Skip to content

Bump marshmallow from 4.0.1 to 4.2.3#180

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/marshmallow-4.2.3
Closed

Bump marshmallow from 4.0.1 to 4.2.3#180
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/marshmallow-4.2.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 26, 2026

Copy link
Copy Markdown
Contributor

Bumps marshmallow from 4.0.1 to 4.2.3.

Changelog

Sourced from marshmallow's changelog.

4.2.3 (2026-03-25)

Bug fixes:

  • Make marshmallow.fields.Number and marshmallow.fields.Mapping abstract base classes to prevent using them within Schemas (:issue:2924). Thanks :user:MartingaleCoda for reporting.
  • Allow required to be set on marshmallow.fields.Contant (:issue:2900). Thanks :user:nosnickid for the report and :user:worksbyfriday for the PR.
  • Fix marshmallow.validate.OneOf emitting extra pairs when labels outnumber choices (:issue:2869). Thanks: user:T90REAL for the report and :user:rstar327 for the PR.
  • Fix behavior when passing a dot-delimited attribute name to partial for a key with data_key set (:pr:2903). Thanks :user:bysiber for the PR.
  • Fix Enum field by-name lookup to only return actual members (:pr:2902). Thanks :user:bysiber for the PR.
  • marshmallow.fields.DateTime with format="timestamp_ms" properly rejects bool values (:pr:2904). Thanks :user:bysiber for the PR.
  • Fix typing of error_essages argument to marshmallow.fields.Field (:pr:1636). Thanks :user:repole for reporting and :user:dhruvildarji for the PR.

Other changes:

  • Add ipaddress.* to marshmallow.Schema.TYPE_MAPPING (:issue:1695). Thanks :user:liberforce for the suggestion and :user:dhruvildarji for the PR.

4.2.2 (2026-02-04)

Bug fixes:

  • Fix behavior of fields.Contant(None) (:issue:2868). Thanks :user:T90REAL for reporting and emmanuel-ferdman for the fix.

4.2.1 (2026-01-23)

Bug fixes:

  • Fix validation of URLs beginning with uppercare FILE (:issue:2891). Thanks :user:thanhlecongg for reporting and fixing.

4.2.0 (2026-01-04)

Other changes:

  • many argument of Nested properly overrides schema instance value (:pr:2854). Thanks :user:jafournier for the PR.

... (truncated)

Commits
  • be73797 Bump version and update changelog
  • c38b48e Add ipaddress types to Schema.TYPE_MAPPING (#2906)
  • 3bc191a Fix Field.error_messages type to allow dict and list values (#2907)
  • c530f85 Update package metadata to comply with PEP 639 (#2926)
  • 72ac4a0 Reject booleans in from_timestamp_ms, consistent with from_timestamp (#2904)
  • 024b5d0 Fix Enum field by-name lookup to only return actual members (#2902)
  • 252090c Fix nested partial to use attr_name instead of data_key for prefix (#2903)
  • 65374df Fix OneOf.options() emitting phantom entries when labels outnumber choices (#...
  • 070dde0 Fix Constant field with required=True raising ValueError (#2901)
  • fea5428 Make Number and Mapping abstract base classes (#2925)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [marshmallow](https://github.com/marshmallow-code/marshmallow) from 4.0.1 to 4.2.3.
- [Changelog](https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst)
- [Commits](marshmallow-code/marshmallow@4.0.1...4.2.3)

---
updated-dependencies:
- dependency-name: marshmallow
  dependency-version: 4.2.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Mar 26, 2026
@dependabot @github

dependabot Bot commented on behalf of github Apr 2, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #182.

@dependabot dependabot Bot closed this Apr 2, 2026
@dependabot dependabot Bot deleted the dependabot/pip/marshmallow-4.2.3 branch April 2, 2026 13:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants