Skip to content

chore(deps-dev): bump marshmallow from 3.26.2 to 4.2.3#10561

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/master/marshmallow-4.2.3
Closed

chore(deps-dev): bump marshmallow from 3.26.2 to 4.2.3#10561
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/master/marshmallow-4.2.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 2, 2026
edited
Loading

Bumps marshmallow from 3.26.2 to 4.2.3.

Changelog

Sourced from marshmallow's changelog.

4.2.3 (2026-03-25)

Bug fixes:

  • Make marshmallow.fields.Number and marshmallow.fields.Mapping abstract base classes to prevent using them within Schemas (:issue:2924). Thanks :user:MartingaleCoda for reporting.
  • Allow required to be set on marshmallow.fields.Contant (:issue:2900). Thanks :user:nosnickid for the report and :user:worksbyfriday for the PR.
  • Fix marshmallow.validate.OneOf emitting extra pairs when labels outnumber choices (:issue:2869). Thanks: user:T90REAL for the report and :user:rstar327 for the PR.
  • Fix behavior when passing a dot-delimited attribute name to partial for a key with data_key set (:pr:2903). Thanks :user:bysiber for the PR.
  • Fix Enum field by-name lookup to only return actual members (:pr:2902). Thanks :user:bysiber for the PR.
  • marshmallow.fields.DateTime with format="timestamp_ms" properly rejects bool values (:pr:2904). Thanks :user:bysiber for the PR.
  • Fix typing of error_messages argument to marshmallow.fields.Field (:pr:1636). Thanks :user:repole for reporting and :user:dhruvildarji for the PR.

Other changes:

  • Add ipaddress.* to marshmallow.Schema.TYPE_MAPPING (:issue:1695). Thanks :user:liberforce for the suggestion and :user:dhruvildarji for the PR.

4.2.2 (2026-02-04)

Bug fixes:

  • Fix behavior of fields.Contant(None) (:issue:2868). Thanks :user:T90REAL for reporting and emmanuel-ferdman for the fix.

4.2.1 (2026-01-23)

Bug fixes:

  • Fix validation of URLs beginning with uppercare FILE (:issue:2891). Thanks :user:thanhlecongg for reporting and fixing.

4.2.0 (2026-01-04)

Other changes:

  • many argument of Nested properly overrides schema instance value (:pr:2854). Thanks :user:jafournier for the PR.

... (truncated)

Commits
  • be73797 Bump version and update changelog
  • c38b48e Add ipaddress types to Schema.TYPE_MAPPING (#2906)
  • 3bc191a Fix Field.error_messages type to allow dict and list values (#2907)
  • c530f85 Update package metadata to comply with PEP 639 (#2926)
  • 72ac4a0 Reject booleans in from_timestamp_ms, consistent with from_timestamp (#2904)
  • 024b5d0 Fix Enum field by-name lookup to only return actual members (#2902)
  • 252090c Fix nested partial to use attr_name instead of data_key for prefix (#2903)
  • 65374df Fix OneOf.options() emitting phantom entries when labels outnumber choices (#...
  • 070dde0 Fix Constant field with required=True raising ValueError (#2901)
  • fea5428 Make Number and Mapping abstract base classes (#2925)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Dependabot Updates pip Dependabot Updates Python labels Apr 2, 2026
@dependabot dependabot Bot requested a review from a team April 2, 2026 02:51
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 2, 2026
edited
Loading

Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 2, 2026
edited
Loading

⚠️ Changes detected in the following folders without a corresponding update to the CHANGELOG.md:

  • prowler (root dependency files changed)

Please add an entry to the corresponding CHANGELOG.md file to maintain a clear history of changes.

@github-actions github-actions Bot added the community Opened by the Community label Apr 2, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 2, 2026
edited
Loading

🔒 Container Security Scan

Image: prowler:5a53852
Last scan: 2026-04-14 14:47:43 UTC

📊 Vulnerability Summary

Severity Count
🔴 Critical 4
Total 4

4 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

  • Review the detailed scan results
  • Update affected packages to patched versions
  • Consider using a different base image if updates are unavailable

📋 Resources:

@dependabot dependabot Bot force-pushed the dependabot/pip/master/marshmallow-4.2.3 branch 2 times, most recently from 9fbbf7b to 180aead Compare April 9, 2026 13:45
@dependabot
chore(deps-dev): bump marshmallow from 3.26.2 to 4.2.3
4266e8b 
Bumps [marshmallow](https://github.com/marshmallow-code/marshmallow) from 3.26.2 to 4.2.3.
- [Changelog](https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst)
- [Commits](marshmallow-code/marshmallow@3.26.2...4.2.3)

---
updated-dependencies:
- dependency-name: marshmallow
  dependency-version: 4.2.3
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/master/marshmallow-4.2.3 branch from 180aead to 4266e8b Compare April 14, 2026 14:37
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 16, 2026

Superseded by #10739.

@dependabot dependabot Bot closed this Apr 16, 2026
@dependabot dependabot Bot deleted the dependabot/pip/master/marshmallow-4.2.3 branch April 16, 2026 11:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

community Opened by the Community dependencies Dependabot Updates pip Dependabot Updates Python

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants