Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: tox-dev/tox
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 4.50.3
Choose a base ref
...
head repository: tox-dev/tox
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 4.51.0
Choose a head ref
  • 7 commits
  • 25 files changed
  • 5 contributors

Commits on Mar 23, 2026

  1. [pre-commit.ci] pre-commit autoupdate (#3893) 

    <!--pre-commit.ci start-->
updates:
- [github.com/tox-dev/pyproject-fmt: v2.18.1 →
v2.20.0](tox-dev/pyproject-fmt@v2.18.1...v2.20.0)
- [github.com/astral-sh/ruff-pre-commit: v0.15.6 →
v0.15.7](astral-sh/ruff-pre-commit@v0.15.6...v0.15.7)
<!--pre-commit.ci end-->

---------

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
    @pre-commit-ci
    pre-commit-ci[bot] authored Mar 23, 2026
    Configuration menu
    Copy the full SHA
    140f8ae View commit details
    Browse the repository at this point in the history

Commits on Mar 25, 2026

  1. 🔒 ci(workflows): add zizmor security auditing (#3896) 

    GitHub Actions workflows were vulnerable to several security issues
including template injection, credential exposure, and permission
over-scoping. These vulnerabilities could allow attackers to execute
arbitrary code or access sensitive tokens.

This change adds `zizmor` as a pre-commit hook to continuously audit
workflow security and fixes all existing vulnerabilities. The fixes
include pinning actions to commit hashes, moving secrets to dedicated
environments, isolating GitHub context from shell execution, and
restricting permissions to the minimum required scope.

All workflows now pass security audit with zero findings. Future
workflow changes will be automatically checked before commit.

---------

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
    @gaborbernat @pre-commit-ci
    gaborbernat and pre-commit-ci[bot] authored Mar 25, 2026
    Configuration menu
    Copy the full SHA
    16df4d8 View commit details
    Browse the repository at this point in the history

Commits on Mar 27, 2026

  1. Add base_python_file config option (#3899)

    @rahuldevikar
    rahuldevikar authored Mar 27, 2026
    Configuration menu
    Copy the full SHA
    106f036 View commit details
    Browse the repository at this point in the history

  2. prevent machine ISA from overriding explicit env factors (#3904) 

    - Machine ISA (e.g., arm64 from sysconfig.get_platform()) is no longer
unconditionally added as an implicit factor, preventing it from
conflicting with explicit ISA factors in the env name
- When the env name contains an explicit ISA (e.g., py39-x86_64), only
that ISA's factor conditions match — the machine's ISA is excluded
- When no env factor conflicts (e.g., env is just py39), the machine ISA
still works as an implicit factor
- Fix applied to both INI (filter_for_env) and TOML (_replace_if_toml)
config paths

<!-- Thank you for your contribution!

Please, make sure you address all the checklists (for details on how see
[development
documentation](http://tox.readthedocs.org/en/latest/development.html#development))!
-->

- [ ] ran the linter to address style issues (`tox -e fix`)
- [ ] wrote descriptive pull request text
- [ ] ensured there are test(s) validating the fix
- [ ] added news fragment in `docs/changelog` folder
- [ ] updated/extended the documentation

---------

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
    @rahuldevikar @pre-commit-ci
    rahuldevikar and pre-commit-ci[bot] authored Mar 27, 2026
    Configuration menu
    Copy the full SHA
    451aa9c View commit details
    Browse the repository at this point in the history

  3. 🐛 fix(config): fix handling of env_list in nested contexts (#3905)

    @Daverball
    Daverball authored Mar 27, 2026
    Configuration menu
    Copy the full SHA
    8c9c199 View commit details
    Browse the repository at this point in the history

  4. fix: enable persist-credentials for release workflow (#3907) 

    Re-enable persist-credentials: true in the prepare-release workflow
checkout step

<!-- Thank you for your contribution!

Please, make sure you address all the checklists (for details on how see
[development
documentation](http://tox.readthedocs.org/en/latest/development.html#development))!
-->

- [ ] ran the linter to address style issues (`tox -e fix`)
- [ ] wrote descriptive pull request text
- [ ] ensured there are test(s) validating the fix
- [ ] added news fragment in `docs/changelog` folder
- [ ] updated/extended the documentation

---------

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
    @rahuldevikar @pre-commit-ci
    rahuldevikar and pre-commit-ci[bot] authored Mar 27, 2026
    Configuration menu
    Copy the full SHA
    b5f9b13 View commit details
    Browse the repository at this point in the history

  5. release 4.51.0

    @gaborbernat
    gaborbernat committed Mar 27, 2026
    Configuration menu
    Copy the full SHA
    5f1ec1a View commit details
    Browse the repository at this point in the history
Loading