• GitHub action security: zizmor
• Python is now the top language on GitHub
• Python 3.13, what didn't make the headlines
• PyCon US 2025
• Extras
• Joke

About the show

Sponsored by:

• ScoutAPM - Django Application Performance Monitoring
• Codeium - Free AI Code Completion & Chat

Connect with the hosts

• Michael: @mkennedy@fosstodon.org
• Brian: @brianokken@fosstodon.org
• Show: @pythonbytes@fosstodon.org

Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too.

Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

Brian #1: GitHub action security: zizmor

• Article: Ned Batchelder
• zizmor: William Woodruff & others
• “a new tool to check your GitHub action workflows for security concerns.”
• Install with cargo or brew, then point it at workflow yml files.
• It reports security concerns.

Michael #2: Python is now the top language on GitHub

• Thanks to Pat Decker for the heads up.
• A rapidly growing number of developers worldwide
  • This suggests AI isn’t just helping more people learn to write code or build software faster—it’s also attracting and helping more people become developers. First-time open source contributors continue to show wide-scale interest in AI projects. But we aren’t seeing signs that AI has hurt open source with low-quality contributions.
• Python is now the most used language on GitHub as global open source activity continues to extend beyond traditional software development.
  • The rise in Python usage correlates with large communities of people joining the open source community from across the STEM world rather than the traditional community of software developers.
• There’s a continued increase in first-time contributors to open source projects. 1.4 million new developers globally joined open source with a majority contributing to commercially backed and generative AI projects.
  • Notably, we did not see a rise in rejected pull requests. This could indicate that quality remains high despite the influx of new contributors.

Brian #3: Python 3.13, what didn't make the headlines

• Some pretty cool updates to pdb : the command line Python debugger
  • multiline editing
  • code completion
• pathlib has a bunch of performance updates
• python -m venv adds a .gitignore file that auto ignores the venv.

Michael #4: PyCon US 2025

• Site is live with CFP and dates
• Health code is finally reasonable: “Masks are Encouraged but not Required”
• PyCon US 2025 Dates
  • Tutorials - May 14-15, 2025
  • Sponsor Presentations - May 15, 2025
  • Opening Reception - May 15, 2025
  • Main Conference and Online - May 16-18, 2025
  • Job Fair - May 18, 2025
  • Sprints - May 19-May 22, 2025

Extras

Brian:

• Please publish and share more - Jeff Triplett

Michael:

• pre-commit-uv
  • Just spoke with Sefanie Molin about pre-commit hooks on Talk Python
• Curse you Omnivore!
• We have moved to hetzner
• Typora markdown app
• free-threaded Python is now available via uv

  uv self update
  uv python install --python-preference only-managed 3.13t
  

Joke: Debugging char