November brought exciting news to the Python community, from PyPI’s first security audit to a new version of PyScript! The month also gave Python developers like you ample opportunities to get involved in the ecosystem through the annual Python Developers Survey and the PyCon US call for proposals. Development has also continued on Python 3.13 and Pydantic.
Get ready to explore the recent highlights!
Join Now: Click here to join the Real Python Newsletter and you'll never miss another Python tutorial, course update, or post.
PyPI Completes First Security Audit
With the support of the Open Technology Fund (OTF), the Python Package Index (PyPI) completed its first external security audit in November. Because PyPI is the official index and repository for the Python ecosystem, maintaining its security is of vital importance for the community at large.
Note: PyPI has been doing a lot to boost security recently, including hiring a safety and security engineer. You can hear from him on The Real Python Podcast Episode 177: Welcoming PyPI’s Safety & Security Engineer Mike Fiedler.
The audit began in late summer 2023 and involved searching for security vulnerabilities in Warehouse and cabotage, the codebases that power and deploy PyPI. Trail of Bits, a security firm with significant open-source and Python experience, performed the audit.
Overall, the auditors didn’t identify any high-severity issues in either of the codebases, which is great news. The audit did flag some issues, like weak signature verification, unintentional information leaks, and weak cryptographic hashes, but but ultimately noted that the codebases demonstrated best practices in the industry. The PyPI team has already made the repository safer by working to remediate the risks that came up in the audit.
If you’d like to learn more about how Trail of Bits conducted the audit and what the team found, then check out the blog post on the audit. You can also read the full report.
Python 3.13.0a2 Released
Just over a month ago, Python 3.12 introduced a ton of cool new features. But work never stops, and now the second alpha version of Python 3.13 is available.
Note: This is an alpha release, which isn’t intended for production environments. Instead, alpha versions are useful for testing features and fixing bugs.
The most notable change for this release, compared to 3.12, is the elimination of many modules. Python 3.13 closes out a deprecation schedule that began in Python 3.11 with PEP 594. If you’ve been using these deprecated modules on newer Python versions, then you’ve likely run into a DeprecationWarning
. Some of the modules eliminated are aifc
, audioop
, cgi
, cgitb
, crypt
, pipes
, telnetlib
, and lib2to3
.
But Python 3.13 isn’t just about deprecation. It also adds improvements to some modules. Here are a few examples:
- In
asyncio
, theasyncio.loop.create_unix_server()
method will now automatically remove the Unix socket when the connection to the server is closed, which means you won’t have an unnecessary socket file hanging around on disk. - In the
copy
module,copy.replace()
makes working with immutable objects more convenient by allowing you to create a modified copy. - In the
ipaddress
module, the newipaddress.IPV4Address.ipv6_mapped
property lets you represent an IPv4 address as an IPv6 address.
This is just a small sampling of the new functionality added to this version. To see the full list of removals, deprecations, additions, and improvements in 3.13.0a2, check out What’s New In Python 3.13.
If you want to know how to install a pre-release version of Python in your system without affecting your current configuration, then give How Can You Install a Pre-Release Version of Python? a read. Then, you can start playing with these new features by downloading Python 3.13.0a2.
The final release of Python 3.13.0 is scheduled for October 2024. If you want to see the full schedule for future Python 3.13 preview releases, head over to PEP 719.
Python Developers Survey Open for Responses
In an effort to understand the current state of Python development, the Python Software Foundation (PSF), in collaboration with JetBrains, runs The Python Developers Survey every year.
The 2023 version is the seventh iteration of this survey, and as of November 8, it’s open for you to share your insights about how, where, and when you use Python. You can fill it out here. It should take you no more than fifteen minutes.
Why’s it important to participate? Regardless of your current level of knowledge or involvement in the Python community, participating in this survey is essential for the growth of Python as a language, and it also helps the PSF support the big community behind Python.
Also, no less important, twenty lucky winners are randomly selected from those who complete the survey. Each one receives a $100 Amazon Gift card or local equivalent.
Once the survey is completed, you’ll be able to read the aggregated results. Here are the results for 2022 and 2021.
PyCon US Still Seeking Proposals
In October 2023, PyCon US opened the call for proposals for those who’d like to be part of next year’s lineup of speakers. Being part of the largest annual gathering for Python developers is a great opportunity. The conference will take place in Pittsburgh from May 15 to 23.
You can submit a proposal for a talk, tutorial, charla, or poster. No matter how you decide to share your experience and expertise, you have until December 18, when the call for proposals closes.
Pydantic Version 2.5 Released
Pydantic is the most widely used data validation library for Python, and this month it received a major upgrade in the form of Pydantic 2.5. This version is full of new features and bug fixes, so you should definitely check it out.
One of the most significant changes is the addition of a new JsonValue
type. You can use this type to represent a value that can be serialized to JSON. Specifically, you can use the following values:
List['JsonValue']
Dict[string, 'JsonValue']
str
int
bool
float
None
In the example below, you use JsonValue
to validate JSON data:
>>> import json
>>> from pydantic import BaseModel, JsonValue
>>> class Model(BaseModel):
... rp: JsonValue
...
>>> data = {"rp": {"podcast": {
... "episode": 183, "guests": ["Brendan Maginnis", "Nick Thapen"]
... }}}
>>> Model.model_validate(data)
Model(rp={'podcast': {'episode': 183, 'guests': ['Brendan Maginnis', 'Nick Thapen']}})
Here, you’ve declared rp
as JsonValue
, and you’re using it to validate if the input dictionary is a valid JSON object. In this case, it is.
