We started 2025 juggling mixed versions, half-migrated types, and CI that felt slow for no good reason. We are ending it with a calmer baseline: Python 3.14 is the new normal, core libraries kept pace, packaging got faster and cleaner, and security hygiene improved. This is the year the ecosystem quietly traded novelty for reliability. That is a win. Listen to this final episode of Snake Signals of 2025 here!

The arc of the year

  • Python 3.14 went stable on Oct 7. Libraries met it quickly, which cut friction moving code between repos and made typing cleaner. If you still have a 3.12 holdout, run your matrix and plan the bump.

  • NumPy 2.4.0 closed the year by continuing the free-threaded work, advancing user dtypes, and pruning old deprecations. Official support spans Python 3.11 to 3.14, which makes it a safe canary upgrade.

  • FastAPI leaned fully into Pydantic v2. Recent releases surface warnings if anything still routes through pydantic.v1, which turns your logs into an actionable to-do list. fastapi[standard] also includes the Cloud CLI so fastapi deploy is available by default.

  • Ruff became the default formatter and linter for a lot of teams. Pin it in pre-commit so everyone lands the same diffs.

  • uv matured as a real packaging option. Teams trialed it repo by repo, kept it when it improved time to green, and moved on with their day.

  • Django 5.2 shipped as the LTS in April, with multiple security releases later in the year. If your platform is Django-first, that was the long runway you needed.

The security shift that mattered

2025 was the year more teams finally moved to trusted publishing, rotated long-lived tokens, and treated 2FA as table stakes. PyPI also hardened account safety, including blocking expired maintainer domains to reduce “domain resurrection” attacks, and PSF warned about ongoing phishing that targeted maintainers. If you own releases, make sure you are using OIDC-based trusted publishing and hardware-key 2FA.

Serverless note

AWS Lambda added Python 3.14 support in November for both managed runtimes and container base images. If you are still on 3.12 or 3.13, you can standardise now and consider Arm64 where it makes sense for cold-start and cost.

One honest reminder

Quality beats novelty. Polars 1.36.0 was yanked for an unpivot regression and fixed days later in 1.36.1. This is why you pin, canary, and re-run reshapes before a wide rollout.

Hiring reality in 2025

Two truths held all year. First, publishing a real salary range still lifts apply rates. Indeed’s own guidance shows employer-provided pay correlates with a 31 percent increase in apply starts per impression. Second, UK salary disclosure became more inconsistent as hiring cooled. In October only about 55 percent of UK job ads listed pay, which means your range stands out again. Put the band at the top of the post and you will get better responses.

Write what matters in one line: Python baseline, core tools, and a clear interview process with a decision inside seven calendar days. Candidates optimize for clarity and speed. Managers reduce drop-off and improve signal.

For candidates: proofs that actually signal skill

Keep it small, real, and measurable. Link these at the top of your CV.

  • Vectorisation micro-bench: replace one hot loop with a NumPy 2.4.0 vectorised path. Record exact input, baseline runtime, improved runtime, and the command you ran. Two lines in the README are enough.

  • Contract-first API slice: one POST and one GET in FastAPI with Pydantic v2 models, a single JSON error envelope, a snapshot test, and curl examples that work. If logs show pydantic.v1, fix and commit.

For teams: a January plan that works

  • Baseline: Python 3.14, one packaging workflow, Ruff in pre-commit across repos.

  • Close v1 paths: upgrade FastAPI and ticket any pydantic.v1 warnings you see.

  • Trusted publishing: switch release automation to OIDC with short-lived tokens.

  • Security housekeeping: rotate stale CI tokens and verify hardware-key 2FA on PyPI and your git provider.

The last 7 days, so you do not have to trawl GitHub

  • NumPy 2.4.0 released Dec 20. Treat it as a safe canary before the holiday freeze.

  • FastAPI 0.127.0 released Dec 21. It now warns when code touches pydantic.v1. fastapi[standard] includes the Cloud CLI.

  • Ruff 0.14.10 released Dec 18. Pin it in pre-commit to keep diffs consistent.

  • uv 0.9.18 released Dec 16. Improves publish and error handling. Trial on one repo and keep it if time to green drops.

Closing

2025 rewarded teams that made the boring parts great: consistent versions, typed contracts, one linter and formatter, secure publishing. Start 2026 with that foundation and you will ship faster without heroics. The podcast episode for this review is on snakesignals.com if you prefer audio.

If this helped, share it with someone who builds or hires in Python. New readers can join at snakesignals.com.

Hiring? Contact
Josh Smith
LinkedIn: https://www.linkedin.com/in/python-recruitment/
Email: [email protected]
Phone: 01727 225 552

Keep reading

© 2026 Snake Signals.
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv