From 9281bb715d7106bed542ed05f17dee34e3e2e38b Mon Sep 17 00:00:00 2001 From: Feanil Patel Date: Wed, 12 Jul 2023 14:02:00 -0400 Subject: [PATCH] build: Remove tox constraint. The `tox` package is already 6 minor revisions ahead at 4.6.4. If there are still plugins that don't support 4.x.x, then they are likely stagnant and need to be removed or updated ourselves. However, as long as we keep this constraint here, we can't easily find and fix those issues. In many of the cases, this constraint was added due to the incompatibility of tox-battery with tox 4.x.x. However, tox-battery has updated its `install_requires` to be explicit of this dependency. https://github.com/signalpillar/tox-battery/blob/master/setup.py#L20 Another issue we're running into is that some of the dependencies of tox are starting to publish security vulnerabilities. It's lower risk since this is in dev and CI but leaving this as is will increase security noise making it harder to respnod to real signals. Specifically, tox<4.0.0 depends on a version of `py` which has a security vulnerability. Dependabot is picking this up and making some noise in a lot of our repos. --- edx_lint/__init__.py | 2 +- edx_lint/files/common_constraints.txt | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/edx_lint/__init__.py b/edx_lint/__init__.py index 9cbbba3..5b858ce 100644 --- a/edx_lint/__init__.py +++ b/edx_lint/__init__.py @@ -2,4 +2,4 @@ edx_lint standardizes lint configuration and additional plugins for use in Open edX code. """ -__version__ = "5.3.4" +__version__ = "5.3.5" diff --git a/edx_lint/files/common_constraints.txt b/edx_lint/files/common_constraints.txt index afe6aa8..15aafb2 100644 --- a/edx_lint/files/common_constraints.txt +++ b/edx_lint/files/common_constraints.txt @@ -21,7 +21,3 @@ elasticsearch<7.14.0 # django-simple-history>3.0.0 adds indexing and causes a lot of migrations to be affected django-simple-history==3.0.0 - -# tox>4.0.0 isn't yet compatible with many tox plugins, causing CI failures in almost all repos. -# Details can be found in this discussion: https://github.com/tox-dev/tox/discussions/1810 -tox<4.0.0