diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 9bb4fff..17f9ad4 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -36,6 +36,7 @@ updates:
     #   - dependency-name: ansible
     #   - dependency-name: ansible-core
     #   - dependency-name: molecule
+    #   - dependency-name: pytest-testinfra
     package-ecosystem: pip
     schedule:
       interval: weekly
diff --git a/requirements-test.txt b/requirements-test.txt
index d680733..8d0ac42 100644
--- a/requirements-test.txt
+++ b/requirements-test.txt
@@ -9,20 +9,37 @@
 # as using the dnf package manager, and version 8 is currently the
 # oldest supported version.
 #
-# We have tested against version 9.  We want to avoid automatically
+# Version 10 is required because the pip-audit pre-commit hook
+# identifies a vulnerability in ansible-core 2.16.13, but all versions
+# of ansible 9 have a dependency on ~=2.16.X.
+#
+# It is also a good idea to go ahead and upgrade to version 10 since
+# version 9 is going EOL at the end of November:
+# https://endoflife.date/ansible
+#
+# We have tested against version 10.  We want to avoid automatically
 # jumping to another major version without testing, since there are
 # often breaking changes across major versions.  This is the reason
 # for the upper bound.
-ansible>=9,<10
+ansible>=10,<11
 # ansible-core 2.16.3 through 2.16.6 suffer from the bug discussed in
 # ansible/ansible#82702, which breaks any symlinked files in vars,
 # tasks, etc. for any Ansible role installed via ansible-galaxy.
 # Hence we never want to install those versions.
 #
+# Note that the pip-audit pre-commit hook identifies a vulnerability
+# in ansible-core 2.16.13.  Normally we would pin ansible-core
+# accordingly (>2.16.13), but the above pin of ansible>=10 effectively
+# pins ansible-core to >=2.17 so that's what we do here.
+#
+# It is also a good idea to go ahead and upgrade to ansible-core 2.17
+# since security support for ansible-core 2.16 ends this month:
+# https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix
+#
 # Note that any changes made to this dependency must also be made in
 # requirements.txt in cisagov/skeleton-packer and
 # .pre-commit-config.yaml in cisagov/skeleton-generic.
-ansible-core>=2.16.7
+ansible-core>=2.17
 # With the release of molecule v5 there were some breaking changes so
 # we need to pin at v5 or newer. However, v5.0.0 had an internal
 # dependency issue so we must use the bugfix release as the actual
@@ -30,4 +47,6 @@ ansible-core>=2.16.7
 molecule>=5.0.1
 molecule-plugins[docker]
 pre-commit
-pytest-testinfra
+# pytest-testinfra 10.1.1 contains a fix for SystemdService.exists
+# that is required by some roles' Molecule test code.
+pytest-testinfra>=10.1.1