build(deps): Bump the ci group in /.github/workflows with 2 updates

[dependabot]

Bumps the ci group in /.github/workflows with 2 updates: tox and tox-uv.

Updates tox from 4.47.3 to 4.49.1

Release notes

Sourced from tox's releases.

v4.49.1

What's Changed

• Update maintainers by @​rahuldevikar in tox-dev/tox#3868
• 🐛 fix(run): break deadlock in execution interrupt chain by @​gaborbernat in tox-dev/tox#3869

Full Changelog: tox-dev/tox@4.49.0...4.49.1

v4.49.0

What's Changed

• ✨ feat(config): add {factor:label} substitution for TOML by @​gaborbernat in tox-dev/tox#3865
• 🐛 fix(legacy): initialize config_format and output_file for --showconfig by @​rares985 in tox-dev/tox#3867

New Contributors

• @​rares985 made their first contribution in tox-dev/tox#3867

Full Changelog: tox-dev/tox@4.48.1...4.49.0

v4.48.1

What's Changed

• Replace archived 31z4/tox Docker image with build-your-own guide by @​rahuldevikar in tox-dev/tox#3864
• 🐛 fix(toml): extract args from Command in ref replacement by @​gaborbernat in tox-dev/tox#3863

Full Changelog: tox-dev/tox@4.48.0...4.48.1

v4.48.0

What's Changed

• Add fail_fast to config reference docs by @​rahuldevikar in tox-dev/tox#3853
• ✨ feat(config): add --format json/toml and -o to config command by @​gaborbernat in tox-dev/tox#3857

Full Changelog: tox-dev/tox@4.47.3...4.48.0

Changelog

Sourced from tox's changelog.

Bug fixes - 4.49.1

• Break deadlock in execution interrupt chain that caused ~18 flaky timeout failures across 9 tests on Windows/macOS CI
  • by :user:gaborbernat. (:issue:3869)

---

v4.49.0 (2026-03-06)

---

Features - 4.49.0

• Add {factor:label} substitution for TOML configs -- factor groups in product matrices and env_base factors can now be labeled with single-key dicts (e.g., {ecosystem = ["oci", "python"]}), enabling {factor:ecosystem} in any string value (descriptions, commands, etc.) to resolve to the active factor. Plain lists automatically get positional labels ({factor:0}, {factor:1}, ...) - by :user:gaborbernat. (:issue:3860) (:issue:3860)

Bug fixes - 4.49.0

• Fix --showconfig and --help-ini legacy flags raising AttributeError after config format options were added
  • by :user:rares985 (:issue:3866)

---

v4.48.1 (2026-03-06)

---

Bug fixes - 4.48.1

• Command-type configuration values like list_dependencies_command can now be referenced in TOML using the structured {replace = "ref"} syntax. The reference automatically extracts the command's argument list for compatibility with TOML's list[list[str]] structure - by :user:gaborbernat. (:issue:3830)

Improved documentation - 4.48.1

• Replace archived 31z4/tox Docker image recommendation with instructions for building your own image using the official Python base image and uv - by :user:rahuldevikar. (:issue:3855)

---

v4.48.0 (2026-03-05)

---

Features - 4.48.0

• Add --format flag (ini, json, toml) and -o/--output-file to the config command for machine-readable output with native types. JSON and TOML use the same key structure as tox.toml (env.<name>

... (truncated)

Commits

• 142b077 release 4.49.1
• e3876f3 🐛 fix(run): break deadlock in execution interrupt chain (#3869)
• 3aa8135 [pre-commit.ci] pre-commit autoupdate (#3872)
• 8536955 Update maintainers (#3868)
• 6c452bb release 4.49.0
• 1c59d54 🐛 fix(legacy): initialize config_format and output_file for --showconfig (#3867)
• 2382601 ✨ feat(config): add {factor:label} substitution for TOML (#3865)
• ccf173f release 4.48.1
• 113bcf8 🐛 fix(toml): extract args from Command in ref replacement (#3863)
• fc50406 Replace archived 31z4/tox Docker image with build-your-own guide (#3864)
• Additional commits viewable in compare view

Updates tox-uv from 1.33.1 to 1.33.2

Release notes

Sourced from tox-uv's releases.

1.33.2

What's Changed

• 🐛 fix(venv): resolve Python spec from env name when tox passes fallback path by @​gaborbernat in tox-dev/tox-uv#308

Full Changelog: tox-dev/tox-uv@1.33.1...1.33.2

Commits

• ef8450c [pre-commit.ci] pre-commit autoupdate (#307)
• 906a243 🐛 fix(venv): resolve Python spec from env name when tox passes fallback path ...
• 37d1adb [pre-commit.ci] pre-commit autoupdate (#306)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions