How do you verify and validate the data coming into your Python web application? What tools and security best practices should you consider as a developer? Christopher Trudeau is back on the show this week, bringing another batch of PyCoder’s Weekly articles and projects.

We discuss the recent Real Python tutorial “Pydantic: Simplifying Data Validation in Python.” The piece covers installing the library with optional dependencies, working with base models, validating functions, and managing environment variables.

We continue our conversation about web development with another article about Python security best practices. This article covers several Python libraries and crucial steps you can take to help make your web-based applications more secure.

We also share several other articles and projects from the Python community, including a news roundup, why Python lists multiply oddly, inline run dependencies in pipx, a discussion about open-source contribution assignments, playing sounds in Python, and a Python library to access ISO country definitions.

This episode is sponsored by Mailtrap.

Topics:

• 00:00:00 – Introduction
• 00:02:40 – Python 3.12.3, Python 3.11.9, and 3.13.0a6 Released
• 00:03:43 – Django Bugfix Release Issued: 5.0.4
• 00:04:48 – PEP 738 Accepted: Adding Android as a Supported Platform
• 00:05:53 – EuroPython Tickets on Sale: Prague/Remote July 8-14
• 00:06:38 – PyCon Portugal 2024
• 00:07:17 – Pydantic: Simplifying Data Validation in Python
• 00:15:24 – Sponsor: Mailtrap
• 00:15:58 – Why Do Python Lists Multiply Oddly?
• 00:22:21 – Best Python Security Practices for Web Developers
• 00:34:13 – Video Course Spotlight
• 00:35:38 – Inline Run Dependencies in pipx 1.4.2
• 00:40:16 – So Your Teacher Wants You to Do Open Source
• 00:54:49 – nava: Play Sounds in Python
• 00:56:25 – pycountry: A Python library to access ISO country definitions
• 00:58:18 – Thanks and goodbye

News:

• Python 3.12.3 and 3.13.0a6 Released
• Python 3.11.9 Released
• Django Bugfix Release Issued: 5.0.4
• PEP 738 Accepted: Adding Android as a Supported Platform
• PEP 742 Accepted: Narrowing Types With TypeIs
• EuroPython Tickets on Sale: Prague/Remote July 8-14
• PyCon Portugal 2024

Show Links:

• Pydantic: Simplifying Data Validation in Python – Discover the power of Pydantic, Python’s most popular data parsing, validation, and serialization library. In this hands-on tutorial, you’ll learn how to make your code more robust, trustworthy, and easier to debug with Pydantic.
• Why Do Python Lists Multiply Oddly? – In Python you can use the multiplication operator on sequences to return a repeated version of the value. When you do this with a list containing an empty list you get what might be unexpected behavior. This article explains what happens and why.
• Best Python Security Practices for Web Developers – Coding on the web means you have to be more security conscious as everyone has access to your software. This article discusses key steps you can take to help make your code more secure.
• Inline Run Dependencies in pipx 1.4.2 – PEP 723 adds the ability to specify dependencies within a Python script itself. The folks who write pipx have added an experimental feature that takes advantage of this future language change. This article shows you how the new feature looks and what pipx does with it.
• Install and Execute Python Applications Using pipx – In this tutorial, you’ll learn about a tool called pipx, which lets you conveniently install and run Python packages as standalone command-line applications in isolated environments. In a way, pipx turns the Python Package Index (PyPI) into an app marketplace for Python programmers.

Discussion:

• So Your Teacher Wants You to Do Open Source – Sometimes teachers or mentors ask students to contribute to an open source project, without the context of what that entails. This opinion piece covers just how much noise that causes for the projects and why you shouldn’t do it unless you truly mean to contribute.
• 503 Days Working Full-Time on FOSS: Lessons Learned – For a year and a half, Rodrigo worked at Textualize the company behind the popular open source Python projects Rich and Textual. This blog post talks about what he learned while he was there.

Projects:

• nava: Play Sounds in Python
• pycountry: A Python library to access ISO country, subdivision, language, currency and script definitions and their translations

Additional Links:

• Pydantic
• François Fleuret on X: “2h of debugging. Whatever you say, that’s counter intuitive.”
• bandit: Security oriented static analyzer for Python code - PyPI
• Dependency Management With Python Poetry – Real Python
• OWASP Top Ten - OWASP Foundation
• pipx
• Governance - The Pallets Projects
• Textual
• How to Contribute to Open Source - Open Source Guides
• Djangonaut Space - Where contributors launch!

Level up your Python skills with our expert-led courses:

• Lists and Tuples in Python
• Using raise for Effective Exceptions
• Sorting Data in Python With pandas

Support the podcast & join our community of Pythonistas