':
            if initial_matches is None:
                initial_matches = []
            else:
                initial_matches = [initial_matches]
-        # Filter to only include results from the right field.
-        return [item for item in initial_matches if item[search_field] == search_value]

-    def get_field(self, field, search_value, search_field="name", collection_id=None):
+        # Filter to only include results from the right field, if a search is requested by value or field
+        return [item for item in initial_matches
+                if not search_value or not search_field or item.get(search_field) == search_value]
+
+    def get_field(self, field, search_value, search_field="name", collection_id=None, organization_id=None):
        """Return a list of the specified field for records whose search_field match search_value
        and filtered by collection if collection has been provided.

        If field is None, return the whole record for each match.
        """
-        matches = self._get_matches(search_value, search_field, collection_id)
+        matches = self._get_matches(search_value, search_field, collection_id, organization_id)
        if not field:
            return matches
        field_matches = []
@@ -188,24 +205,30 @@ class Bitwarden(object):
            if field in match:
                field_matches.append(match[field])
                continue
+
        if matches and not field_matches:
            raise AnsibleError("field {field} does not exist in {search_value}".format(field=field, search_value=search_value))
+
        return field_matches


 class LookupModule(LookupBase):

-    def run(self, terms, variables=None, **kwargs):
+    def run(self, terms=None, variables=None, **kwargs):
        self.set_options(var_options=variables, direct=kwargs)
        field = self.get_option('field')
        search_field = self.get_option('search')
        collection_id = self.get_option('collection_id')
+        organization_id = self.get_option('organization_id')
        _bitwarden.session = self.get_option('bw_session')

        if not _bitwarden.unlocked:
            raise AnsibleError("Bitwarden Vault locked. Run 'bw unlock'.")

-        return [_bitwarden.get_field(field, term, search_field, collection_id) for term in terms]
+        if not terms:
+            terms = [None]
+
+        return [_bitwarden.get_field(field, term, search_field, collection_id, organization_id) for term in terms]


 _bitwarden = Bitwarden()
--- a/plugins/lookup/bitwarden_secrets_manager.py
+++ b/plugins/lookup/bitwarden_secrets_manager.py
@@ -70,6 +70,7 @@ RETURN = """
 """

 from subprocess import Popen, PIPE
+from time import sleep

 from ansible.errors import AnsibleLookupError
 from ansible.module_utils.common.text.converters import to_text
@@ -84,11 +85,29 @@ class BitwardenSecretsManagerException(AnsibleLookupError):
 class BitwardenSecretsManager(object):
    def __init__(self, path='bws'):
        self._cli_path = path
+        self._max_retries = 3
+        self._retry_delay = 1

    @property
    def cli_path(self):
        return self._cli_path

+    def _run_with_retry(self, args, stdin=None, retries=0):
+        out, err, rc = self._run(args, stdin)
+
+        if rc != 0:
+            if retries >= self._max_retries:
+                raise BitwardenSecretsManagerException("Max retries exceeded. Unable to retrieve secret.")
+
+            if "Too many requests" in err:
+                delay = self._retry_delay * (2 ** retries)
+                sleep(delay)
+                return self._run_with_retry(args, stdin, retries + 1)
+            else:
+                raise BitwardenSecretsManagerException(f"Command failed with return code {rc}: {err}")
+
+        return out, err, rc
+
    def _run(self, args, stdin=None):
        p = Popen([self.cli_path] + args, stdout=PIPE, stderr=PIPE, stdin=PIPE)
        out, err = p.communicate(stdin)
@@ -107,7 +126,7 @@ class BitwardenSecretsManager(object):
            'get', 'secret', secret_id
        ]

-        out, err, rc = self._run(params)
+        out, err, rc = self._run_with_retry(params)
        if rc != 0:
            raise BitwardenSecretsManagerException(to_text(err))

--- a/plugins/lookup/github_app_access_token.py
+++ b/plugins/lookup/github_app_access_token.py
@@ -49,7 +49,7 @@ EXAMPLES = '''
    dest: /srv/checkout
  vars:
    github_token: >-
-      lookup('github_app_token', key_path='/home/to_your/key',
+      lookup('community.general.github_app_access_token', key_path='/home/to_your/key',
             app_id='123456', installation_id='64209')
 '''

--- a/plugins/lookup/merge_variables.py
+++ b/plugins/lookup/merge_variables.py
@@ -10,11 +10,12 @@ DOCUMENTATION = """
    author:
      - Roy Lenferink (@rlenferink)
      - Mark Ettema (@m-a-r-k-e)
+      - Alexander Petrenz (@alpex8)
    name: merge_variables
-    short_description: merge variables with a certain suffix
+    short_description: merge variables whose names match a given pattern
    description:
        - This lookup returns the merged result of all variables in scope that match the given prefixes, suffixes, or
-         regular expressions, optionally.
+          regular expressions, optionally.
    version_added: 6.5.0
    options:
      _terms:
@@ -61,6 +62,13 @@ DOCUMENTATION = """
        ini:
          - section: merge_variables_lookup
            key: override
+      groups:
+        description:
+          - Search for variables accross hosts that belong to the given groups. This allows to collect configuration pieces
+            accross different hosts (for example a service on a host with its database on another host).
+        type: list
+        elements: str
+        version_added: 8.5.0
 """

 EXAMPLES = """
@@ -131,22 +139,41 @@ def _verify_and_get_type(variable):


 class LookupModule(LookupBase):
-
    def run(self, terms, variables=None, **kwargs):
        self.set_options(direct=kwargs)
        initial_value = self.get_option("initial_value", None)
        self._override = self.get_option('override', 'error')
        self._pattern_type = self.get_option('pattern_type', 'regex')
+        self._groups = self.get_option('groups', None)

        ret = []
        for term in terms:
            if not isinstance(term, str):
                raise AnsibleError("Non-string type '{0}' passed, only 'str' types are allowed!".format(type(term)))

-            ret.append(self._merge_vars(term, initial_value, variables))
+            if not self._groups:  # consider only own variables
+                ret.append(self._merge_vars(term, initial_value, variables))
+            else:  # consider variables of hosts in given groups
+                cross_host_merge_result = initial_value
+                for host in variables["hostvars"]:
+                    if self._is_host_in_allowed_groups(variables["hostvars"][host]["group_names"]):
+                        host_variables = dict(variables["hostvars"].raw_get(host))
+                        host_variables["hostvars"] = variables["hostvars"]  # re-add hostvars
+                        cross_host_merge_result = self._merge_vars(term, cross_host_merge_result, host_variables)
+                ret.append(cross_host_merge_result)

        return ret

+    def _is_host_in_allowed_groups(self, host_groups):
+        if 'all' in self._groups:
+            return True
+
+        group_intersection = [host_group_name for host_group_name in host_groups if host_group_name in self._groups]
+        if group_intersection:
+            return True
+
+        return False
+
    def _var_matches(self, key, search_pattern):
        if self._pattern_type == "prefix":
            return key.startswith(search_pattern)
@@ -162,7 +189,6 @@ class LookupModule(LookupBase):
        display.vvv("Merge variables with {0}: {1}".format(self._pattern_type, search_pattern))
        var_merge_names = sorted([key for key in variables.keys() if self._var_matches(key, search_pattern)])
        display.vvv("The following variables will be merged: {0}".format(var_merge_names))
-
        prev_var_type = None
        result = None

