Bump tox from 4.50.3 to 4.51.0

[dependabot]

Bumps tox from 4.50.3 to 4.51.0.

Release notes

Sourced from tox's releases.

v4.51.0

What's Changed

• 🔒 ci(workflows): add zizmor security auditing by @​gaborbernat in tox-dev/tox#3896
• Add base_python_file config option by @​rahuldevikar in tox-dev/tox#3899
• prevent machine ISA from overriding explicit env factors by @​rahuldevikar in tox-dev/tox#3904
• 🐛 fix(config): fix handling of env_list in nested contexts by @​Daverball in tox-dev/tox#3905
• fix: enable persist-credentials for release workflow by @​rahuldevikar in tox-dev/tox#3907

New Contributors

• @​Daverball made their first contribution in tox-dev/tox#3905

Full Changelog: tox-dev/tox@4.50.3...4.51.0

Changelog

Sourced from tox's changelog.

Features - 4.51.0

• Add base_python_file configuration option to read the base Python version from a file (e.g. .python-version), similar to GitHub Actions' python-version-file - by :user:rahuldevikar (:issue:3894)

Bug fixes - 4.51.0

• Prevent implicit machine ISA (e.g. arm64, x86_64) from overriding explicit architecture factors in environment names, fixing cross-architecture conflicts in multiline factor conditionals - by :user:rahuldevikar. (:issue:3903)
• Nested environment list configuration values are now properly parsed, validated and expanded by the TOML parser. This allows you to use generative environment lists in tox-gh via the TOML format. Previously this was only possible with the INI format. - by :user:Daverball (:issue:3905)

Miscellaneous internal changes - 4.51.0

• Enable persist-credentials: true in the actions/checkout step of the prepare-release workflow so that git push operations succeed during automated releases - by :user:rahuldevikar. (:issue:3907)

---

v4.50.3 (2026-03-20)

---

Commits

• 5f1ec1a release 4.51.0
• b5f9b13 fix: enable persist-credentials for release workflow (#3907)
• 8c9c199 🐛 fix(config): fix handling of env_list in nested contexts (#3905)
• 451aa9c prevent machine ISA from overriding explicit env factors (#3904)
• 106f036 Add base_python_file config option (#3899)
• 16df4d8 🔒 ci(workflows): add zizmor security auditing (#3896)
• 140f8ae [pre-commit.ci] pre-commit autoupdate (#3893)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)