PythonHub
2.55K subscribers
2.35K photos
50.2K links
News & links about Python programming.
https://pythonhub.dev/
Download Telegram
A small matrix task runner for Python projects using Astral uv.

uv-matrix runs the same project tasks across Python versions, dependency variants, extras and arbitrary task variants defined in pyproject.toml.

https://github.com/atsuoishimoto/uv-matrix
Django security releases issued: 6.0.7 and 5.2.16

Django 6.0.7 and 5.2.16 fix three low-severity security issues involving cached Set-Cookie responses, GDALRaster heap buffer over-read, and DomainNameValidator accepting newlines. The Django team recommends upgrading supported versions as soon as possible, with patches applied to main, 6.1 beta, 6.0, and 5.2 branches.

https://www.djangoproject.com/weblog/2026/jul/07/security-releases/
planning-with-files

Persistent file-based planning for AI coding agents and long-running agentic tasks. Crash-proof markdown plans that survive context loss and /clear, plus a deterministic completion gate and multi-agent shared state on disk. Manus-style. Works with Claude Code, Codex CLI, Cursor, Kiro, OpenCode and 60+ agents via the SKILL.md standard.

https://github.com/OthmanAdi/planning-with-files
Serving a Frontend with FastAPI: A Practical Guide

A practical guide to FastAPI's new app.frontend(), SPA fallback, API route priority, and a complete mini dashboard example.

https://modernpython.io/serving-a-frontend-with-fastapi-a-practical-guide/
3
How to publish to PyPI using GitHub Actions securely

The post gives three practical steps for publishing Python packages to PyPI more securely from GitHub Actions: run zizmor, use Trusted Publishing, and require manual approval through GitHub environments. It focuses on reducing credential risk by removing long-lived PyPI tokens, pinning actions, limiting workflow permissions, disabling persisted checkout credentials, and adding a human ap...

https://snarky.ca/how-to-publish-to-pypi-using-github-actions-securely/
Otary – Image and Geometry Python Library Now Has Tutorials

https://alexandrepoupeau.com/otary/learn/
You shouldn't trust Trusted Publishing

The post explains that PyPI Trusted Publishing is an authentication mechanism for machine-to-machine trust between CI/CD workflows and package registries, not a signal that a package is safe or high quality. It shows how Trusted Publishing reduces long-lived credential risk, while warning that users should not treat it like a “green checkmark” because malicious or low-quality packages ca...

https://blog.yossarian.net/2026/07/07/You-shouldnt-trust-trusted-publishing
👍1
Write a coding agent from first principles: better tools

This tutorial builds on the coding agent you implemented in the tutorial “Write a coding agent from first principles”. In this tutorial, you'll take your agent and improve its capabilities by implementing the text edit and bash command tools that Anthropic provides.

https://mathspp.com/blog/write-a-coding-agent-from-first-principles-better-tools