<p><strong>Watch the live stream:</strong></p>
<a href='https://www.youtube.com/watch?v=SXBdtq97xl4' style='font-weight: bold;'>Watch on YouTube</a><br>
<br>
<p><strong>About the show</strong></p>
<p>Sponsored by Sentry:</p>
<ul>
<li>Sign up at <a href="https://pythonbytes.fm/sentry"><strong>pythonbytes.fm/sentry</strong></a></li>
<li>And please, when signing up, click <strong><em>Got a promo code? Redeem</em></strong> and enter <strong>PYTHONBYTES</strong></li>
</ul>
<p>Special guest: <strong>Mike Groves</strong></p>
<p><strong>Michael #1:</strong> <a href="https://github.com/willmcgugan/textual"><strong>Textual</strong></a></p>
<ul>
<li>Textual (Rich.tui) is a TUI (Text User Interface) framework for Python using Rich as a renderer.</li>
<li>Rich TUI will integrate tightly with its parent project, Rich.</li>
<li>This project is currently a work in progress and may not be usable for a while.</li>
</ul>
<p><strong>Brian #2:</strong> <strong>Pinning application dependencies with pip-tools compile</strong></p>
<ul>
<li>via John Hagen</li>
<li><a href="https://github.com/jazzband/pip-tools">pip-tools</a> has more functionality than this, but compile alone is quite useful</li>
<li>Start with a loose list of dependencies in <code>requirements.in</code>:</li>
</ul>
<pre><code> rich
</code></pre>
<ul>
<li>Can have things like >= and such if you have fixed dependencies.</li>
<li>Now <code>pip install pip-tools</code>, and <code>pip-compile requirements.in</code></li>
<li>or <code>python -m piptools compile requirements.in</code>
<ul>
<li>both have same effect.</li>
</ul></li>
<li>Now you’ll have a <code>requirements.txt</code> file with pinned dependencies:</li>
</ul>
<pre><code> # autogenerated by: pip-compile requirements.in
click==7.1.2
# via typer
colorama==0.4.4
# via rich
commonmark==0.9.1
# via rich
pygments==2.9.0
# via rich
rich==10.2.2
# via -r requirements.in
typer==0.3.2
# via -r requirements.in
</code></pre>
<ul>
<li>Now, do the same with a <code>dev-requirements.ini</code> to create <code>dev-requirements.txt</code>.</li>
<li>Then, of course:</li>
</ul>
<pre><code> - `pip install -r requirements.txt`
- `pip install -r dev-requirements.txt`
- And test your application.
- All good? Push changes.
</code></pre>
<ul>
<li>To force <code>pip-compile</code> to update all packages in an existing <code>requirements.txt</code>, run <code>pip-compile --upgrade</code>.</li>
<li>John provided an example project that uses this workflow: <a href="https://github.com/johnthagen/python-blueprint">python-blueprint</a></li>
</ul>
<p><strong>Mike #3:</strong> <a href="https://github.com/se2p/pynguin"><strong>Pynguin</strong></a></p>
<ul>
<li>Automated test generation</li>
<li><strong>Pynguin</strong> is a framework that allows automated unit test generation for Python. It is an extensible tool that allows the implementation of various test-generation approaches.</li>
</ul>
<p><strong>Michael #4:</strong> <a href="https://github.com/pypa/advisory-db"><strong>Python Advisory DB</strong></a></p>
<ul>
<li>via <a href="https://twitter.com/btskinn/status/1400212636193542147"><strong>Brian Skinn</strong></a></li>
<li>A community owned repository of advisories for packages published on <a href="https://pypi.org"><strong>pypi.org</strong></a><strong>.</strong></li>
<li>Much of the existing set of vulnerabilities are collected from the <a href="https://nvd.nist.gov/vuln/data-feeds">National Vulnerability Database CVE</a> feed.</li>
<li>Vulnerabilities are integrated into the <a href="https://osv.dev">Open Source Vulnerabilities</a> project, which provides an API to query for vulnerabilities.</li>
<li>Longer term, we are working with the PyPI team to <a href="https://github.com/pypa/warehouse/issues/9407">build a pipeline</a> to automatically get these vulnerabilities [listed] into PyPI.</li>
<li>Tracks known security issues with the packages, for example:</li>
</ul>
<pre><code> PYSEC-2020-28.yaml
id: PYSEC-2020-28
package:
name: bleach
ecosystem: PyPI
details: In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA
and either svg or math tags are whitelisted and the keyword argument strip=False.
affects:
ranges:
- type: ECOSYSTEM
fixed: 3.1.2
versions:
- '0.1'
- 0.1.1
- 0.1.2
- '0.2'
...
