pyupio
Safety check and marshmallow 4.0 > post_dump() got an unexpected keyword argument
Checklist
- [x] I agree to the terms within the Safety Code of Conduct.
Safety version
3.2.14
Python version
3.12.10
Operating System
macOS 15.4.1
Describe the problem you'd like to have solved
Run safety check on a package with marshmallow 4.0 installed will result in an exception. You can find an example here.
Running the command in debug mode gives the following shorten result:
2025-05-07 18:15:53,148 safety.safety => Announcements fetched
2025-05-07 18:15:53,149 safety.cli => Safety is going to render the vulnerabilities report using screen output
2025-05-07 18:15:53,157 safety.cli => Unexpected Exception happened: post_dump() got an unexpected keyword argument 'pass_many'
Traceback (most recent call last):
File "/Users/marcel/Documents/GitHub/Audible/.venv/lib/python3.12/site-packages/safety/cli.py", line 398, in check
output_report = SafetyFormatter(output, **kwargs).render_vulnerabilities(announcements, vulns, remediations,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/marcel/Documents/GitHub/Audible/.venv/lib/python3.12/site-packages/safety/formatter.py", line 83, in __init__
from safety.formatters.json import JsonReport
File "/Users/marcel/Documents/GitHub/Audible/.venv/lib/python3.12/site-packages/safety/formatters/json.py", line 7, in <module>
from safety.formatters.schemas import VulnerabilitySchemaV05
File "/Users/marcel/Documents/GitHub/Audible/.venv/lib/python3.12/site-packages/safety/formatters/schemas/__init__.py", line 1, in <module>
from safety.formatters.schemas.zero_five import VulnerabilitySchemaV05
File "/Users/marcel/Documents/GitHub/Audible/.venv/lib/python3.12/site-packages/safety/formatters/schemas/zero_five.py", line 42, in <module>
class VulnerabilitySchemaV05(Schema):
File "/Users/marcel/Documents/GitHub/Audible/.venv/lib/python3.12/site-packages/safety/formatters/schemas/zero_five.py", line 67, in VulnerabilitySchemaV05
@post_dump(pass_many=True)
^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: post_dump() got an unexpected keyword argument 'pass_many'
Unhandled exception happened: post_dump() got an unexpected keyword argument 'pass_many'
2025-05-07 18:15:53,159 safety.auth.cli_utils => Closing requests session.
The changelog of marshmallow 4.0 says Backwards-incompatible: Rename pass_many parameter to pass_collection in pre/post processing methods. I fixed this for me by rewrite the decorator above to @post_dump(pass_collection=True).
Describe the ideal solution
Set the upper bound to marshmallow <4.0.
Alternatives and current workarounds
The changelog of marshmallow 4.0 says Backwards-incompatible: Rename pass_many parameter to pass_collection in pre/post processing methods. I fixed this myself by rewrite the decorator for the method VulnerabilitySchemaV05.wrap_with_envelope to @post_dump(pass_collection=True).
Additional context
No response
What I Did
See above
Hi @mkb79, thank you for opening this issue!
We appreciate your effort in reporting this. Our team will review it and get back to you soon. If you have any additional details or updates, feel free to add them to this issue.
Note: If this is a serious security issue that could impact the security of Safety CLI users, please email [email protected] immediately.
Thank you for contributing to Safety CLI!
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This fix was added as stable on Safety CLI 3.4.0.
https://github.com/pyupio/safety/blob/main/CHANGELOG.md#340b8-2025-04-22
I'll be closing this issue now, but please feel free to reopen it if the problem persists after upgrading.
