Python Bytes: #430 Or you go to jail
<strong>Topics covered in this episode:</strong><br> <ul> <li><strong><a href="https://ichard26.github.io/blog/2025/04/whats-new-in-pip-25.1/?featured_on=pythonbytes">pip 25.1 has dependency groups, pylock.toml, plus more</a></strong></li> <li><strong><a href="https://bsky.app/profile/aiohttp.org/post/3lmyhz6uhks2u?featured_on=pythonbytes">aiohttp goes free threaded</a></strong></li> <li><strong><a href="https://github.com/astral-sh/uv/releases/tag/0.6.15?featured_on=pythonbytes">uv 0.6.15 supports pylock.toml</a></strong></li> <li><a href="https://github.com/ariebovenberg/whenever?featured_on=pythonbytes"><strong>Whenever</strong></a></li> <li><strong>Extras</strong></li> <li><strong>Joke</strong></li> </ul><a href='https://www.youtube.com/watch?v=BGhDge-iUTw' style='font-weight: bold;'data-umami-event="Livestream-Past" data-umami-event-episode="430">Watch on YouTube</a><br> <p><strong>About the show</strong></p> <p>Sponsored by <a href="https://pythonbytes.fm/porkbun"><strong>Porkbun</strong></a>! Use our link <a href="https://pythonbytes.fm/porkbun"><strong>pythonbytes.fm/porkbun</strong></a> and get a .app or .dev domain for $5.99 at Porkbun.</p> <p><strong>Connect with the hosts</strong></p> <ul> <li>Michael: <a href="https://fosstodon.org/@mkennedy"><strong>@mkennedy@fosstodon.org</strong></a> <strong>/</strong> <a href="https://bsky.app/profile/mkennedy.codes?featured_on=pythonbytes"><strong>@mkennedy.codes</strong></a> <strong>(bsky)</strong></li> <li>Brian: <a href="https://fosstodon.org/@brianokken"><strong>@brianokken@fosstodon.org</strong></a> <strong>/</strong> <a href="https://bsky.app/profile/brianokken.bsky.social?featured_on=pythonbytes"><strong>@brianokken.bsky.social</strong></a></li> <li>Show: <a href="https://fosstodon.org/@pythonbytes"><strong>@pythonbytes@fosstodon.org</strong></a> <strong>/</strong> <a href="https://bsky.app/profile/pythonbytes.fm"><strong>@pythonbytes.fm</strong></a> <strong>(bsky)</strong></li> </ul> <p>Join us on YouTube at <a href="https://pythonbytes.fm/stream/live"><strong>pythonbytes.fm/live</strong></a> to be part of the audience. Usually <strong>Monday</strong> at 10am PT. Older video versions available there too.</p> <p>Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to <a href="https://pythonbytes.fm/friends-of-the-show">our friends of the show list</a>, we'll never share it. </p> <p><strong>Brian #1:</strong> <a href="https://ichard26.github.io/blog/2025/04/whats-new-in-pip-25.1/?featured_on=pythonbytes">pip 25.1 has dependency groups, pylock.toml, plus more</a></p> <ul> <li>post <a href="https://ichard26.github.io/blog/2025/04/whats-new-in-pip-25.1/?utm_source=pocket_shared&featured_on=pythonbytes">What's new in pip 25.1 - Dependency groups!</a></li> <li>Richard Si</li> <li>Discovered this through <a href="https://bsky.app/profile/hugovk.dev/post/3lnqd2fosq224?featured_on=pythonbytes">Hugo van Kemenade</a></li> <li><p>Dependency groups, PEP 735, supported</p> <pre><code># pyproject.toml [dependency-groups] test = ["pytest", "pytest-xdist"] lint = ["mypy", "isort"] # Dependency Groups can include other groups! ✨ dev = [ {include-group = "test"}, {include-group = "lint"} ] </code></pre></li> <li><p>Package installation progress bar</p></li> <li>Resumable downloads</li> <li>Experimental lockfile generation, PEP 751, with pip lock <ul> <li>so cool</li> </ul></li> <li>pip