Marshmallow Version Requirement

[jrast]

The marshmallow verison is currently fixed to 2.13.1 which makes it hard if someone (like me) wants to integrate flask-rest-jsonapi into a existing application which uses another verion of marshmallow.

marshmallow_jsonapi requires 'marshmallow>=2.3.0'. does flask-rest-jsonapi depend on any specific features of marshmallow which where introduced after version 2.3.0? Basically between 2.3.0 and 2.13.1, no backward incompatible changes should have been made.

I sugest to change the requirement to marshmallow>=2.3.0 and maybe make it more future proof with marshmallow>=2.3.0, <3 because version 3 of marhsmallow might introduce breaking changes.

[mhbkb]

+1 I am facing the same issue as @jrast is having.

[gdgupta11]

Yeah, I am stuck with this dependency issue.

To make matters worse, something else in resolves marshmallow to 2.13.4. Now the requirements become conflicting: Flask-REST-JSONAPI wants marshmallow 2.13.1 and the package version installed is 2.13.4 because something else resolved to that version.

[pchachoo]

Just hit the same issue with marshmallow dependency being pinned - Datetime validation fails for ISO formats in my schema, but this is something fixed in Marshmallow v2.13.5

I would prefer to not reinvent the wheel on bug fixes marshmallow pushes out, so if version can be unpinned here, it would be a great help 👍

[Korijn]

@akira-dev Is there any specific reason for this version pin?

[akira-dev]

no just to secure updates. I recently updated the version of marshmallow for security issues so the current version is now 2.18.0

[kumy]

BTW, why not use https://pyup.io/ to catch/monitor dependencies upgrades?