We're sunsetting PodQuest on 2025-07-28. Thank you for your support!
Export Podcast Subscriptions
cover of episode #430 Or you go to jail

#430 Or you go to jail

2025/4/28
logo of podcast Python Bytes

Python Bytes
AI Deep Dive Transcript
People
B
Brian
Python 开发者和播客主持人,专注于测试和软件开发教育。
M
Michael
帮助医生和高收入专业人士管理财务的金融教育者和播客主持人。
Topics
Brian: 我发现了 pip 25.1 的发布,它包含许多令人兴奋的新功能,例如依赖项分组(PEP 735),允许将依赖项组织成不同的组,例如测试、lint 和开发。这使得管理项目依赖项更加容易。此外,pip 25.1 还支持 pylock.toml 锁文件,这是一种新的锁文件格式,可以替代 requirements.txt。pip 25.1 还改进了安装进度条、可恢复下载和版本查询等功能。 Brian: 我还了解到 uv 0.6.15 现在支持 pylock.toml。这使得使用 uv 管理依赖项更加方便,可以轻松地导出、生成和安装 pylock.toml 文件。许多项目,例如 pip、pip-audit 和 pdm,都支持 pylock.toml。 Brian: 我还介绍了一个名为 every UUID 的网站,它列出了所有 UUID。这是一个有趣的网站,展示了如何处理大量的 UUID 数据。 Michael: 我分享了 aiohttp 的一个重大更新,它现在支持 free-threaded。这要归功于 Lysandros Nikolaou 的贡献,aiohttp 的所有强制依赖项现在都提供了 free-threaded 版本的 wheels。这意味着 aiohttp 现在可以安全地用于 free-threaded 的 Python 环境,这对于需要处理大量并发请求的 Web 服务器非常有用。 Michael: 我还介绍了 Whenever 库,它提供类型安全且时区安全的 Python 日期时间处理,速度比其他库更快。它解决了标准库中的一些日期时间处理问题,例如日光节约时间转换和类型安全问题。 Michael: 最后,我还分享了关于 GitHub Copilot 和 Cursor 中的新漏洞以及 AI 代码工具广泛产生幻觉包的信息,并介绍了 Firefox Send 的替代方案,例如 file.pizza 和 Bitwarden Send。

Deep Dive

Shownotes Transcript

Topics covered in this episode:

- **[pip 25.1 has dependency groups, pylock.toml, plus more](https://ichard26.github.io/blog/2025/04/whats-new-in-pip-25.1/?featured_on=pythonbytes))**

Watch on YouTube)

About the show

Sponsored by Porkbun)! Use our link pythonbytes.fm/porkbun) and get a .app or .dev domain for $5.99 at Porkbun.

Connect with the hosts

Join us on YouTube at pythonbytes.fm/live) to be part of the audience. Usually Monday at 10am PT. Older video versions available there too.

Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list), we'll never share it.

Brian #1: pip 25.1 has dependency groups, pylock.toml, plus more)

Dependency groups, PEP 735, supported

`# pyproject.toml
[dependency-groups]
test = ["pytest", "pytest-xdist"]
lint = ["mypy", "isort"]
# Dependency Groups can include other groups! ✨
dev = [ {include-group = "test"}, {include-group = "lint"} ]
`

- Package installation progress bar

  • Resumable downloads

  • Experimental lockfile generation, PEP 751, with pip lock

  • so cool

  • pip index versions is stable, no longer experimental

  • use this to get a list of available versions

  • ex: python3 -m pip index versions pytest-check

  • combine with --json to get a nice script readable output

Michael #2: aiohttp goes free threaded)

  • Thanks to months of consistent contributions by Lysandros Nikolaou, all of the mandatory dependencies of #aiohttp) now ship free-threaded variants of #wheels)!

  • This unlocks the same in aiohttp)!

Brian #3: uv 0.6.15 supports pylock.toml)

  • Discovered through Brett Cannon)

  • So far, these projects support pylock.toml

  • pip

  • pip-audit

  • pdm

  • uv

  • With uv

  • To export a uv.lock to the pylock.toml format,

  • run: uv export -o pylock.toml

  • To generate a pylock.toml file from a set of requirements,

  • run: uv pip compile -o pylock.toml -r requirements.in

  • To install from a pylock.toml file,

  • run: uv pip sync pylock.toml or uv pip install -r pylock.toml

Michael #4: Whenever)

  • via Pat Decker

  • Typed and DST-safe datetimes for Python, available in Rust or pure Python.

  • Whenever helps you write correct and type checked datetime code.

  • It's also way faster than other third-party libraries—and usually the standard library as well.

Extras

Brian:

Michael:

Joke: Can you Vibe?