Note: When you use JsonValue
with a dictionary, it’ll take the name specified for the field as the key, so they must match.
If you instead pass invalid JSON data into the .model_validate()
method, then Python will raise a ValidationError
. Here you specify the guests in a set which is not valid JSON:
>>> data = {"rp": {"podcast": {
... "episode": 183, "guests": {"Brendan Maginnis", "Nick Thapen"}
... }}}
>>> Model.model_validate(data)
Traceback (most recent call last):
...
pydantic_core._pydantic_core.ValidationError: 1 validation error for Model
rp.dict.podcast.dict.guests
input was not a valid JSON value [type=invalid-json-value,
input_value={'Nick Thapen', 'Brendan Maginnis'}, input_type=set]
But what if you’re working with Enum
types? Then you’re in luck! This version of Pydantic adds support for JSON schema generation for empty Enum
types without any member constants. Here’s how that works:
>>> from enum import Enum
>>> from pydantic import BaseModel
>>> class Transmission(Enum):
... pass
...
>>> class CarModel(BaseModel):
... brand: str
... model: str
... year: int
... shift: Transmission
...
>>> CarModel.model_json_schema()
{'properties': {'brand': {'title': 'Brand', 'type': 'string'}, ...}
In the example above, you’ve defined an empty Enum
class called Transmission
. This is an empty Enum
because you’ve used the pass
statement to sidestep defining members. In previous versions of Pydantic, attempting to build a JSON schema from this empty Enum
would’ve failed with an error.
However, this new version of Pydantic allows the operation above. If you dump the model schema to a JSON-file, it’ll look as follows:
{
"properties": {
"brand": {
"title": "Brand",
"type": "string"
},
"model": {
"title": "Model",
"type": "string"
},
"year": {
"title": "Year",
"type": "integer"
},
"shift": {
"enum": [],
"title": "Transmission"
}
},
"required": [
"brand",
"model",
"year",
"shift"
],
"title": "CarModel",
"type": "object"
}
That’s great! Now you have a JSON schema, and you haven’t run into any errors. This gives you greater flexibility in the types of data you can work with.
Of course, this update brings several more features to the table. For a full list of features and fixes, visit the release notes. Which new capabilities are you most excited to use?
PyScript Version 2023.11.1 Comes Out
2023.11.1 is a major release for PyScript that adds a lot of new functionality to the framework, like smaller file sizes, faster loading, and more.
PyScript is a relatively recent addition to the Python ecosystem. Peter Wang first announced it during a keynote at PyCon US 2022. Here’s what it does:
PyScript is a framework that allows users to create rich Python applications in the browser using HTML’s interface and the power of Pyodide, WASM, and modern web technologies. The PyScript framework provides users at every experience level with access to an expressive, easy-to-learn programming language with countless applications. (Source)
One of the most important additions in this release is that PyScript now allows you to pick from two Python runtimes to execute your code:
- CPython through Pyodide
- MicroPython
MicroPython is a very lean and efficient implementation of the Python interpreter, originally written and optimized for microcontrollers. MicroPython, since its birth, has been used on many projects, including a spacecraft.
To differentiate between this new version and older versions, the PyScript team has named them PyScript Next and PyScript Classic, respectively.
This new version is a full rewrite of PyScript, and even though some of the PyScript Classic features are still available, there are many changes. Notably, the way that you include PyScript in a page has changed. You used to import "pyscript.js"
. Now you import "core.js"
, and you need to specify type="module"
to avoid an error.
There’s also a new optimization that prevents bootstrapping the runtime until the first <script type="py">
or <py-script>
tag on the page. This helps your program run faster.
Note: These two tags run Python scripts in the browser using the Pyodide runtime, and from PyScript’s point of view, they’re basically equivalent.
In addition to these classic tags, the addition of MicroPython as a second runtime means that PyScript has added two new tags that allow you to run Python scripts using MicroPython. These are <script type="mpy">
and <mpy-script>
, and again, they’re basically interchangeable. Here’s an example of <script type="mpy">
in use:
<script type="mpy">
from pyscript import display
display("Happy Pythoning!")
<script>
This new version of PyScript also adds support for parallel execution using web workers.
Note: For a discussion of an earlier version of PyScript, check out The Real Python Podcast Episode 115: Digging Into PyScript & Preventing or Handling Python Errors.
Under the hood, there’s a new core, Polyscript. This is a smaller, more efficient, and more powerful kernel, so you can expect even better performance. This version also brings a new plugin system that can extend its functionality without modifying its own core. As of now, PyScript supports plugins written in JavaScript.
According to the PyScript team, this version is a significant overhaul. They’ve been working tirelessly, and this new version demonstrates their dedication to the project. Have you tried out Python in your web browser yet?
What’s Next for Python?
Thanksgiving rounded out the month of November for lots of Python programmers. Whether you celebrated or not, it’s undeniable that there’s a lot to be thankful for in the world of Python! PyPI is taking security seriously, and the PSF is seeking input from the community. Plus, Python and its libraries continue to benefit from frequent updates to keep your code running smoothly.
With Advent in full swing, what new Python developments would you ask Santa to deliver to round out 2023?
Join Now: Click here to join the Real Python Newsletter and you'll never miss another Python tutorial, course update, or post.