@sethmlarson@fosstodon.org
@sethmlarson@fosstodon.org avatar

sethmlarson

@sethmlarson@fosstodon.org

:python: PSF Security Developer-in-Residence 🐍 PSF Fellow ✨ Minnesoootan, he/him

This profile is from a federated server and may be incomplete. Browse more on the original instance.

sethmlarson, to programming
@sethmlarson@fosstodon.org avatar

#PyPI to enforce non-SMS 2FA for all package maintainers by the end of 2023, excellent work PyPI team to keep the #Python ecosystem safe! 💪

https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

Love this!!! 🤩 So much is spent on auditing open source software, why not share that value with the rest of the world so everyone can benefit (where have I heard that perk before?)

https://opensource.googleblog.com/2023/05/open-sourcing-our-rust-crate-audits.html

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

The #PyPI team has been killing it lately, removing the ability to upload new PGP signatures following @yossarian's audit of PGP on PyPI 🚀

https://blog.pypi.org/posts/2023-05-23-removing-pgp/

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

New release of #urllib3, v1.26.16 backports a bugfix for PoolManager thread-safety when accessing a high number of distinct origins to not close responses before they complete: https://github.com/urllib3/urllib3/releases/tag/1.26.16

sethmlarson, to programming
@sethmlarson@fosstodon.org avatar

#Requests v2.31.0 is now available with a fix for CVE-2023-32681 affecting Proxy-Authorization credential leakage to origin after a redirect to an HTTPS origin. Upgrade to latest Requests and rotate proxy credentials if affected.

More information here: https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q

#Python #Security

sethmlarson, to programming
@sethmlarson@fosstodon.org avatar

#Python and #PyTorch using #WebGPU in browsers, the future is now! 🤯

https://praeclarum.org/2023/05/19/webgpu-torch.html

admin, to random

Announcing the Upstream podcast

https://lu.is/blog/2023/05/16/announcing-the-upstream-podcast/

sethmlarson,
@sethmlarson@fosstodon.org avatar

@@lu.is Love the new format, URL be on my listening list!! 🤩

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

People reaching out to me with a variant of"So you broke my build... but you seem cool!" 😅👋

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

#Docker and #Ansible users rejoice, docker-py now supports #urllib3 v2.0! 🤩

https://github.com/docker/docker-py/releases/tag/6.1.0

jonafato, to random
@jonafato@mastodon.social avatar

Straw poll time: how many of you have gotten a job through a Python conference?

sethmlarson,
@sethmlarson@fosstodon.org avatar

@jonafato I exclusively do this, that's why I'm at #Elastic right now :)

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

@readthedocs @ericholscher Does Readthedocs use OpenSSL 1.0.2 for all of its builders? Found this build which is erroring out on urllib3 v2.0 not supporting the OpenSSL version?

https://readthedocs.org/projects/pastastore/builds/20387661/

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

New #Requests release v2.30.0 which adds explicit support for #urllib3 v2.0.0! 🚀 Let's go!!!

https://github.com/psf/requests/releases/tag/v2.30.0

sethmlarson,
@sethmlarson@fosstodon.org avatar

FYI, Requests v2.30.0 has been yanked shortly after release because of an issue with large compressed responses being truncated. We have a fix coming very soon!

sethmlarson, to opensource
@sethmlarson@fosstodon.org avatar

One thing that the #urllib3 team does that I wonder if other #opensource projects do is ensure someone is around to help in case of disasters. Very similar to on-call but ad-hoc and during fragile moments like releases of new default behaviors/major versions. Do any other projects do this?

sethmlarson, to programming
@sethmlarson@fosstodon.org avatar

New #urllib3 JSON APIs making a cameo in @pamelafox's presentation slides! 🤩 #Python

https://pamelafox.github.io/my-py-talks/pyday-apis/#/9

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

#urllib3 v2.0.1 has been released with two small fixes:

– Fixed socket leak after failed cert hostname or fingerprint verification (thanks @graingert !)
– Fixed an issue when .read(0) was called on an empty response buffer (thanks @quentinpradet !)

https://github.com/urllib3/urllib3/releases/tag/2.0.1

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

Over 1 million installs of a new major version in 24 hours (and single-digit number of integration issues 😏) #urllib3

https://pepy.tech/project/urllib3?versions=2.0.0

Next hurdle is being unpinned by Requests, then we'll really know if there are any big issues... 😬

tiangolo, to random

I met @sethmlarson at #PyConUS2023! 😁

He's one of the maintainers of @urllib3, one of the most (the most?) downloaded Python libraries, you probably don't use it directly, but you probably use something that uses it. 😎

sethmlarson,
@sethmlarson@fosstodon.org avatar

@tiangolo Was so great meeting you in person @tiangolo, your energy and positivity is incredible! 💜

yossarian, to random

new favorite phrase from @sethmlarson: “coward’s versioning” for pre-1.0 semver

sethmlarson,
@sethmlarson@fosstodon.org avatar

@yossarian You can't credit me with this, but the person who said this I don't know if they want the credit lol

pamelafox, to random
@pamelafox@fosstodon.org avatar

@sethmlarson I'm planning to use urllib3 for a live demo, just want to double check this is the best way to pretty print JSON responses?

import json
print(json.dumps(resp.json(), indent=4))

I looked through ref and didnt see anything built in for it.

sethmlarson,
@sethmlarson@fosstodon.org avatar

@pamelafox Awesome!! If it's in a public place send me a link? Yeah that would produce a nice result assuming there's not a ton of nesting, if so you might consider indent=2.

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

Already over 250,000 installs of #urllib3 v2.0.0: https://pepy.tech/project/urllib3?versions=2.0.0

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

Goodbye incredible people of #PyConUS, see you in Pittsburgh! 👋

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

🥹

sethmlarson,
@sethmlarson@fosstodon.org avatar

urllib3 v2.0.0 is now generally available! The team is beyond excited for you all to use what we've been building for the past 3 years 🥳

https://sethmlarson.dev/urllib3-2.0.0

sethmlarson, to random
@sethmlarson@fosstodon.org avatar

#urllib3 v2.0.0a4 has been released, this will be the last pre-release before v2.0.0 is released (hopefully tomorrow!)

https://github.com/urllib3/urllib3/releases/tag/2.0.0a4

sethmlarson,
@sethmlarson@fosstodon.org avatar

@lmazuel Thank you! Requests' test suite works with urllib3 v2.0, this compatibility testing is done as a part of our CI. There's a PR for Requests v2.29.0 which has the changes required for this: https://github.com/psf/requests/pull/6430

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • ngwrru68w68
  • everett
  • InstantRegret
  • magazineikmin
  • thenastyranch
  • rosin
  • GTA5RPClips
  • Durango
  • Youngstown
  • slotface
  • khanakhh
  • kavyap
  • DreamBathrooms
  • provamag3
  • tacticalgear
  • osvaldo12
  • tester
  • cubers
  • cisconetworking
  • mdbf
  • ethstaker
  • modclub
  • Leos
  • anitta
  • normalnudes
  • megavids
  • lostlight
  • All magazines
    •