Bump marshmallow from 3.26.1 to 4.1.0 in /flowmachine

[dependabot]

Bumps marshmallow from 3.26.1 to 4.1.0.

Changelog

Sourced from marshmallow's changelog.

4.1.0 (2025-11-01) ++++++++++++++++++

Other changes:

• Add __len__ implementation to missing so that it can be used with validate.Length <marshmallow.validate.Length> (:pr:2861). Thanks :user:agentgodzilla for the PR.
• Drop support for Python 3.9 (:pr:2363).
• Test against Python 3.14.

4.0.1 (2025-08-28) ++++++++++++++++++

Bug fixes:

• Fix wildcard import of from marshmallow import * (:pr:2823). Thanks :user:Florian-Laport for the PR.

4.0.0 (2025-04-16)

---

See :ref:upgrading_4_0 for a guide on updating your code.

Features:

• Typing: Add types to all Field <marshmallow.fields.Field> constructor kwargs (:issue:2285). Thanks :user:navignaw for the suggestion.
• DateTime <marshmallow.fields.DateTime>, Date <marshmallow.fields.Date>, Time <marshmallow.fields.Time>, TimeDelta <marshmallow.fields.TimeDelta>, and Enum <marshmallow.fields.Enum> accept their internal value types as valid input (:issue:1415). Thanks :user:bitdancer for the suggestion.
• @validates <marshmallow.validates> accepts multiple field names (:issue:1960). Backwards-incompatible: Decorated methods now receive data_key as a keyword argument. Thanks :user:dpriskorn for the suggestion and :user:dharani7998 for the PR.

Other changes:

• Typing: Field <marshmallow.fields.Field> is now a generic type with a type argument for the internal value type.
• marshmallow.fields.UUID no longer subclasses marshmallow.fields.String.
• marshmallow.Schema.load no longer silently fails to call schema validators when a generator is passed (:issue:1898). The typing of data is also updated to be more accurate. Thanks :user:ziplokk1 for reporting.
• Backwards-incompatible: Use datetime.date.fromisoformat, datetime.time.fromisoformat, and datetime.datetime.fromisoformat from the standard library to deserialize dates, times and datetimes (:pr:2078). As a consequence of this change:
  • Time with time offsets are now supported.
  • YYYY-MM-DD is now accepted as a datetime and deserialized as naive 00:00 AM.
  • from_iso_date, from_iso_time and from_iso_datetime are removed from marshmallow.utils.

... (truncated)

Commits

• 441213d Bump version and update changelog
• 2b84b56 (fix) missing constant with len validation (#2861)
• fc87262 Test against Python 3.14 (#2864)
• 2a5e2e1 Update CHANGELOG
• d861be7 Merge pull request #2863 from marshmallow-code/drop_python_39
• 22288b6 Fix ruff issues
• 1d8fd27 Drop Python 3.9
• 966caf9 [pre-commit.ci] pre-commit autoupdate
• feb2244 Merge pull request #2857 from marshmallow-code/disable_RUF043
• 23ee363 Disable RUF043 in tests: allow metacharacters in match patterns
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cypress]

FlowAuth    Run #25563

Run Properties:   Passed #25563  •  c0b0f3539a: Bump marshmallow from 3.26.1 to 4.1.0 in /flowmachine

Project	FlowAuth
Branch Review	dependabot-pip-flowmachine-marshmallow-4.1.0
Run status	Passed #25563
Run duration	00m 43s
Commit	c0b0f3539a: Bump marshmallow from 3.26.1 to 4.1.0 in /flowmachine
Committer	dependabot[bot]
View all properties for this run ↗︎

---

Test results
Failures	0
Flaky	0
Pending	0
Skipped	0
Passing	4
View all changes introduced in this branch ↗︎

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 78.26%. Comparing base (bcae641) to head (a0b0ac1).

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #7173   +/-   ##
=======================================
  Coverage   78.26%   78.26%           
=======================================
  Files          66       66           
  Lines        3170     3170           
  Branches      134      134           
=======================================
  Hits         2481     2481           
  Misses        667      667           
  Partials       22       22           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.