index versions is stable, no longer experimental <ul> <li>use this to get a list of available versions</li> <li>ex: python3 -m pip index versions pytest-check</li> <li>combine with --json to get a nice script readable output</li> </ul></li> </ul> <p><strong>Michael #2:</strong> <a href="https://bsky.app/profile/aiohttp.org/post/3lmyhz6uhks2u?featured_on=pythonbytes">aiohttp goes free threaded</a></p> <ul> <li>Thanks to months of consistent contributions by Lysandros Nikolaou, all of the mandatory dependencies of <a href="https://www.dropbox.com/?q=%23aiohttp&featured_on=pythonbytes">#aiohttp</a> now ship free-threaded variants of <a href="https://www.dropbox.com/?q=%23wheels&featured_on=pythonbytes">#wheels</a>!</li> <li>This unlocks the same in <a href="https://github.com/aio-libs/aiohttp?featured_on=pythonbytes">aiohttp</a>!</li> </ul> <p><strong>Brian #3:</strong> <a href="https://github.com/astral-sh/uv/releases/tag/0.6.15?featured_on=pythonbytes">uv 0.6.15 supports pylock.toml</a></p> <ul> <li>Discovered through <a href="https://bsky.app/profile/snarky.ca/post/3lngwrbkbm22g?featured_on=pythonbytes">Brett Cannon</a></li> <li>So far, these projects support pylock.toml <ul> <li>pip</li> <li>pip-audit</li> <li>pdm</li> <li>uv</li> </ul></li> <li>With uv <ul> <li>To export a uv.lock to the pylock.toml format, <ul> <li>run: uv export -o pylock.toml</li> </ul></li> <li>To generate a pylock.toml file from a set of requirements, <ul> <li>run: uv pip compile -o pylock.toml -r requirements.in</li> </ul></li> <li>To install from a pylock.toml file, <ul> <li>run: uv pip sync pylock.toml or uv pip install -r pylock.toml</li> </ul></li> </ul></li> </ul> <p><strong>Michael #4:</strong> <a href="https://github.com/ariebovenberg/whenever?featured_on=pythonbytes"><strong>Whenever</strong></a></p> <ul> <li>via Pat Decker</li> <li>Typed and DST-safe datetimes for Python, available in Rust or pure Python.</li> <li><em>Whenever</em> helps you write <strong>correct</strong> and <strong>type checked</strong> datetime code.</li> <li>It's also <strong>way faster</strong> than other third-party libraries—and usually the standard library as well.</li> </ul> <p><strong>Extras</strong> </p> <p>Brian:</p> <ul> <li><a href="https://everyuuid.com?featured_on=pythonbytes">Every UUID</a> </li> </ul> <p>Michael:</p> <ul> <li><a href="https://www.pillar.security/blog/new-vulnerability-in-github-copilot-and-cursor-how-hackers-can-weaponize-code-agents?featured_on=pythonbytes">New Vulnerability in GitHub Copilot and Cursor: How Hackers Can Weaponize Code Agents</a> via Brian Skinn</li> <li>And <a href="https://www.darkreading.com/application-security/ai-code-tools-widely-hallucinate-packages?featured_on=pythonbytes">typosquatting in the AI age</a></li> <li>Firefox Send alternatives <ul> <li><a href="https://github.com/kern/filepizza?featured_on=pythonbytes">file.pizza</a> via <a href="https://social.tchncs.de/@rafaelwo/114393487740735715?featured_on=pythonbytes">@rafaelwo</a> </li> <li><a href="https://bitwarden.com/products/send/?featured_on=pythonbytes">bitwarden send</a></li> </ul></li> </ul> <p><strong>Joke:</strong> <strong>Can you Vibe?</strong></p> <ul> <li><a href="https://www.youtube.com/watch?v=JeNS1ZNHQs8"><strong>Interview with Vibe Coder in 2025</strong></a></li> <li><a href="https://www.youtube.com/watch?v=_2C2CNmK7dQ"><strong>Senior Engineer tries Vibe Coding</strong></a></li> </ul>
