build(deps-dev): update tox requirement from 4.54.0 to 4.55.0

[dependabot]

Updates the requirements on tox to permit the latest version.

Release notes

Sourced from tox's releases.

v4.55.0

What's Changed

• 👷 ci(schemastore): sync fork before pushing branch by @​gaborbernat in tox-dev/tox#3942
• feat: Also pass TERMINFO when in an interactive shell by @​edgarrmondragon in tox-dev/tox#3946
• 🐛 fix(pip): skip constrain_package_deps when constraints is set by @​gaborbernat in tox-dev/tox#3948

Full Changelog: tox-dev/tox@4.54.0...4.55.0

Changelog

Sourced from tox's changelog.

Features - 4.55.0

• Automatically pass the TERMINFO environment variable to tox subprocesses if the output is a TTY. This variable is used by Ghostty to communicate terminal capabilities to programs. (:issue:3946)

Bug fixes - 4.55.0

• When the constraints configuration option is set, constrain_package_deps and use_frozen_constraints are now ignored. Previously, both the user-provided constraints file and the auto-generated constraints file were passed to pip during install_package_deps, which could cause resolver conflicts when the same package appeared in both files - by :user:gaborbernat. (:issue:3945) (:issue:3945)

---

v4.54.0 (2026-05-12)

---

Features - 4.54.0

• Declare the runtime dependencies of the tox.pytest plugin (pytest, devpi-process and pytest-mock) under a new testing extra, so plugin authors can pull them in via tox[testing] - by :user:gaborbernat. (:issue:3938, :issue:3940)

Bug fixes - 4.54.0

• Extend the generated TOML schema to cover every replace table form (env, ref, posargs, glob, if), including conditional replacements used inside commands. A guard test asserts the schema stays in sync with the loader implementation so future replace types cannot be added without a corresponding schema entry. (:issue:3939)

---

v4.53.1 (2026-05-02)

---

Bug fixes - 4.53.1

• Hardening pass on user-facing logging and config parsing:

  • Mask secret-looking --key=value flag values in command logs (terminal warnings, .tox/<env>/log/*.log, and Outcome __repr__) using the same keyword regex previously applied to environment variable values.
  • Resolve PEP 723 script paths and reject any that escape tox_root; cap the script read at 5 MiB so a symlink to /dev/zero cannot exhaust memory.
  • Replace eval() of a constructed Literal[...] string in the CLI parser with a direct Literal[tuple(action.choices)] subscript.
  • Pass timeout=30 to urlopen when fetching a remote requirements file so a slow or unresponsive mirror cannot hang tox indefinitely. (:issue:3924)

... (truncated)

Commits

• 928b7f0 release 4.55.0
• a43427f 🐛 fix(pip): skip constrain_package_deps when constraints is set (#3948)
• 27b68b3 [pre-commit.ci] pre-commit autoupdate (#3947)
• 4e6627c feat: Also pass TERMINFO when in an interactive shell (#3946)
• 10c431c [pre-commit.ci] pre-commit autoupdate (#3943)
• c86e876 👷 ci(schemastore): sync fork before pushing branch (#3942)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)