</code></pre>
<p><strong>Brian #5:</strong> <a href="https://towardsdatascience.com/the-correct-way-to-overload-functions-in-python-b11b50ca7336"><strong>Function Overloading with singledispatch and multipledispatch</strong></a></p>
<ul>
<li>by Martin Heinz</li>
<li>I kinda avoid using the phrase “The Correct Way to …”, but you do you, Martin.</li>
<li>In C/C++, we can overload functions, which means multiple functions with the same name but different parameter types just work. </li>
<li>In Python, you can’t do that automatically, but you can do it.</li>
<li>It’s in the stdlib with <code>functools</code> and <code>singledispatch</code>:</li>
</ul>
<pre><code> from functools import singledispatch
from datetime import date, time
@singledispatch
def format(arg):
return arg
@format.register
def _(arg: date):
return f"{arg.day}-{arg.month}-{arg.year}"
@format.register(time)
def _(arg):
return f"{arg.hour}:{arg.minute}:{arg.second}"</code></pre>
<ul>
<li>Now <code>format</code> works like two functions:</li>
</ul>
<pre><code> print(format(date(2021, 5, 26)))
# 26-5-2021
print(format(time(19, 22, 15)))
# 19:22:15
</code></pre>
<ul>
<li>What if you want to switch on the type of multiple parameters? <a href="https://pypi.org/project/multipledispatch/">multipledispatch</a>, a third party package, does the trick:</li>
</ul>
<pre><code> from multipledispatch import dispatch
@dispatch(list, str)
def concatenate(a, b):
a.append(b)
return a
@dispatch(str, str)
def concatenate(a, b):
return a + b
print(concatenate(["a", "b"], "c"))
# ['a', 'b', 'c']
print(concatenate("Hello", "World"))
# HelloWorld
</code></pre>
<p><strong>Mike #6:</strong> <a href="https://nackjicholson.github.io/aiosql/"><strong>Aiosql</strong></a></p>
<ul>
<li>Fast Async SQL Template Engine</li>
<li>Lightweight replacement for ORM libraries such as SQLAlchemy.</li>
</ul>
<p><strong>Extras</strong></p>
<p><strong>Michael</strong></p>
<ul>
<li>SoftwareX Journal, Elsevier has had an open-access software journal, via Daniel Mulkey. There's even a <a href="https://www.sciencedirect.com/journal/softwarex/special-issue/103XKC9DRLV"><strong>special issue collection</strong></a> on software contributing to gravitational wave discovery.</li>
<li>Python 3.10.0b2 is available</li>
<li>Django security releases issued: 3.2.4, 3.1.12, and 2.2.24</li>
<li>Talks <a href="https://www.youtube.com/watch?v=z_hm5oX7ZlE&list=PL2Uw4_HvXqvYk1Y5P8kryoyd83L_0Uk5K"><strong>on YouTube</strong></a> for PyCon 2021.</li>
<li><a href="https://twitter.com/jmaxfieldbrown/status/1401933861081124874"><strong>aicsimageio</strong></a> <a href="https://twitter.com/jmaxfieldbrown/status/1401933861081124874">4.0 released</a>, lots of goodness for bio-image analysis and microscopy, thanks Madison Swain-Bowden.</li>
</ul>
<p><strong>Mike</strong></p>
<ul>
<li><strong><a href="https://www.prettyfwd.com/t/c7l72nBxQjqGATzdz9DDLA/">Postponement of PEP 563 in 3.10</a></strong></li>
</ul>
<p><strong>Joke</strong> </p>
<p><a href="https://twitter.com/AikidoUke/status/1397406450377543683"><strong>Bank robbers</strong></a></p>
<ul>
<li><a href="https://twitter.com/brianokken/status/1402293369007534080?s=20">A book about Rich</a>
<img src="https://paper-attachments.dropbox.com/s_ED0B2ECD3F3EA9A0A3D6DE8B7AA3BCAD34DD73FCC6E4174A711517C16C525C25_1623258891709_rich.png" alt="" /></li>
</ul>
↧