@@ -171,7 +197,8 @@ class LookupModule(LookupBase):
            result = initial_value

        for var_name in var_merge_names:
-            var_value = self._templar.template(variables[var_name])  # Render jinja2 templates
+            with self._templar.set_temporary_context(available_variables=variables):  # tmp. switch renderer to context of current variables
+                var_value = self._templar.template(variables[var_name])  # Render jinja2 templates
            var_type = _verify_and_get_type(var_value)

            if prev_var_type is None:
--- a/plugins/lookup/passwordstore.py
+++ b/plugins/lookup/passwordstore.py
@@ -139,6 +139,21 @@ DOCUMENTATION = '''
        type: bool
        default: true
        version_added: 8.1.0
+      missing_subkey:
+        description:
+          - Preference about what to do if the password subkey is missing.
+          - If set to V(error), the lookup will error out if the subkey does not exist.
+          - If set to V(empty) or V(warn), will return a V(none) in case the subkey does not exist.
+        version_added: 8.6.0
+        type: str
+        default: empty
+        choices:
+          - error
+          - warn
+          - empty
+        ini:
+          - section: passwordstore_lookup
+            key: missing_subkey
    notes:
      - The lookup supports passing all options as lookup parameters since community.general 6.0.0.
 '''
@@ -147,6 +162,7 @@ ansible.cfg: |
  [passwordstore_lookup]
  lock=readwrite
  locktimeout=45s
+  missing_subkey=warn

 tasks.yml: |
  ---
@@ -432,13 +448,28 @@ class LookupModule(LookupBase):
            if self.paramvals['subkey'] in self.passdict:
                return self.passdict[self.paramvals['subkey']]
            else:
+                if self.paramvals["missing_subkey"] == "error":
+                    raise AnsibleError(
+                        "passwordstore: subkey {0} for passname {1} not found and missing_subkey=error is set".format(
+                            self.paramvals["subkey"], self.passname
+                        )
+                    )
+
+                if self.paramvals["missing_subkey"] == "warn":
+                    display.warning(
+                        "passwordstore: subkey {0} for passname {1} not found".format(
+                            self.paramvals["subkey"], self.passname
+                        )
+                    )
+
                return None

    @contextmanager
    def opt_lock(self, type):
        if self.get_option('lock') == type:
            tmpdir = os.environ.get('TMPDIR', '/tmp')
-            lockfile = os.path.join(tmpdir, '.passwordstore.lock')
+            user = os.environ.get('USER')
+            lockfile = os.path.join(tmpdir, '.{0}.passwordstore.lock'.format(user))
            with FileLock().lock_file(lockfile, tmpdir, self.lock_timeout):
                self.locked = type
                yield
@@ -481,6 +512,7 @@ class LookupModule(LookupBase):
            'umask': self.get_option('umask'),
            'timestamp': self.get_option('timestamp'),
            'preserve': self.get_option('preserve'),
+            "missing_subkey": self.get_option("missing_subkey"),
        }

    def run(self, terms, variables, **kwargs):
--- a/plugins/lookup/revbitspss.py
+++ b/plugins/lookup/revbitspss.py
@@ -100,7 +100,7 @@ class LookupModule(LookupBase):
        result = []
        for term in terms:
            try:
-                display.vvv(u"Secret Server lookup of Secret with ID %s" % term)
+                display.vvv("Secret Server lookup of Secret with ID %s" % term)
                result.append({term: secret_server.get_pam_secret(term)})
            except Exception as error:
                raise AnsibleError("Secret Server lookup failure: %s" % error.message)
--- a/plugins/module_utils/consul.py
+++ b/plugins/module_utils/consul.py
@@ -277,7 +277,7 @@ class _ConsulModule:
            headers["X-Consul-Token"] = token

        try:
-            if data:
+            if data is not None:
                data = json.dumps(data)
                headers["Content-Type"] = "application/json"
            if params:
--- a/plugins/module_utils/datetime.py
+++ b/plugins/module_utils/datetime.py
@@ -0,0 +1,32 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (c) 2023 Felix Fontein <felix@fontein.de>
+# Simplified BSD License (see LICENSES/BSD-2-Clause.txt or https://opensource.org/licenses/BSD-2-Clause)
+# SPDX-License-Identifier: BSD-2-Clause
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import datetime as _datetime
+import sys
+
+
+_USE_TIMEZONE = sys.version_info >= (3, 6)
+
+
+def ensure_timezone_info(value):
+    if not _USE_TIMEZONE or value.tzinfo is not None:
+        return value
+    return value.astimezone(_datetime.timezone.utc)
+
+
+def fromtimestamp(value):
+    if _USE_TIMEZONE:
+        return _datetime.fromtimestamp(value, tz=_datetime.timezone.utc)
+    return _datetime.utcfromtimestamp(value)
+
+
+def now():
+    if _USE_TIMEZONE:
+        return _datetime.datetime.now(tz=_datetime.timezone.utc)
+    return _datetime.datetime.utcnow()
--- a/plugins/module_utils/gitlab.py
+++ b/plugins/module_utils/gitlab.py
@@ -81,16 +81,23 @@ def find_group(gitlab_instance, identifier):
    return group


-def ensure_gitlab_package(module):
+def ensure_gitlab_package(module, min_version=None):
    if not HAS_GITLAB_PACKAGE:
        module.fail_json(
            msg=missing_required_lib("python-gitlab", url='https://python-gitlab.readthedocs.io/en/stable/'),
            exception=GITLAB_IMP_ERR
        )
+    gitlab_version = gitlab.__version__
+    if min_version is not None and LooseVersion(gitlab_version) < LooseVersion(min_version):
+        module.fail_json(
+            msg="This module requires python-gitlab Python module >= %s "
+                "(installed version: %s). Please upgrade python-gitlab to version %s or above."
+                % (min_version, gitlab_version, min_version)
+        )


-def gitlab_authentication(module):
-    ensure_gitlab_package(module)
+def gitlab_authentication(module, min_version=None):
+    ensure_gitlab_package(module, min_version=min_version)

    gitlab_url = module.params['api_url']
    validate_certs = module.params['validate_certs']
--- a/plugins/module_utils/identity/keycloak/keycloak.py
+++ b/plugins/module_utils/identity/keycloak/keycloak.py
@@ -28,6 +28,9 @@ URL_CLIENT_ROLES = "{url}/admin/realms/{realm}/clients/{id}/roles"
 URL_CLIENT_ROLE = "{url}/admin/realms/{realm}/clients/{id}/roles/{name}"
 URL_CLIENT_ROLE_COMPOSITES = "{url}/admin/realms/{realm}/clients/{id}/roles/{name}/composites"

+URL_CLIENT_ROLE_SCOPE_CLIENTS = "{url}/admin/realms/{realm}/clients/{id}/scope-mappings/clients/{scopeid}"
+URL_CLIENT_ROLE_SCOPE_REALM = "{url}/admin/realms/{realm}/clients/{id}/scope-mappings/realm"
+
 URL_REALM_ROLES = "{url}/admin/realms/{realm}/roles"
 URL_REALM_ROLE = "{url}/admin/realms/{realm}/roles/{name}"
 URL_REALM_ROLEMAPPINGS = "{url}/admin/realms/{realm}/users/{id}/role-mappings/realm"
@@ -3049,6 +3052,105 @@ class KeycloakAPI(object):
        except Exception:
            return False

