Skip to content

Commit

Permalink
build: Remove tox constraint.
Browse files Browse the repository at this point in the history 
The `tox` package is already 6 minor revisions ahead at 4.6.4.  If there
are still plugins that don't support 4.x.x, then they are likely
stagnant and need to be removed or updated ourselves.

However, as long as we keep this constraint here, we can't easily find
and fix those issues.  In many of the cases, this constraint was added
due to the incompatibility of tox-battery with tox 4.x.x.  However,
tox-battery has updated its `install_requires` to be explicit of this
dependency.

https://github.com/signalpillar/tox-battery/blob/master/setup.py#L20

Another issue we're running into is that some of the dependencies of tox
are starting to publish security vulnerabilities.  It's lower risk since
this is in dev and CI but leaving this as is will increase security
noise making it harder to respnod to real signals.

Specifically, tox<4.0.0 depends on a version of `py` which has a
security vulnerability.  Dependabot is picking this up and making some
noise in a lot of our repos.
  • Loading branch information
@feanil
feanil authored and Feanil Patel committed Oct 12, 2023
1 parent f7762f5 commit 635e31c
Showing 1 changed file with 0 additions and 4 deletions.
4 changes: 0 additions & 4 deletions edx_lint/files/common_constraints.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,3 @@ elasticsearch<7.14.0

# django-simple-history>3.0.0 adds indexing and causes a lot of migrations to be affected
django-simple-history==3.0.0

# tox>4.0.0 isn't yet compatible with many tox plugins, causing CI failures in almost all repos.
# Details can be found in this discussion: https://github.com/tox-dev/tox/discussions/1810
tox<4.0.0

0 comments on commit 635e31c

Please sign in to comment.