Skip to content

build(deps-dev): bump tox from 4.53.0 to 4.53.1#194

Merged
github-actions[bot] merged 1 commit into
developfrom
dependabot/pip/tox-4.53.1
May 12, 2026
Merged

build(deps-dev): bump tox from 4.53.0 to 4.53.1#194
github-actions[bot] merged 1 commit into
developfrom
dependabot/pip/tox-4.53.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 12, 2026

Copy link
Copy Markdown
Contributor

Bumps tox from 4.53.0 to 4.53.1.

Release notes

Sourced from tox's releases.

v4.53.1

What's Changed

New Contributors

Full Changelog: tox-dev/tox@4.53.0...4.53.1

Changelog

Sourced from tox's changelog.

Bug fixes - 4.53.1

  • Hardening pass on user-facing logging and config parsing:

    • Mask secret-looking --key=value flag values in command logs (terminal warnings, .tox/<env>/log/*.log, and Outcome __repr__) using the same keyword regex previously applied to environment variable values.
    • Resolve PEP 723 script paths and reject any that escape tox_root; cap the script read at 5 MiB so a symlink to /dev/zero cannot exhaust memory.
    • Replace eval() of a constructed Literal[...] string in the CLI parser with a direct Literal[tuple(action.choices)] subscript.
    • Pass timeout=30 to urlopen when fetching a remote requirements file so a slow or unresponsive mirror cannot hang tox indefinitely. (:issue:3924)
  • Allow the generated TOML schema to validate array values for deps. (:issue:3929)

  • Correct type annotations for ArgumentParser.parse_args and parse_known_args overrides following typeshed PR [#15613](https://github.com/tox-dev/tox/issues/15613) <https://github.com/python/typeshed/pull/15613>_, which widened the args parameter from Sequence[str] to Iterable[str]. The narrower type in tox's overrides violated the Liskov substitution principle and caused invalid-method-override errors with ty 0.0.33. Also correct the option_spec annotation in docs/tox_conf.py to ClassVar[dict[str, Callable[[str], Any]]] matching the docutils stubs type. (:issue:3932)


v4.53.0 (2026-04-14)


Commits
  • 2b17791 release 4.53.1
  • 86234dd fix: allow deps arrays in TOML schema (#3931)
  • dd305fe 🐛 fix(type): correct argparse override signatures for ty 0.0.33 (#3932)
  • 3aa3cd5 [pre-commit.ci] pre-commit autoupdate
  • 59b6cd2 build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 (#3928)
  • 3765fcd [pre-commit.ci] pre-commit autoupdate (#3927)
  • b76c383 build(deps): bump actions/cache from 5.0.4 to 5.0.5 (#3926)
  • 7b0ad94 build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#3925)
  • 4dcde44 🐛 fix(security): harden user-facing logs and untrusted inputs (#3924)
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 12, 2026
@github-actions github-actions Bot enabled auto-merge (squash) May 12, 2026 02:56
@github-actions

github-actions Bot commented May 12, 2026

Copy link
Copy Markdown
Contributor

☂️ Code Coverage

current status: ✅

Overall Coverage

Statements Covered Coverage Threshold Status
680 556 82% 70% 🟢

New Files

No new covered files...

Modified Files

No covered modified files...

updated for commit: b34d3d5 by action🐍

Bumps [tox](https://github.com/tox-dev/tox) from 4.53.0 to 4.53.1.
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst)
- [Commits](tox-dev/tox@4.53.0...4.53.1)

---
updated-dependencies:
- dependency-name: tox
  dependency-version: 4.53.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/tox-4.53.1 branch from b62db6e to b34d3d5 Compare May 12, 2026 03:02
@sonarqubecloud

Copy link
Copy Markdown

@github-actions github-actions Bot merged commit e0dc0f4 into develop May 12, 2026
13 checks passed
@github-actions github-actions Bot deleted the dependabot/pip/tox-4.53.1 branch May 12, 2026 03:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants