Bump tox from 3.14.6 to 4.28.1

[dependabot]

Bumps tox from 3.14.6 to 4.28.1.

Release notes

Sourced from tox's releases.

4.28.1

What's Changed

• Fix an issue number typo in changelog by @​hroncok in tox-dev/tox#3563
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in tox-dev/tox#3564
• Only use tarfile.data_filter when it's available by @​gaborbernat in tox-dev/tox#3566

Full Changelog: tox-dev/tox@4.28.0...4.28.1

4.28.0

What's Changed

• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in tox-dev/tox#3548
• [docs] Document how to require a plugin by @​stephenfin in tox-dev/tox#3552
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in tox-dev/tox#3554
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in tox-dev/tox#3558
• Add [testenv] constraints option by @​stephenfin in tox-dev/tox#3556
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in tox-dev/tox#3562
• Allow disabling plugins on a one-off by @​gaborbernat in tox-dev/tox#3560

Full Changelog: tox-dev/tox@4.27.0...4.28.0

4.27.0

What's Changed

• Feat: include free_threaded flag in result-json by @​robsdedude in tox-dev/tox#3534
• Add security policy by @​jugmac00 in tox-dev/tox#3535
• Fix dependency-group name normalization by @​robsdedude in tox-dev/tox#3540
• Log environment variables sorted by key while redacting values of unsafe ones by @​ssbarnea in tox-dev/tox#3543

Full Changelog: tox-dev/tox@4.26.0...4.27.0

4.26.0

What's Changed

• Add a missing quote in a TOML example @ config.rst by @​webknjaz in tox-dev/tox#3509
• Add colour to GitHub Actions CI logs by @​hugovk in tox-dev/tox#3525
• Fix using deprecated virtualenv option --wheel by @​robsdedude in tox-dev/tox#3528
• Fix custom HelpFormatter for Python 3.14 by @​The-Compiler in tox-dev/tox#3524
• Drop support for EOL Python 3.8 by @​hugovk in tox-dev/tox#3527
• Test with Python 3.14 by @​edgarrmondragon in tox-dev/tox#3533
• Fix for tox4 regression issue with setenv file and substitutions (#2435) by @​realitycheck in tox-dev/tox#3521
• Feat: free-threaded python support by @​robsdedude in tox-dev/tox#3526

... (truncated)

Changelog

Sourced from tox's changelog.

v4.28.1 (2025-07-22)

Bugfixes - 4.28.1

- Use `tarfile.data_filter <https://docs.python.org/3/library/tarfile.html#tarfile.data_filter>`_ with ``extractall``
  only on supported Python versions:

&gt;= 3.11.4
&gt;= 3.10.12 and &lt; 3.11
&gt;= 3.9.17 and &lt; 3.10

by :user:gaborbernat. (:issue:3565)
v4.28.0 (2025-07-20)
Features - 4.28.0

• Added constraints to allow specifying constraints files for all dependencies. (:issue:3550)
• Allow disabling tox plugins via the TOX_DISABLED_EXTERNAL_PLUGINS environment variable - by :user:gaborbernat. (:issue:3468)

Improved Documentation - 4.28.0

- The ``min_version``/``minversion`` config option is deprecated in favor of the ``requires`` option. (:issue:`3553`)
v4.27.0 (2025-06-17)
Features - 4.27.0
- Add ``free_threaded`` flag to to ``"python"`` entries in json output of ``--result-json``. (:issue:`3534`)
Bugfixes - 4.27.0



Fix dependency-group name normalization. (:issue:3539)
Improves logging of environment variables by sorting them by key and redacting
the values for the ones that are likely to contain secrets. (:issue:3542)

v4.26.0 (2025-05-13)
Features - 4.26.0
- Add support for free-threaded python builds.
  Factors like ``py313t`` will only pick builds with the GIL disabled while factors without trailing ``t`` will only pick
  builds without no-GIL support. (:issue:`3391`)
- Drop support for EOL Python 3.8. (:issue:`3527`)
Bugfixes - 4.26.0

</tr></table>

</code></pre>

</blockquote>

<p>... (truncated)</p>

</details>

<details>

<summary>Commits</summary>
<ul>

<li><a href="https://github.com/tox-dev/tox/commit/c836ab2727992329ffa61330d1aeb524e6d265f0&quot;&gt;&lt;code&gt;c836ab2&lt;/code&gt;&lt;/a> release 4.28.1</li>

<li><a href="https://github.com/tox-dev/tox/commit/c343b26717d314d59bb22252c5d61d7c4e9e03cb&quot;&gt;&lt;code&gt;c343b26&lt;/code&gt;&lt;/a> Only use tarfile.data_filter when it's available (<a href="https://redirect.github.com/tox-dev/tox/issues/3566&quot;&gt;#3566&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/tox-dev/tox/commit/753dd626564cec7f7b6756d86bc22e2cdfcdcbc3&quot;&gt;&lt;code&gt;753dd62&lt;/code&gt;&lt;/a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/tox-dev/tox/issues/3564&quot;&gt;#3564&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/tox-dev/tox/commit/5462892379b51d4fdf4ffdebd294ecac7a44720a&quot;&gt;&lt;code&gt;5462892&lt;/code&gt;&lt;/a> Fix an issue number typo in changelog (<a href="https://redirect.github.com/tox-dev/tox/issues/3563&quot;&gt;#3563&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/tox-dev/tox/commit/af94e62e3ac401b4bd9e41b2e1b81cb395ca5502&quot;&gt;&lt;code&gt;af94e62&lt;/code&gt;&lt;/a> release 4.28.0</li>

<li><a href="https://github.com/tox-dev/tox/commit/55af14a2fd71aa6442a9a027c6d59646e190e2ac&quot;&gt;&lt;code&gt;55af14a&lt;/code&gt;&lt;/a> Allow disabling plugins on a one-off (<a href="https://redirect.github.com/tox-dev/tox/issues/3560&quot;&gt;#3560&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/tox-dev/tox/commit/57b5dc611a123b2a25fd0b68b78054e03f1ee3c1&quot;&gt;&lt;code&gt;57b5dc6&lt;/code&gt;&lt;/a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/tox-dev/tox/issues/3562&quot;&gt;#3562&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/tox-dev/tox/commit/e2ff114a72e2d5e39338ed32ef662a742349e606&quot;&gt;&lt;code&gt;e2ff114&lt;/code&gt;&lt;/a> Add <code>[testenv] constraints</code> option (<a href="https://redirect.github.com/tox-dev/tox/issues/3556&quot;&gt;#3556&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/tox-dev/tox/commit/7138c382b84947195e6809d55de96d557db352e8&quot;&gt;&lt;code&gt;7138c38&lt;/code&gt;&lt;/a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/tox-dev/tox/issues/3558&quot;&gt;#3558&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/tox-dev/tox/commit/3c4497c988e1e4f90a7e29397fea57f026f9f713&quot;&gt;&lt;code&gt;3c4497c&lt;/code&gt;&lt;/a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/tox-dev/tox/issues/3554&quot;&gt;#3554&lt;/a&gt;)&lt;/li>

<li>Additional commits viewable in <a href="https://github.com/tox-dev/tox/compare/3.14.6...4.28.1&quot;&gt;compare view</a></li>

</ul>

</details>
<br />



Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #261.