+    def get_client_role_scope_from_client(self, clientid, clientscopeid, realm="master"):
+        """ Fetch the roles associated with the client's scope for a specific client on the Keycloak server.
+        :param clientid: ID of the client from which to obtain the associated roles.
+        :param clientscopeid: ID of the client who owns the roles.
+        :param realm: Realm from which to obtain the scope.
+        :return: The client scope of roles from specified client.
+        """
+        client_role_scope_url = URL_CLIENT_ROLE_SCOPE_CLIENTS.format(url=self.baseurl, realm=realm, id=clientid, scopeid=clientscopeid)
+        try:
+            return json.loads(to_native(open_url(client_role_scope_url, method='GET', http_agent=self.http_agent, headers=self.restheaders,
+                                                 timeout=self.connection_timeout,
+                                                 validate_certs=self.validate_certs).read()))
+        except Exception as e:
+            self.fail_open_url(e, msg='Could not fetch roles scope for client %s in realm %s: %s' % (clientid, realm, str(e)))
+
+    def update_client_role_scope_from_client(self, payload, clientid, clientscopeid, realm="master"):
+        """ Update and fetch the roles associated with the client's scope on the Keycloak server.
+        :param payload: List of roles to be added to the scope.
+        :param clientid: ID of the client to update scope.
+        :param clientscopeid: ID of the client who owns the roles.
+        :param realm: Realm from which to obtain the clients.
+        :return: The client scope of roles from specified client.
+        """
+        client_role_scope_url = URL_CLIENT_ROLE_SCOPE_CLIENTS.format(url=self.baseurl, realm=realm, id=clientid, scopeid=clientscopeid)
+        try:
+            open_url(client_role_scope_url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
+                     data=json.dumps(payload), validate_certs=self.validate_certs)
+
+        except Exception as e:
+            self.fail_open_url(e, msg='Could not update roles scope for client %s in realm %s: %s' % (clientid, realm, str(e)))
+
+        return self.get_client_role_scope_from_client(clientid, clientscopeid, realm)
+
+    def delete_client_role_scope_from_client(self, payload, clientid, clientscopeid, realm="master"):
+        """ Delete the roles contains in the payload from the client's scope on the Keycloak server.
+        :param payload: List of roles to be deleted.
+        :param clientid: ID of the client to delete roles from scope.
+        :param clientscopeid: ID of the client who owns the roles.
+        :param realm: Realm from which to obtain the clients.
+        :return: The client scope of roles from specified client.
+        """
+        client_role_scope_url = URL_CLIENT_ROLE_SCOPE_CLIENTS.format(url=self.baseurl, realm=realm, id=clientid, scopeid=clientscopeid)
+        try:
+            open_url(client_role_scope_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
+                     data=json.dumps(payload), validate_certs=self.validate_certs)
+
+        except Exception as e:
+            self.fail_open_url(e, msg='Could not delete roles scope for client %s in realm %s: %s' % (clientid, realm, str(e)))
+
+        return self.get_client_role_scope_from_client(clientid, clientscopeid, realm)
+
+    def get_client_role_scope_from_realm(self, clientid, realm="master"):
+        """ Fetch the realm roles from the client's scope on the Keycloak server.
+        :param clientid: ID of the client from which to obtain the associated realm roles.
+        :param realm: Realm from which to obtain the clients.
+        :return: The client realm roles scope.
+        """
+        client_role_scope_url = URL_CLIENT_ROLE_SCOPE_REALM.format(url=self.baseurl, realm=realm, id=clientid)
+        try:
+            return json.loads(to_native(open_url(client_role_scope_url, method='GET', http_agent=self.http_agent, headers=self.restheaders,
+                                                 timeout=self.connection_timeout,
+                                                 validate_certs=self.validate_certs).read()))
+        except Exception as e:
+            self.fail_open_url(e, msg='Could not fetch roles scope for client %s in realm %s: %s' % (clientid, realm, str(e)))
+
+    def update_client_role_scope_from_realm(self, payload, clientid, realm="master"):
+        """ Update and fetch the realm roles from the client's scope on the Keycloak server.
+        :param payload: List of realm roles to add.
+        :param clientid: ID of the client to update scope.
+        :param realm: Realm from which to obtain the clients.
+        :return: The client realm roles scope.
+        """
+        client_role_scope_url = URL_CLIENT_ROLE_SCOPE_REALM.format(url=self.baseurl, realm=realm, id=clientid)
+        try:
+            open_url(client_role_scope_url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
+                     data=json.dumps(payload), validate_certs=self.validate_certs)
+
+        except Exception as e:
+            self.fail_open_url(e, msg='Could not update roles scope for client %s in realm %s: %s' % (clientid, realm, str(e)))
+
+        return self.get_client_role_scope_from_realm(clientid, realm)
+
+    def delete_client_role_scope_from_realm(self, payload, clientid, realm="master"):
+        """ Delete the realm roles contains in the payload from the client's scope on the Keycloak server.
+        :param payload: List of realm roles to delete.
+        :param clientid: ID of the client to delete roles from scope.
+        :param realm: Realm from which to obtain the clients.
+        :return: The client realm roles scope.
+        """
+        client_role_scope_url = URL_CLIENT_ROLE_SCOPE_REALM.format(url=self.baseurl, realm=realm, id=clientid)
+        try:
+            open_url(client_role_scope_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
+                     data=json.dumps(payload), validate_certs=self.validate_certs)
+
+        except Exception as e:
+            self.fail_open_url(e, msg='Could not delete roles scope for client %s in realm %s: %s' % (clientid, realm, str(e)))
+
+        return self.get_client_role_scope_from_realm(clientid, realm)
+
    def fail_open_url(self, e, msg, **kwargs):
        try:
            if isinstance(e, HTTPError):
--- a/plugins/module_utils/ilo_redfish_utils.py
+++ b/plugins/module_utils/ilo_redfish_utils.py
@@ -29,6 +29,7 @@ class iLORedfishUtils(RedfishUtils):
        result['ret'] = True
        data = response['data']

+        current_session = None
        if 'Oem' in data:
            if data["Oem"]["Hpe"]["Links"]["MySession"]["@odata.id"]:
                current_session = data["Oem"]["Hpe"]["Links"]["MySession"]["@odata.id"]
--- a/plugins/module_utils/ipa.py
+++ b/plugins/module_utils/ipa.py
@@ -104,7 +104,7 @@ class IPAClient(object):

    def get_ipa_version(self):
        response = self.ping()['summary']
-        ipa_ver_regex = re.compile(r'IPA server version (\d\.\d\.\d).*')
+        ipa_ver_regex = re.compile(r'IPA server version (\d+\.\d+\.\d+).*')
        version_match = ipa_ver_regex.match(response)
        ipa_version = None
        if version_match:
--- a/plugins/module_utils/puppet.py
+++ b/plugins/module_utils/puppet.py
@@ -107,5 +107,6 @@ def puppet_runner(module):
            verbose=cmd_runner_fmt.as_bool("--verbose"),
        ),
        check_rc=False,
+        force_lang=module.params["environment_lang"],
    )
    return runner
--- a/plugins/module_utils/redfish_utils.py
+++ b/plugins/module_utils/redfish_utils.py
@@ -1149,6 +1149,54 @@ class RedfishUtils(object):
            return response
        return {'ret': True, 'changed': True}

+    def manager_reset_to_defaults(self, command):
+        return self.reset_to_defaults(command, self.manager_uri,
+                                      '#Manager.ResetToDefaults')
+
+    def reset_to_defaults(self, command, resource_uri, action_name):
+        key = "Actions"
+        reset_type_values = ['ResetAll',
+                             'PreserveNetworkAndUsers',
+                             'PreserveNetwork']
+
+        if command not in reset_type_values:
+            return {'ret': False, 'msg': 'Invalid Command (%s)' % command}
+
+        # read the resource and get the current power state
+        response = self.get_request(self.root_uri + resource_uri)
+        if response['ret'] is False:
+            return response
+        data = response['data']
+
+        # get the reset Action and target URI
+        if key not in data or action_name not in data[key]:
+            return {'ret': False, 'msg': 'Action %s not found' % action_name}
+        reset_action = data[key][action_name]
+        if 'target' not in reset_action:
+            return {'ret': False,
+                    'msg': 'target URI missing from Action %s' % action_name}
+        action_uri = reset_action['target']
+
+        # get AllowableValues
+        ai = self._get_all_action_info_values(reset_action)
+        allowable_values = ai.get('ResetType', {}).get('AllowableValues', [])
+
+        # map ResetType to an allowable value if needed
+        if allowable_values and command not in allowable_values:
+            return {'ret': False,
+                    'msg': 'Specified reset type (%s) not supported '
+                           'by service. Supported types: %s' %
+                           (command, allowable_values)}
+
+        # define payload
+        payload = {'ResetType': command}
+
+        # POST to Action URI
+        response = self.post_request(self.root_uri + action_uri, payload)
+        if response['ret'] is False:
+            return response
+        return {'ret': True, 'changed': True}
+
    def _find_account_uri(self, username=None, acct_id=None):
        if not any((username, acct_id)):
            return {'ret': False, 'msg':
@@ -1549,6 +1597,8 @@ class RedfishUtils(object):

        data = response['data']

