build: Remove tox constraint.

The `tox` package is already 6 minor revisions ahead at 4.6.4. If there are still plugins that don't support 4.x.x, then they are likely stagnant and need to be removed or updated ourselves. However, as long as we keep this constraint here, we can't easily find and fix those issues. In many of the cases, this constraint was added due to the incompatibility of tox-battery with tox 4.x.x. However, tox-battery has updated its `install_requires` to be explicit of this dependency. https://github.com/signalpillar/tox-battery/blob/master/setup.py#L20 Another issue we're running into is that some of the dependencies of tox are starting to publish security vulnerabilities. It's lower risk since this is in dev and CI but leaving this as is will increase security noise making it harder to respnod to real signals. Specifically, tox<4.0.0 depends on a version of `py` which has a security vulnerability. Dependabot is picking this up and making some noise in a lot of our repos.
openedx · Jul 12, 2023 · 9281bb7 · 9281bb7
1 parent 7573005
commit 9281bb7
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 5 deletions.
diff --git a/edx_lint/__init__.py b/edx_lint/__init__.py
@@ -2,4 +2,4 @@
 edx_lint standardizes lint configuration and additional plugins for use in
 Open edX code.
 """
-__version__ = "5.3.4"
+__version__ = "5.3.5"
diff --git a/edx_lint/files/common_constraints.txt b/edx_lint/files/common_constraints.txt
@@ -21,7 +21,3 @@ elasticsearch<7.14.0
 
 # django-simple-history>3.0.0 adds indexing and causes a lot of migrations to be affected
 django-simple-history==3.0.0
-
-# tox>4.0.0 isn't yet compatible with many tox plugins, causing CI failures in almost all repos.
-# Details can be found in this discussion: https://github.com/tox-dev/tox/discussions/1810
-tox<4.0.0