Bump marshmallow from 3.26.1 to 4.0.0 in /flowmachine

[dependabot]

Bumps marshmallow from 3.26.1 to 4.0.0.

Changelog

Sourced from marshmallow's changelog.

4.0.0 (2025-04-16)

---

See :ref:upgrading_4_0 for a guide on updating your code.

Features:

• Typing: Add types to all Field <marshmallow.fields.Field> constructor kwargs (:issue:2285). Thanks :user:navignaw for the suggestion.
• DateTime <marshmallow.fields.DateTime>, Date <marshmallow.fields.Date>, Time <marshmallow.fields.Time>, TimeDelta <marshmallow.fields.TimeDelta>, and Enum <marshmallow.fields.Enum> accept their internal value types as valid input (:issue:1415). Thanks :user:bitdancer for the suggestion.
• @validates <marshmallow.validates> accepts multiple field names (:issue:1960). Backwards-incompatible: Decorated methods now receive data_key as a keyword argument. Thanks :user:dpriskorn for the suggestion and :user:dharani7998 for the PR.

Other changes:

• Typing: Field <marshmallow.fields.Field> is now a generic type with a type argument for the internal value type.

• marshmallow.fields.UUID no longer subclasses marshmallow.fields.String.

• marshmallow.Schema.load no longer silently fails to call schema validators when a generator is passed (:issue:1898). The typing of data is also updated to be more accurate. Thanks :user:ziplokk1 for reporting.

• Backwards-incompatible: Use datetime.date.fromisoformat, datetime.time.fromisoformat, and datetime.datetime.fromisoformat from the standard library to deserialize dates, times and datetimes (:pr:2078). As a consequence of this change:

  • Time with time offsets are now supported.
  • YYYY-MM-DD is now accepted as a datetime and deserialized as naive 00:00 AM.
  • from_iso_date, from_iso_time and from_iso_datetime are removed from marshmallow.utils.

• Remove isoformat, to_iso_time and to_iso_datetime from marshmallow.utils (:pr:2766).

• Remove from_rfc, and rfcformat from marshmallow.utils (:pr:2767).

• Remove is_keyed_tuple from marshmallow.utils (:pr:2768).

• Remove get_fixed_timezone from marshmallow.utils (:pr:2773).

• Backwards-incompatible: marshmallow.fields.Boolean no longer serializes non-boolean values (:pr:2725).

• Backwards-incompatible: Rename schema parameter to parent in marshmallow.fields.Field._bind_to_schema (:issue:1360).

• Backwards-incompatible: Rename pass_many parameter to pass_collection in pre/post processing methods (:issue:1369).

• Backwards-incompatible: marshmallow.fields.TimeDelta no longer truncates float values when deserializing (:pr:2654). This allows microseconds to be preserved, e.g.

.. code-block:: python

from marshmallow import fields
field = fields.TimeDelta()
Before
field.deserialize(12.9)
datetime.timedelta(seconds=12)
datetime.timedelta(seconds=12)

... (truncated)

Commits

• 84b1596 Bump version and update changelog
• a715b9e Bump sphinx-issues from 5.0.0 to 5.0.1 (#2819)
• 5c136b1 [pre-commit.ci] pre-commit autoupdate (#2817)
• df1daf0 Bump sphinxext-opengraph from 0.9.1 to 0.10.0 (#2818)
• 2fc8207 @​validates accepts multiple field names (#1965)
• b7026f3 Bump sphinx from 8.1.3 to 8.2.3
• c495e52 [pre-commit.ci] pre-commit autoupdate
• f0c6afb Add missing fields to all (#2809)
• ef06fbe [pre-commit.ci] pre-commit autoupdate (#2808)
• ffedbfe Merge branch '3.x-line' into dev
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Join our Discord community for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[cypress]

FlowAuth    Run #25123

Run Properties:   Passed #25123  •  2ae642bb90: Bump marshmallow from 3.26.1 to 4.0.0 in /flowmachine

Project	FlowAuth
Branch Review	dependabot-pip-flowmachine-marshmallow-4.0.0
Run status	Passed #25123
Run duration	00m 43s
Commit	2ae642bb90: Bump marshmallow from 3.26.1 to 4.0.0 in /flowmachine
Committer	dependabot[bot]
View all properties for this run ↗︎

---

Test results
Failures	0
Flaky	0
Pending	0
Skipped	0
Passing	4
View all changes introduced in this branch ↗︎

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Superseded by #7121.