+        result['multipart_supported'] = 'MultipartHttpPushUri' in data
+
        if "Actions" in data:
            actions = data['Actions']
            if len(actions) > 0:
@@ -3736,7 +3786,7 @@ class RedfishUtils(object):
        vendor = self._get_vendor()['Vendor']
        rsp_uri = ""
        for loc in resp_data['Location']:
-            if loc['Language'] == "en":
+            if loc['Language'].startswith("en"):
                rsp_uri = loc['Uri']
                if vendor == 'HPE':
                    # WORKAROUND
--- a/plugins/module_utils/scaleway.py
+++ b/plugins/module_utils/scaleway.py
@@ -17,6 +17,10 @@ from ansible.module_utils.basic import env_fallback, missing_required_lib
 from ansible.module_utils.urls import fetch_url
 from ansible.module_utils.six.moves.urllib.parse import urlencode

+from ansible_collections.community.general.plugins.module_utils.datetime import (
+    now,
+)
+
 SCALEWAY_SECRET_IMP_ERR = None
 try:
    from passlib.hash import argon2
@@ -306,10 +310,10 @@ class Scaleway(object):
        # Prevent requesting the resource status too soon
        time.sleep(wait_sleep_time)

-        start = datetime.datetime.utcnow()
+        start = now()
        end = start + datetime.timedelta(seconds=wait_timeout)

-        while datetime.datetime.utcnow() < end:
+        while now() < end:
            self.module.debug("We are going to wait for the resource to finish its transition")

            state = self.fetch_state(resource)
--- a/plugins/module_utils/wdc_redfish_utils.py
+++ b/plugins/module_utils/wdc_redfish_utils.py
@@ -11,6 +11,7 @@ import datetime
 import re
 import time
 import tarfile
+import os

 from ansible.module_utils.urls import fetch_file
 from ansible_collections.community.general.plugins.module_utils.redfish_utils import RedfishUtils
@@ -79,19 +80,25 @@ class WdcRedfishUtils(RedfishUtils):
            return response
        return self._find_updateservice_additional_uris()

-    def _is_enclosure_multi_tenant(self):
+    def _is_enclosure_multi_tenant_and_fetch_gen(self):
        """Determine if the enclosure is multi-tenant.

        The serial number of a multi-tenant enclosure will end in "-A" or "-B".
+        Fetching enclsoure generation.

-        :return: True/False if the enclosure is multi-tenant or not; None if unable to determine.
+        :return: True/False if the enclosure is multi-tenant or not and return enclosure generation;
+        None if unable to determine.
        """
        response = self.get_request(self.root_uri + self.service_root + "Chassis/Enclosure")
        if response['ret'] is False:
            return None
        pattern = r".*-[A,B]"
        data = response['data']
-        return re.match(pattern, data['SerialNumber']) is not None
+        if 'EnclVersion' not in data:
+            enc_version = 'G1'
+        else:
+            enc_version = data['EnclVersion']
+        return re.match(pattern, data['SerialNumber']) is not None, enc_version

    def _find_updateservice_additional_uris(self):
        """Find & set WDC-specific update service URIs"""
@@ -180,15 +187,44 @@ class WdcRedfishUtils(RedfishUtils):
        To determine if the bundle is multi-tenant or not, it looks inside the .bin file within the tarfile,
        and checks the appropriate byte in the file.

+        If not tarfile, the bundle is checked for 2048th byte to determine whether it is Gen2 bundle.
+        Gen2 is always single tenant at this time.
+
        :param str bundle_uri:  HTTP URI of the firmware bundle.
-        :return: Firmware version number contained in the bundle, and whether or not the bundle is multi-tenant.
-        Either value will be None if unable to determine.
+        :return: Firmware version number contained in the bundle, whether or not the bundle is multi-tenant
+        and bundle generation. Either value will be None if unable to determine.
        :rtype: str or None, bool or None
        """
        bundle_temp_filename = fetch_file(module=self.module,
                                          url=bundle_uri)
+        bundle_version = None
+        is_multi_tenant = None
+        gen = None
+
+        # If not tarfile, then if the file has "MMG2" or "DPG2" at 2048th byte
+        # then the bundle is for MM or DP G2
        if not tarfile.is_tarfile(bundle_temp_filename):
-            return None, None
+            cookie1 = None
+            with open(bundle_temp_filename, "rb") as bundle_file:
+                file_size = os.path.getsize(bundle_temp_filename)
+                if file_size >= 2052:
+                    bundle_file.seek(2048)
+                    cookie1 = bundle_file.read(4)
+            # It is anticipated that DP firmware bundle will be having the value "DPG2"
+            # for cookie1 in the header
+            if cookie1 and cookie1.decode("utf8") == "MMG2" or cookie1.decode("utf8") == "DPG2":
+                file_name, ext = os.path.splitext(str(bundle_uri.rsplit('/', 1)[1]))
+                # G2 bundle file name: Ultrastar-Data102_3000_SEP_1010-032_2.1.12
+                parsedFileName = file_name.split('_')
+                if len(parsedFileName) == 5:
+                    bundle_version = parsedFileName[4]
+                    # MM G2 is always single tanant
+                    is_multi_tenant = False
+                    gen = "G2"
+
+            return bundle_version, is_multi_tenant, gen
+
+        # Bundle is for MM or DP G1
        tf = tarfile.open(bundle_temp_filename)
        pattern_pkg = r"oobm-(.+)\.pkg"
        pattern_bin = r"(.*\.bin)"
@@ -205,8 +241,9 @@ class WdcRedfishUtils(RedfishUtils):
                bin_file.seek(11)
                byte_11 = bin_file.read(1)
                is_multi_tenant = byte_11 == b'\x80'
+                gen = "G1"

-        return bundle_version, is_multi_tenant
+        return bundle_version, is_multi_tenant, gen

    @staticmethod
    def uri_is_http(uri):
@@ -267,15 +304,16 @@ class WdcRedfishUtils(RedfishUtils):
        # Check the FW version in the bundle file, and compare it to what is already on the IOMs

        # Bundle version number
-        bundle_firmware_version, is_bundle_multi_tenant = self._get_bundle_version(bundle_uri)
-        if bundle_firmware_version is None or is_bundle_multi_tenant is None:
+        bundle_firmware_version, is_bundle_multi_tenant, bundle_gen = self._get_bundle_version(bundle_uri)
+        if bundle_firmware_version is None or is_bundle_multi_tenant is None or bundle_gen is None:
            return {
                'ret': False,
-                'msg': 'Unable to extract bundle version or multi-tenant status from update image tarfile'
+                'msg': 'Unable to extract bundle version or multi-tenant status or generation from update image file'
            }

+        is_enclosure_multi_tenant, enclosure_gen = self._is_enclosure_multi_tenant_and_fetch_gen()
+
        # Verify that the bundle is correctly multi-tenant or not
-        is_enclosure_multi_tenant = self._is_enclosure_multi_tenant()
        if is_enclosure_multi_tenant != is_bundle_multi_tenant:
            return {
                'ret': False,
@@ -285,6 +323,16 @@ class WdcRedfishUtils(RedfishUtils):
                )
            }

