Marshmallow

Latest version: v3.26.1

Safety actively analyzes 723177 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 27 of 32

2.0.0rc1

Not secure
*********************

Features:

- *Backwards-incompatible*: ``fields.Field._deserialize`` now takes ``attr`` and ``data`` as arguments (:issue:`172`). Thanks :user:`alexmic` and :user:`kevinastone` for the suggestion.
- Allow a ``Field's`` ``attribute`` to be modified during deserialization (:issue:`266`). Thanks :user:`floqqi`.
- Allow partially-valid data to be returned for ``Nested`` fields (:issue:`269`). Thanks :user:`jomag` for the suggestion.
- Add ``Schema.on_bind_field`` hook which allows a ``Schema`` to modify its fields when they are bound.
- Stricter validation of string, boolean, and number fields (:issue:`231`). Thanks :user:`touilleMan` for the suggestion.
- Improve consistency of error messages.

Deprecation/Removals:

- ``Schema.validator``, ``Schema.preprocessor``, and ``Schema.data_handler`` are removed. Use ``validates_schema``, ``pre_load``, and ``post_dump`` instead.
- ``QuerySelect`` and ``QuerySelectList`` are deprecated (:issue:`227`). **These fields will be removed in version 2.1.**
- ``utils.get_callable_name`` is removed.

Bug fixes:

- If a date format string is passed to a ``DateTime`` field, it is always used for deserialization (:issue:`248`). Thanks :user:`bartaelterman` and :user:`praveen-p`.

Support:

- Documentation: Add "Using Context" section to "Extending Schemas" page (:issue:`224`).
- Include tests and docs in release tarballs (:issue:`201`).
- Test against Python 3.5.

2.0.0b5

Not secure
********************

Features:

- If a field corresponds to a callable attribute, it will be called upon serialization. Thanks :user:`alexmorken`.
- Add ``load_only`` and ``dump_only`` ``class Meta`` options. Thanks :user:`kelvinhammond`.
- If a ``Nested`` field is required, recursively validate any required fields in the nested schema (:issue:`235`). Thanks :user:`max-orhai`.
- Improve error message if a list of dicts is not passed to a ``Nested`` field for which ``many=True``. Thanks again :user:`max-orhai`.

Bug fixes:

- ``make_object`` is only called after all validators and postprocessors have finished (:issue:`253`). Thanks :user:`sunsongxp` for reporting.
- If an invalid type is passed to ``Schema`` and ``strict=False``, store a ``_schema`` error in the errors dict rather than raise an exception (:issue:`261`). Thanks :user:`density` for reporting.

Other changes:

- ``make_object`` is only called when input data are completely valid (:issue:`243`). Thanks :user:`kissgyorgy` for reporting.
- Change default error messages for ``URL`` and ``Email`` validators so that they don't include user input (:issue:`255`).
- ``Email`` validator permits email addresses with non-ASCII characters, as per RFC 6530 (:issue:`221`). Thanks :user:`lextoumbourou` for reporting and :user:`mwstobo` for sending the patch.

2.0.0b4

Not secure
********************

Features:

- ``List`` field respects the ``attribute`` argument of the inner field. Thanks :user:`jmcarp`.
- The ``container`` field ``List`` field has access to its parent ``Schema`` via its ``parent`` attribute. Thanks again :user:`jmcarp`.

Deprecation/Removals:

- Legacy validator functions have been removed (:issue:`73`). Use the class-based validators in ``marshmallow.validate`` instead.

Bug fixes:

- ``fields.Nested`` correctly serializes nested ``sets`` (:issue:`233`). Thanks :user:`traut`.

2.0.0b3

Not secure
*********************

Features:

- Add ``marshmallow.validates_schema`` decorator for defining schema-level validators (:issue:`116`).
- Add ``marshmallow.validates`` decorator for defining field validators as Schema methods (:issue:`116`). Thanks :user:`philtay`.
- Performance improvements.
- Defining ``__marshallable__`` on complex objects is no longer necessary.
- Add ``fields.Constant``. Thanks :user:`kevinastone`.

Deprecation/Removals:

- Remove ``skip_missing`` class Meta option. By default, missing inputs are excluded from serialized output (:issue:`211`).
- Remove optional ``context`` parameter that gets passed to methods for ``Method`` fields.
- ``Schema.validator`` is deprecated. Use ``marshmallow.validates_schema`` instead.
- ``utils.get_func_name`` is removed. Use ``utils.get_callable_name`` instead.

Bug fixes:

- Fix serializing values from keyed tuple types (regression of :issue:`28`). Thanks :user:`makmanalp` for reporting.

Other changes:

- Remove unnecessary call to ``utils.get_value`` for ``Function`` and ``Method`` fields (:issue:`208`). Thanks :user:`jmcarp`.
- Serializing a collection without passing ``many=True`` will not result in an error. Be very careful to pass the ``many`` argument when necessary.

Support:

- Documentation: Update Flask and Peewee examples. Update Quickstart.

2.0.0b2

Not secure
********************

Features:

- Add useful ``__repr__`` methods to validators (:issue:`204`). Thanks :user:`philtay`.
- *Backwards-incompatible*: By default, ``NaN``, ``Infinity``, and ``-Infinity`` are invalid values for ``fields.Decimal``. Pass ``allow_nan=True`` to allow these values. Thanks :user:`philtay`.

2.0.0b1

Not secure
********************

Features:

- Errored fields will not appear in (de)serialized output dictionaries (:issue:`153`, :issue:`202`).
- Instantiate ``OPTIONS_CLASS`` in ``SchemaMeta``. This makes ``Schema.opts`` available in metaclass methods. It also causes validation to occur earlier (upon ``Schema`` class declaration rather than instantiation).
- Add ``SchemaMeta.get_declared_fields`` class method to support adding additional declared fields.

Deprecation/Removals:

- Remove ``allow_null`` parameter of ``fields.Nested`` (:issue:`203`).

Page 27 of 32

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.