Update marshmallow requirement from <5.0,>=3.23 to >=4.3.0,<5.0

[dependabot]

Updates the requirements on marshmallow to permit the latest version.

Changelog

Sourced from marshmallow's changelog.

4.3.0 (2026-04-03)

Features:

• Add pre_load and post_load parameters to marshmallow.fields.Field for field-level pre- and post-processing (:issue:2787).
• Typing: improvements to marshmallow.validate (:pr:2940).

4.2.4 (2026-04-02)

Bug fixes:

• marshmallow.validate.URL and marshmallow.validate.Email accept Internationalized Domain Names (IDNs) (:issue:2821, :issue:2936). marshmallow.validate.Email also correctly rejects IDN domains with leading/trailing hyphens. Thanks :user:touhidurrr for the report.
• Typing: Fix typing of nested in marshmallow.fields.Nested (:pr:2935).

4.2.3 (2026-03-25)

Bug fixes:

• Make marshmallow.fields.Number and marshmallow.fields.Mapping abstract base classes to prevent using them within Schemas (:issue:2924). Thanks :user:MartingaleCoda for reporting.
• Allow required to be set on marshmallow.fields.Contant (:issue:2900). Thanks :user:nosnickid for the report and :user:worksbyfriday for the PR.
• Fix marshmallow.validate.OneOf emitting extra pairs when labels outnumber choices (:issue:2869). Thanks: user:T90REAL for the report and :user:rstar327 for the PR.
• Fix behavior when passing a dot-delimited attribute name to partial for a key with data_key set (:pr:2903). Thanks :user:bysiber for the PR.
• Fix Enum field by-name lookup to only return actual members (:pr:2902). Thanks :user:bysiber for the PR.
• marshmallow.fields.DateTime with format="timestamp_ms" properly rejects bool values (:pr:2904). Thanks :user:bysiber for the PR.
• Fix typing of error_messages argument to marshmallow.fields.Field (:pr:1636). Thanks :user:repole for reporting and :user:dhruvildarji for the PR.

Other changes:

• Add ipaddress.* to marshmallow.Schema.TYPE_MAPPING (:issue:1695). Thanks :user:liberforce for the suggestion and :user:dhruvildarji for the PR.

4.2.2 (2026-02-04)

Bug fixes:

• Fix behavior of fields.Contant(None) (:issue:2868).

... (truncated)

Commits

• b596fdb Bump version and update changelog
• 256f0aa Add pre/post_load parameters to Field (#2799)
• c847ad4 Typing improvements to marshmallow.validate (#2940)
• eb86322 Remove redundant docs job (#2939)
• a44ad62 Avoid infinite recursion in nesting docs (#2938)
• 3360e34 Bump version and update changelog
• 7b9ce45 Fix changelog typos and update releasing docs
• f07eadc Fix validate.Email to accept IDNs (#2937)
• 4acb783 Fix Unreachable Warning (#2935)
• 3492fae Remove redundant python-version (#2932)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)