+        # Verify that the bundle is compliant with the target enclosure
+        if enclosure_gen != bundle_gen:
+            return {
+                'ret': False,
+                'msg': 'Enclosure generation is {0} but bundle is of {1}'.format(
+                    enclosure_gen,
+                    bundle_gen,
+                )
+            }
+
        # Version number installed on IOMs
        firmware_inventory = self.get_firmware_inventory()
        if not firmware_inventory["ret"]:
--- a/plugins/modules/aix_filesystem.py
+++ b/plugins/modules/aix_filesystem.py
@@ -38,8 +38,8 @@ options:
    type: list
    elements: str
    default:
-      - agblksize='4096'
-      - isnapshot='no'
+      - agblksize=4096
+      - isnapshot=no
  auto_mount:
    description:
      - File system is automatically mounted at system restart.
@@ -242,7 +242,7 @@ def _validate_vg(module, vg):
    if rc != 0:
        module.fail_json(msg="Failed executing %s command." % lsvg_cmd)

-    rc, current_all_vgs, err = module.run_command([lsvg_cmd, "%s"])
+    rc, current_all_vgs, err = module.run_command([lsvg_cmd])
    if rc != 0:
        module.fail_json(msg="Failed executing %s command." % lsvg_cmd)

@@ -365,7 +365,53 @@ def create_fs(
        # Creates a LVM file system.
        crfs_cmd = module.get_bin_path('crfs', True)
        if not module.check_mode:
-            cmd = [crfs_cmd, "-v", fs_type, "-m", filesystem, vg, device, mount_group, auto_mount, account_subsystem, "-p", permissions, size, "-a", attributes]
+            cmd = [crfs_cmd]
+
+            cmd.append("-v")
+            cmd.append(fs_type)
+
+            if vg:
+                (flag, value) = vg.split()
+                cmd.append(flag)
+                cmd.append(value)
+
+            if device:
+                (flag, value) = device.split()
+                cmd.append(flag)
+                cmd.append(value)
+
+            cmd.append("-m")
+            cmd.append(filesystem)
+
+            if mount_group:
+                (flag, value) = mount_group.split()
+                cmd.append(flag)
+                cmd.append(value)
+
+            if auto_mount:
+                (flag, value) = auto_mount.split()
+                cmd.append(flag)
+                cmd.append(value)
+
+            if account_subsystem:
+                (flag, value) = account_subsystem.split()
+                cmd.append(flag)
+                cmd.append(value)
+
+            cmd.append("-p")
+            cmd.append(permissions)
+
+            if size:
+                (flag, value) = size.split()
+                cmd.append(flag)
+                cmd.append(value)
+
+            if attributes:
+                splitted_attributes = attributes.split()
+                cmd.append("-a")
+                for value in splitted_attributes:
+                    cmd.append(value)
+
            rc, crfs_out, err = module.run_command(cmd)

            if rc == 10:
@@ -461,7 +507,7 @@ def main():
    module = AnsibleModule(
        argument_spec=dict(
            account_subsystem=dict(type='bool', default=False),
-            attributes=dict(type='list', elements='str', default=["agblksize='4096'", "isnapshot='no'"]),
+            attributes=dict(type='list', elements='str', default=["agblksize=4096", "isnapshot=no"]),
            auto_mount=dict(type='bool', default=True),
            device=dict(type='str'),
            filesystem=dict(type='str', required=True),
--- a/plugins/modules/aix_inittab.py
+++ b/plugins/modules/aix_inittab.py
@@ -192,6 +192,7 @@ def main():
    rmitab = module.get_bin_path('rmitab')
    chitab = module.get_bin_path('chitab')
    rc = 0
+    err = None

    # check if the new entry exists
    current_entry = check_current_entry(module)
--- a/plugins/modules/apt_rpm.py
+++ b/plugins/modules/apt_rpm.py
@@ -37,7 +37,17 @@ options:
  state:
    description:
      - Indicates the desired package state.
-    choices: [ absent, present, installed, removed ]
+      - Please note that V(present) and V(installed) are equivalent to V(latest) right now.
+        This will change in the future. To simply ensure that a package is installed, without upgrading
+        it, use the V(present_not_latest) state.
+      - The states V(latest) and V(present_not_latest) have been added in community.general 8.6.0.
+    choices:
+      - absent
+      - present
+      - present_not_latest
+      - installed
+      - removed
+      - latest
    default: present
    type: str
  update_cache:
@@ -180,7 +190,7 @@ def check_package_version(module, name):
    return False


-def query_package_provides(module, name):
+def query_package_provides(module, name, allow_upgrade=False):
    # rpm -q returns 0 if the package is installed,
    # 1 if it is not installed
    if name.endswith('.rpm'):
@@ -195,10 +205,11 @@ def query_package_provides(module, name):

    rc, out, err = module.run_command("%s -q --provides %s" % (RPM_PATH, name))
    if rc == 0:
+        if not allow_upgrade:
+            return True
        if check_package_version(module, name):
            return True
-    else:
-        return False
+    return False


 def update_package_db(module):
@@ -255,14 +266,14 @@ def remove_packages(module, packages):
    return (False, "package(s) already absent")


-def install_packages(module, pkgspec):
+def install_packages(module, pkgspec, allow_upgrade=False):

    if pkgspec is None:
        return (False, "Empty package list")

    packages = ""
    for package in pkgspec:
-        if not query_package_provides(module, package):
+        if not query_package_provides(module, package, allow_upgrade=allow_upgrade):
            packages += "'%s' " % package

    if len(packages) != 0:
@@ -270,8 +281,8 @@ def install_packages(module, pkgspec):
        rc, out, err = module.run_command("%s -y install %s" % (APT_PATH, packages), environ_update={"LANG": "C"})

        installed = True
-        for packages in pkgspec:
-            if not query_package_provides(module, package):
+        for package in pkgspec:
+            if not query_package_provides(module, package, allow_upgrade=False):
                installed = False

        # apt-rpm always have 0 for exit code if --force is used
@@ -286,7 +297,7 @@ def install_packages(module, pkgspec):
 def main():
    module = AnsibleModule(
        argument_spec=dict(
-            state=dict(type='str', default='present', choices=['absent', 'installed', 'present', 'removed']),
+            state=dict(type='str', default='present', choices=['absent', 'installed', 'present', 'removed', 'present_not_latest', 'latest']),
            update_cache=dict(type='bool', default=False),
            clean=dict(type='bool', default=False),
            dist_upgrade=dict(type='bool', default=False),
@@ -320,8 +331,8 @@ def main():
        output += out

    packages = p['package']
-    if p['state'] in ['installed', 'present']:
-        (m, out) = install_packages(module, packages)
+    if p['state'] in ['installed', 'present', 'present_not_latest', 'latest']:
+        (m, out) = install_packages(module, packages, allow_upgrade=p['state'] != 'present_not_latest')
        modified = modified or m
        output += out

--- a/plugins/modules/cobbler_sync.py
+++ b/plugins/modules/cobbler_sync.py
@@ -75,13 +75,16 @@ RETURN = r'''
 # Default return values
 '''

-import datetime
 import ssl

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.six.moves import xmlrpc_client
 from ansible.module_utils.common.text.converters import to_text

+from ansible_collections.community.general.plugins.module_utils.datetime import (
+    now,
+)
+

 def main():
    module = AnsibleModule(
@@ -110,7 +113,7 @@ def main():
        changed=True,
    )

-    start = datetime.datetime.utcnow()
+    start = now()

    ssl_context = None
    if not validate_certs:
@@ -142,7 +145,7 @@ def main():
        except Exception as e:
            module.fail_json(msg="Failed to sync Cobbler. {error}".format(error=to_text(e)))

-    elapsed = datetime.datetime.utcnow() - start
+    elapsed = now() - start
    module.exit_json(elapsed=elapsed.seconds, **result)


