Safety check and marshmallow 4.0 > post_dump() got an unexpected keyword argument

[mkb79]

Checklist

• I agree to the terms within the Safety Code of Conduct.

Safety version

3.2.14

Python version

3.12.10

Operating System

macOS 15.4.1

Describe the problem you'd like to have solved

Run safety check on a package with marshmallow 4.0 installed will result in an exception. You can find an example here.

Running the command in debug mode gives the following shorten result:

2025-05-07 18:15:53,148 safety.safety => Announcements fetched
2025-05-07 18:15:53,149 safety.cli => Safety is going to render the vulnerabilities report using screen output
2025-05-07 18:15:53,157 safety.cli => Unexpected Exception happened: post_dump() got an unexpected keyword argument 'pass_many'
Traceback (most recent call last):
  File "/Users/marcel/Documents/GitHub/Audible/.venv/lib/python3.12/site-packages/safety/cli.py", line 398, in check
    output_report = SafetyFormatter(output, **kwargs).render_vulnerabilities(announcements, vulns, remediations,
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/marcel/Documents/GitHub/Audible/.venv/lib/python3.12/site-packages/safety/formatter.py", line 83, in __init__
    from safety.formatters.json import JsonReport
  File "/Users/marcel/Documents/GitHub/Audible/.venv/lib/python3.12/site-packages/safety/formatters/json.py", line 7, in <module>
    from safety.formatters.schemas import VulnerabilitySchemaV05
  File "/Users/marcel/Documents/GitHub/Audible/.venv/lib/python3.12/site-packages/safety/formatters/schemas/__init__.py", line 1, in <module>
    from safety.formatters.schemas.zero_five import VulnerabilitySchemaV05
  File "/Users/marcel/Documents/GitHub/Audible/.venv/lib/python3.12/site-packages/safety/formatters/schemas/zero_five.py", line 42, in <module>
    class VulnerabilitySchemaV05(Schema):
  File "/Users/marcel/Documents/GitHub/Audible/.venv/lib/python3.12/site-packages/safety/formatters/schemas/zero_five.py", line 67, in VulnerabilitySchemaV05
    @post_dump(pass_many=True)
     ^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: post_dump() got an unexpected keyword argument 'pass_many'
Unhandled exception happened: post_dump() got an unexpected keyword argument 'pass_many'
2025-05-07 18:15:53,159 safety.auth.cli_utils => Closing requests session.

The changelog of marshmallow 4.0 says Backwards-incompatible: Rename pass_many parameter to pass_collection in pre/post processing methods. I fixed this for me by rewrite the decorator above to @post_dump(pass_collection=True).

Describe the ideal solution

Set the upper bound to marshmallow <4.0.

Alternatives and current workarounds

The changelog of marshmallow 4.0 says Backwards-incompatible: Rename pass_many parameter to pass_collection in pre/post processing methods. I fixed this myself by rewrite the decorator for the method VulnerabilitySchemaV05.wrap_with_envelope to @post_dump(pass_collection=True).

Additional context

No response

What I Did

See above

[github-actions]

Hi @mkb79, thank you for opening this issue!

We appreciate your effort in reporting this. Our team will review it and get back to you soon.
If you have any additional details or updates, feel free to add them to this issue.

Note: If this is a serious security issue that could impact the security of Safety CLI users, please email security@safetycli.com immediately.

Thank you for contributing to Safety CLI!

[sr-verde]

Any updates here?

[yeisonvargasf]

This fix was added as stable on Safety CLI 3.4.0.

https://github.com/pyupio/safety/blob/main/CHANGELOG.md#340b8-2025-04-22

I'll be closing this issue now, but please feel free to reopen it if the problem persists after upgrading.