Bump marshmallow from 3.26.1 to 4.0.0 #981

dependabot · 2025-04-17T18:09:55Z

Bumps marshmallow from 3.26.1 to 4.0.0.

Changelog

4.0.0 (2025-04-16)

See :ref:upgrading_4_0 for a guide on updating your code.

Features:

Typing: Add types to all Field <marshmallow.fields.Field> constructor kwargs (:issue:2285). Thanks :user:navignaw for the suggestion.

DateTime <marshmallow.fields.DateTime>, Date <marshmallow.fields.Date>, Time <marshmallow.fields.Time>, TimeDelta <marshmallow.fields.TimeDelta>, and Enum <marshmallow.fields.Enum> accept their internal value types as valid input (:issue:1415). Thanks :user:bitdancer for the suggestion.

@validates <marshmallow.validates> accepts multiple field names (:issue:1960). Backwards-incompatible: Decorated methods now receive data_key as a keyword argument. Thanks :user:dpriskorn for the suggestion and :user:dharani7998 for the PR.

Other changes:

Typing: Field <marshmallow.fields.Field> is now a generic type with a type argument for the internal value type.

marshmallow.fields.UUID no longer subclasses marshmallow.fields.String.

Backwards-incompatible: Use datetime.date.fromisoformat, datetime.time.fromisoformat, and datetime.datetime.fromisoformat from the standard library to deserialize dates, times and datetimes (:pr:2078).

marshmallow.Schema.load no longer silently fails to call schema validators when a generator is passed (:issue:1898). The typing of data is also updated to be more accurate. Thanks :user:ziplokk1 for reporting.

As a consequence of this change:

Time with time offsets are now supported.

YYYY-MM-DD is now accepted as a datetime and deserialized as naive 00:00 AM.

from_iso_date, from_iso_time and from_iso_datetime are removed from marshmallow.utils.

Remove isoformat, to_iso_time and to_iso_datetime from marshmallow.utils (:pr:2766).

Remove from_rfc, and rfcformat from marshmallow.utils (:pr:2767).

Remove is_keyed_tuple from marshmallow.utils (:pr:2768).

Remove get_fixed_timezone from marshmallow.utils (:pr:2773).

Backwards-incompatible: marshmallow.fields.Boolean no longer serializes non-boolean values (:pr:2725).

Backwards-incompatible: Rename schema parameter to parent in marshmallow.fields.Field._bind_to_schema (:issue:1360).

Backwards-incompatible: Rename pass_many parameter to pass_collection in pre/post processing methods (:issue:1369).

Backwards-incompatible: marshmallow.fields.TimeDelta no longer truncates float values when deserializing (:pr:2654). This allows microseconds to be preserved, e.g.

.. code-block:: python
from marshmallow import fields
field = fields.TimeDelta()
Before
field.deserialize(12.9)

... (truncated)

Commits

84b1596 Bump version and update changelog
a715b9e Bump sphinx-issues from 5.0.0 to 5.0.1 (#2819)
5c136b1 [pre-commit.ci] pre-commit autoupdate (#2817)
df1daf0 Bump sphinxext-opengraph from 0.9.1 to 0.10.0 (#2818)
2fc8207 @validates accepts multiple field names (#1965)
b7026f3 Bump sphinx from 8.1.3 to 8.2.3
c495e52 [pre-commit.ci] pre-commit autoupdate
f0c6afb Add missing fields to all (#2809)
ef06fbe [pre-commit.ci] pre-commit autoupdate (#2808)
ffedbfe Merge branch '3.x-line' into dev
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [marshmallow](https://github.com/marshmallow-code/marshmallow) from 3.26.1 to 4.0.0. - [Changelog](https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst) - [Commits](marshmallow-code/marshmallow@3.26.1...4.0.0) --- updated-dependencies: - dependency-name: marshmallow dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 17, 2025

github-actions bot enabled auto-merge (squash) April 17, 2025 18:10

dependabot bot force-pushed the dependabot/pip/marshmallow-4.0.0 branch from acd809a to b4dfad9 Compare April 21, 2025 18:42

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump marshmallow from 3.26.1 to 4.0.0 #981

Bump marshmallow from 3.26.1 to 4.0.0 #981

dependabot bot commented on behalf of github Apr 17, 2025 •

edited

Loading

Before

Bump marshmallow from 3.26.1 to 4.0.0 #981

Are you sure you want to change the base?

Bump marshmallow from 3.26.1 to 4.0.0 #981

Conversation

dependabot bot commented on behalf of github Apr 17, 2025 • edited Loading

Before

dependabot bot commented on behalf of github Apr 17, 2025 •

edited

Loading