--- a/plugins/modules/cobbler_system.py
+++ b/plugins/modules/cobbler_system.py
@@ -152,7 +152,6 @@ system:
  type: dict
 '''

-import datetime
 import ssl

 from ansible.module_utils.basic import AnsibleModule
@@ -160,6 +159,10 @@ from ansible.module_utils.six import iteritems
 from ansible.module_utils.six.moves import xmlrpc_client
 from ansible.module_utils.common.text.converters import to_text

+from ansible_collections.community.general.plugins.module_utils.datetime import (
+    now,
+)
+
 IFPROPS_MAPPING = dict(
    bondingopts='bonding_opts',
    bridgeopts='bridge_opts',
@@ -232,7 +235,7 @@ def main():
        changed=False,
    )

-    start = datetime.datetime.utcnow()
+    start = now()

    ssl_context = None
    if not validate_certs:
@@ -340,7 +343,7 @@ def main():
        if module._diff:
            result['diff'] = dict(before=system, after=result['system'])

-    elapsed = datetime.datetime.utcnow() - start
+    elapsed = now() - start
    module.exit_json(elapsed=elapsed.seconds, **result)


--- a/plugins/modules/consul_token.py
+++ b/plugins/modules/consul_token.py
@@ -237,6 +237,12 @@ class ConsulTokenModule(_ConsulModule):

    create_only_fields = {"expiration_ttl"}

+    def read_object(self):
+        # if `accessor_id` is not supplied we can only create objects and are not idempotent
+        if not self.params.get(self.unique_identifier):
+            return None
+        return super(ConsulTokenModule, self).read_object()
+
    def needs_update(self, api_obj, module_obj):
        # SecretID is usually not supplied
        if "SecretID" not in module_obj and "SecretID" in api_obj:
--- a/plugins/modules/cronvar.py
+++ b/plugins/modules/cronvar.py
@@ -183,6 +183,7 @@ class CronVar(object):
            fileh = open(backup_file, 'w')
        elif self.cron_file:
            fileh = open(self.cron_file, 'w')
+            path = None
        else:
            filed, path = tempfile.mkstemp(prefix='crontab')
            fileh = os.fdopen(filed, 'w')
--- a/plugins/modules/ejabberd_user.py
+++ b/plugins/modules/ejabberd_user.py
@@ -86,7 +86,7 @@ class EjabberdUser(object):
    object manages user creation and deletion using ejabberdctl.  The following
    commands are currently supported:
        * ejabberdctl register
-        * ejabberdctl deregister
+        * ejabberdctl unregister
    """

    def __init__(self, module):
--- a/plugins/modules/filesystem.py
+++ b/plugins/modules/filesystem.py
@@ -40,11 +40,12 @@ options:
    default: present
    version_added: 1.3.0
  fstype:
-    choices: [ btrfs, ext2, ext3, ext4, ext4dev, f2fs, lvm, ocfs2, reiserfs, xfs, vfat, swap, ufs ]
+    choices: [ bcachefs, btrfs, ext2, ext3, ext4, ext4dev, f2fs, lvm, ocfs2, reiserfs, xfs, vfat, swap, ufs ]
    description:
      - Filesystem type to be created. This option is required with
        O(state=present) (or if O(state) is omitted).
      - ufs support has been added in community.general 3.4.0.
+      - bcachefs support has been added in community.general 8.6.0.
    type: str
    aliases: [type]
  dev:
@@ -67,7 +68,7 @@ options:
  resizefs:
    description:
      - If V(true), if the block device and filesystem size differ, grow the filesystem into the space.
-      - Supported for C(btrfs), C(ext2), C(ext3), C(ext4), C(ext4dev), C(f2fs), C(lvm), C(xfs), C(ufs) and C(vfat) filesystems.
+      - Supported for C(bcachefs), C(btrfs), C(ext2), C(ext3), C(ext4), C(ext4dev), C(f2fs), C(lvm), C(xfs), C(ufs) and C(vfat) filesystems.
        Attempts to resize other filesystem types will fail.
      - XFS Will only grow if mounted. Currently, the module is based on commands
        from C(util-linux) package to perform operations, so resizing of XFS is
@@ -86,7 +87,7 @@ options:
      - The UUID options specified in O(opts) take precedence over this value.
      - See xfs_admin(8) (C(xfs)), tune2fs(8) (C(ext2), C(ext3), C(ext4), C(ext4dev)) for possible values.
      - For O(fstype=lvm) the value is ignored, it resets the PV UUID if set.
-      - Supported for O(fstype) being one of C(ext2), C(ext3), C(ext4), C(ext4dev), C(lvm), or C(xfs).
+      - Supported for O(fstype) being one of C(bcachefs), C(ext2), C(ext3), C(ext4), C(ext4dev), C(lvm), or C(xfs).
      - This is B(not idempotent). Specifying this option will always result in a change.
      - Mutually exclusive with O(resizefs).
    type: str
@@ -405,6 +406,48 @@ class Reiserfs(Filesystem):
    MKFS_FORCE_FLAGS = ['-q']


+class Bcachefs(Filesystem):
+    MKFS = 'mkfs.bcachefs'
+    MKFS_FORCE_FLAGS = ['--force']
+    MKFS_SET_UUID_OPTIONS = ['-U', '--uuid']
+    INFO = 'bcachefs'
+    GROW = 'bcachefs'
+    GROW_MAX_SPACE_FLAGS = ['device', 'resize']
+
+    def get_fs_size(self, dev):
+        """Return size in bytes of filesystem on device (integer)."""
+        dummy, stdout, dummy = self.module.run_command([self.module.get_bin_path(self.INFO),
+                                                        'show-super', str(dev)], check_rc=True)
+
+        for line in stdout.splitlines():
+            if "Size: " in line:
+                parts = line.split()
+                unit = parts[2]
+
+                base = None
+                exp = None
+
+                units_2 = ["B", "KiB", "MiB", "GiB", "TiB", "PiB", "EiB", "ZiB", "YiB"]
+                units_10 = ["B", "kB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"]
+
+                try:
+                    exp = units_2.index(unit)
+                    base = 1024
+                except ValueError:
+                    exp = units_10.index(unit)
+                    base = 1000
+
+                if exp == 0:
+                    value = int(parts[1])
+                else:
+                    value = float(parts[1])
+
+                if base is not None and exp is not None:
+                    return int(value * pow(base, exp))
+
+        raise ValueError(repr(stdout))
+
+
 class Btrfs(Filesystem):
    MKFS = 'mkfs.btrfs'
    INFO = 'btrfs'
@@ -567,6 +610,7 @@ class UFS(Filesystem):


 FILESYSTEMS = {
+    'bcachefs': Bcachefs,
    'ext2': Ext2,
    'ext3': Ext3,
    'ext4': Ext4,
--- a/plugins/modules/flatpak.py
+++ b/plugins/modules/flatpak.py
@@ -26,7 +26,9 @@ extends_documentation_fragment:
  - community.general.attributes
 attributes:
  check_mode:
-    support: full
+    support: partial
+    details:
+      - If O(state=latest), the module will always return C(changed=true).
  diff_mode:
    support: none
 options:
@@ -53,12 +55,12 @@ options:
    - Both C(https://) and C(http://) URLs are supported.
    - When supplying a reverse DNS name, you can use the O(remote) option to specify on what remote
      to look for the flatpak. An example for a reverse DNS name is C(org.gnome.gedit).
-    - When used with O(state=absent), it is recommended to specify the name in the reverse DNS
-      format.
-    - When supplying a URL with O(state=absent), the module will try to match the
-      installed flatpak based on the name of the flatpakref to remove it. However, there is no
-      guarantee that the names of the flatpakref file and the reverse DNS name of the installed
-      flatpak do match.
+    - When used with O(state=absent) or O(state=latest), it is recommended to specify the name in
+      the reverse DNS format.
+    - When supplying a URL with O(state=absent) or O(state=latest), the module will try to match the
+      installed flatpak based on the name of the flatpakref to remove or update it. However, there
+      is no guarantee that the names of the flatpakref file and the reverse DNS name of the
+      installed flatpak do match.
    type: list
    elements: str
    required: true
@@ -82,7 +84,8 @@ options:
  state:
    description:
    - Indicates the desired package state.
-    choices: [ absent, present ]
+    - The value V(latest) is supported since community.general 8.6.0.
+    choices: [ absent, present, latest ]
    type: str
    default: present
 '''
@@ -118,6 +121,37 @@ EXAMPLES = r'''
      - org.inkscape.Inkscape
      - org.mozilla.firefox

+- name: Update the spotify flatpak
+  community.general.flatpak:
+    name:  https://s3.amazonaws.com/alexlarsson/spotify-repo/spotify.flatpakref
+    state: latest
+
+- name: Update the gedit flatpak package without dependencies (not recommended)
+  community.general.flatpak:
+    name: https://git.gnome.org/browse/gnome-apps-nightly/plain/gedit.flatpakref
+    state: latest
+    no_dependencies: true
+
+- name: Update the gedit package from flathub for current user
+  community.general.flatpak:
+    name: org.gnome.gedit
+    state: latest
+    method: user
+
+- name: Update the Gnome Calendar flatpak from the gnome remote system-wide
+  community.general.flatpak:
+    name: org.gnome.Calendar
+    state: latest
+    remote: gnome
+
+- name: Update multiple packages
+  community.general.flatpak:
+    name:
+      - org.gimp.GIMP
+      - org.inkscape.Inkscape
+      - org.mozilla.firefox
+    state: latest
+
 - name: Remove the gedit flatpak
  community.general.flatpak:
    name: org.gnome.gedit
@@ -195,6 +229,28 @@ def install_flat(module, binary, remote, names, method, no_dependencies):
    result['changed'] = True


+def update_flat(module, binary, names, method, no_dependencies):
+    """Update existing flatpaks."""
+    global result  # pylint: disable=global-variable-not-assigned
+    installed_flat_names = [
+        _match_installed_flat_name(module, binary, name, method)
+        for name in names
+    ]
+    command = [binary, "update", "--{0}".format(method)]
+    flatpak_version = _flatpak_version(module, binary)
+    if LooseVersion(flatpak_version) < LooseVersion('1.1.3'):
+        command += ["-y"]
+    else:
+        command += ["--noninteractive"]
+    if no_dependencies:
+        command += ["--no-deps"]
+    command += installed_flat_names
+    stdout = _flatpak_command(module, module.check_mode, command)
+    result["changed"] = (
+        True if module.check_mode else stdout.find("Nothing to do.") == -1
+    )
+
+
 def uninstall_flat(module, binary, names, method):
    """Remove existing flatpaks."""
    global result  # pylint: disable=global-variable-not-assigned
@@ -313,7 +369,7 @@ def main():
            method=dict(type='str', default='system',
                        choices=['user', 'system']),
            state=dict(type='str', default='present',
-                       choices=['absent', 'present']),
+                       choices=['absent', 'present', 'latest']),
            no_dependencies=dict(type='bool', default=False),
            executable=dict(type='path', default='flatpak')
        ),
@@ -338,10 +394,13 @@ def main():
        module.fail_json(msg="Executable '%s' was not found on the system." % executable, **result)

    installed, not_installed = flatpak_exists(module, binary, name, method)
-    if state == 'present' and not_installed:
-        install_flat(module, binary, remote, not_installed, method, no_dependencies)
-    elif state == 'absent' and installed:
+    if state == 'absent' and installed:
        uninstall_flat(module, binary, installed, method)
+    else:
+        if state == 'latest' and installed:
+            update_flat(module, binary, installed, method, no_dependencies)
+        if state in ('present', 'latest') and not_installed:
+            install_flat(module, binary, remote, not_installed, method, no_dependencies)

    module.exit_json(**result)

--- a/plugins/modules/git_config.py
+++ b/plugins/modules/git_config.py
@@ -263,7 +263,7 @@ def main():
        module.exit_json(changed=False, msg='', config_value=old_values[0] if old_values else '')
    elif unset and not out:
        module.exit_json(changed=False, msg='no setting to unset')
-    elif new_value in old_values and (len(old_values) == 1 or add_mode == "add"):
+    elif new_value in old_values and (len(old_values) == 1 or add_mode == "add") and not unset:
        module.exit_json(changed=False, msg="")

    # Until this point, the git config was just read and in case no change is needed, the module has already exited.
--- a/plugins/modules/github_key.py
+++ b/plugins/modules/github_key.py
@@ -91,12 +91,17 @@ EXAMPLES = '''
    pubkey: "{{ lookup('ansible.builtin.file', '/home/foo/.ssh/id_rsa.pub') }}"
 '''

+import datetime
 import json
 import re

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.urls import fetch_url

+from ansible_collections.community.general.plugins.module_utils.datetime import (
+    now,
+)
+

 API_BASE = 'https://api.github.com'

@@ -151,14 +156,13 @@ def get_all_keys(session):

 def create_key(session, name, pubkey, check_mode):
    if check_mode:
-        from datetime import datetime
-        now = datetime.utcnow()
+        now_t = now()
        return {
            'id': 0,
            'key': pubkey,
            'title': name,
            'url': 'http://example.com/CHECK_MODE_GITHUB_KEY',
-            'created_at': datetime.strftime(now, '%Y-%m-%dT%H:%M:%SZ'),
+            'created_at': datetime.strftime(now_t, '%Y-%m-%dT%H:%M:%SZ'),
            'read_only': False,
            'verified': False
        }
--- a/plugins/modules/gitlab_issue.py
+++ b/plugins/modules/gitlab_issue.py
@@ -143,7 +143,6 @@ from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.api import basic_auth_argument_spec
 from ansible.module_utils.common.text.converters import to_native, to_text

-from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
 from ansible_collections.community.general.plugins.module_utils.gitlab import (
    auth_argument_spec, gitlab_authentication, gitlab, find_project, find_group
 )
@@ -330,13 +329,8 @@ def main():
    state_filter = module.params['state_filter']
    title = module.params['title']

-    gitlab_version = gitlab.__version__
-    if LooseVersion(gitlab_version) < LooseVersion('2.3.0'):
-        module.fail_json(msg="community.general.gitlab_issue requires python-gitlab Python module >= 2.3.0 (installed version: [%s])."
-                             " Please upgrade python-gitlab to version 2.3.0 or above." % gitlab_version)
-
    # check prerequisites and connect to gitlab server
-    gitlab_instance = gitlab_authentication(module)
+    gitlab_instance = gitlab_authentication(module, min_version='2.3.0')

    this_project = find_project(gitlab_instance, project)
    if this_project is None:
--- a/plugins/modules/gitlab_label.py
+++ b/plugins/modules/gitlab_label.py
@@ -222,9 +222,8 @@ labels_obj:
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.api import basic_auth_argument_spec

-from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
 from ansible_collections.community.general.plugins.module_utils.gitlab import (
-    auth_argument_spec, gitlab_authentication, ensure_gitlab_package, find_group, find_project, gitlab
+    auth_argument_spec, gitlab_authentication, ensure_gitlab_package, find_group, find_project
 )


@@ -450,14 +449,7 @@ def main():
    label_list = module.params['labels']
    state = module.params['state']

-    gitlab_version = gitlab.__version__
-    _min_gitlab = '3.2.0'
-    if LooseVersion(gitlab_version) < LooseVersion(_min_gitlab):
-        module.fail_json(msg="community.general.gitlab_label requires python-gitlab Python module >= %s "
-                             "(installed version: [%s]). Please upgrade "
-                             "python-gitlab to version %s or above." % (_min_gitlab, gitlab_version, _min_gitlab))
-
-    gitlab_instance = gitlab_authentication(module)
+    gitlab_instance = gitlab_authentication(module, min_version='3.2.0')

    # find_project can return None, but the other must exist
    gitlab_project_id = find_project(gitlab_instance, gitlab_project)
--- a/plugins/modules/gitlab_milestone.py
+++ b/plugins/modules/gitlab_milestone.py
@@ -206,9 +206,8 @@ milestones_obj:
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.api import basic_auth_argument_spec

-from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
 from ansible_collections.community.general.plugins.module_utils.gitlab import (
-    auth_argument_spec, gitlab_authentication, ensure_gitlab_package, find_group, find_project, gitlab
+    auth_argument_spec, gitlab_authentication, ensure_gitlab_package, find_group, find_project
 )
 from datetime import datetime

@@ -452,14 +451,7 @@ def main():
    milestone_list = module.params['milestones']
    state = module.params['state']

-    gitlab_version = gitlab.__version__
-    _min_gitlab = '3.2.0'
-    if LooseVersion(gitlab_version) < LooseVersion(_min_gitlab):
-        module.fail_json(msg="community.general.gitlab_milestone requires python-gitlab Python module >= %s "
-                             "(installed version: [%s]). Please upgrade "
-                             "python-gitlab to version %s or above." % (_min_gitlab, gitlab_version, _min_gitlab))
-
-    gitlab_instance = gitlab_authentication(module)
+    gitlab_instance = gitlab_authentication(module, min_version='3.2.0')

    # find_project can return None, but the other must exist
    gitlab_project_id = find_project(gitlab_instance, gitlab_project)
--- a/plugins/modules/gitlab_runner.py
+++ b/plugins/modules/gitlab_runner.py
@@ -15,17 +15,20 @@ DOCUMENTATION = '''
 module: gitlab_runner
 short_description: Create, modify and delete GitLab Runners
 description:
-  - Register, update and delete runners with the GitLab API.
+  - Register, update and delete runners on GitLab Server side with the GitLab API.
  - All operations are performed using the GitLab API v4.
-  - For details, consult the full API documentation at U(https://docs.gitlab.com/ee/api/runners.html).
+  - For details, consult the full API documentation at U(https://docs.gitlab.com/ee/api/runners.html)
+    and U(https://docs.gitlab.com/ee/api/users.html#create-a-runner-linked-to-a-user).
  - A valid private API token is required for all operations. You can create as many tokens as you like using the GitLab web interface at
    U(https://$GITLAB_URL/profile/personal_access_tokens).
  - A valid registration token is required for registering a new runner.
    To create shared runners, you need to ask your administrator to give you this token.
    It can be found at U(https://$GITLAB_URL/admin/runners/).
+  - This module does not handle the C(gitlab-runner) process part, but only manages the runner on GitLab Server side through its API.
+    Once the module has created the runner, you may use the generated token to run C(gitlab-runner register) command
 notes:
  - To create a new runner at least the O(api_token), O(description) and O(api_url) options are required.
-  - Runners need to have unique descriptions.
+  - Runners need to have unique descriptions, since this attribute is used as key for idempotency
 author:
  - Samy Coenen (@SamyCoenen)
  - Guillaume Martinez (@Lunik)
@@ -153,7 +156,45 @@ options:
 '''

 EXAMPLES = '''
- name: "Register runner"
+- name: Create an instance-level runner
+  community.general.gitlab_runner:
+    api_url: https://gitlab.example.com/
+    api_token: "{{ access_token }}"
+    description: Docker Machine t1
+    state: present
+    active: true
+    tag_list: ['docker']
+    run_untagged: false
+    locked: false
+  register: runner # Register module output to run C(gitlab-runner register) command in another task
+
+- name: Create a group-level runner
+  community.general.gitlab_runner:
+    api_url: https://gitlab.example.com/
+    api_token: "{{ access_token }}"
+    description: Docker Machine t1
+    state: present
+    active: true
+    tag_list: ['docker']
+    run_untagged: false
+    locked: false
+    group: top-level-group/subgroup
+  register: runner # Register module output to run C(gitlab-runner register) command in another task
+
+- name: Create a project-level runner
+  community.general.gitlab_runner:
+    api_url: https://gitlab.example.com/
+    api_token: "{{ access_token }}"
+    description: Docker Machine t1
+    state: present
+    active: true
+    tag_list: ['docker']
+    run_untagged: false
+    locked: false
+    project: top-level-group/subgroup/project
+  register: runner # Register module output to run C(gitlab-runner register) command in another task
+
+- name: "Register instance-level runner with registration token (deprecated)"
  community.general.gitlab_runner:
    api_url: https://gitlab.example.com/
    api_token: "{{ access_token }}"
@@ -164,6 +205,7 @@ EXAMPLES = '''
    tag_list: ['docker']
    run_untagged: false
    locked: false
+  register: runner # Register module output to run C(gitlab-runner register) command in another task

 - name: "Delete runner"
  community.general.gitlab_runner:
@@ -180,7 +222,7 @@ EXAMPLES = '''
    owned: true
    state: absent

- name: Register runner for a specific project
+- name: "Register a project-level runner with registration token (deprecated)"
  community.general.gitlab_runner:
    api_url: https://gitlab.example.com/
    api_token: "{{ access_token }}"
@@ -188,6 +230,7 @@ EXAMPLES = '''
    description: MyProject runner
    state: present
    project: mygroup/mysubgroup/myproject
+  register: runner # Register module output to run C(gitlab-runner register) command in another task
 '''

 RETURN = '''
@@ -423,6 +466,7 @@ def main():
    state = module.params['state']
    runner_description = module.params['description']
    runner_active = module.params['active']
+    runner_paused = module.params['paused']
    tag_list = module.params['tag_list']
    run_untagged = module.params['run_untagged']
    runner_locked = module.params['locked']
@@ -457,7 +501,7 @@ def main():
            module.exit_json(changed=False, msg="Runner deleted or does not exists")

    if state == 'present':
-        if gitlab_runner.create_or_update_runner(runner_description, {
+        runner_values = {
            "active": runner_active,
            "tag_list": tag_list,
            "run_untagged": run_untagged,
@@ -467,7 +511,11 @@ def main():
            "registration_token": registration_token,
            "group": group,
            "project": project,
-        }):
+        }
+        if LooseVersion(gitlab_runner._gitlab.version()[0]) >= LooseVersion("14.8.0"):
+            # the paused attribute for runners is available since 14.8
+            runner_values["paused"] = runner_paused
+        if gitlab_runner.create_or_update_runner(runner_description, runner_values):
            module.exit_json(changed=True, runner=gitlab_runner.runner_object._attrs,
                             msg="Successfully created or updated the runner %s" % runner_description)
        else:
--- a/plugins/modules/haproxy.py
+++ b/plugins/modules/haproxy.py
@@ -343,7 +343,7 @@ class HAProxy(object):

            if state is not None:
                self.execute(Template(cmd).substitute(pxname=backend, svname=svname))
-                if self.wait:
+                if self.wait and not (wait_for_status == "DRAIN" and state == "DOWN"):
                    self.wait_until_status(backend, svname, wait_for_status)

    def get_state_for(self, pxname, svname):
--- a/plugins/modules/homebrew.py
+++ b/plugins/modules/homebrew.py
@@ -488,6 +488,10 @@ class Homebrew(object):
            self.current_package,
        ]
        rc, out, err = self.module.run_command(cmd)
+        if rc != 0:
+            self.failed = True
+            self.message = err.strip() or ("Unknown failure with exit code %d" % rc)
+            raise HomebrewException(self.message)
        data = json.loads(out)

        return _check_package_in_json(data, "formulae") or _check_package_in_json(data, "casks")
--- a/Show More
+++ b/Show More