This week is about landing safe upgrades as Python 3.14 hits today and making sure people are actually ready for interviews. Packaging and tooling moved, Django pushed a security fix, and there is a fresh PyPI malware reminder. Short version: bump the easy stuff, lock the risky stuff, and tighten prep.
Astral shipped uv 0.8.23 late last week. Small changes, worth pinning if you are trialling uv in CI. If you have standardised on uv locally and in CI, tag this and compare resolver timings to your current baseline.
Ruff 0.13.3 dropped on Thursday. Nicer diffs for ruff format --check and a few rule quality tweaks. If your pre-commit still points at an older minor, update the hook so everyone lands the same formatter output. Low risk, quick win.
Framework land: Django 5.2.7 is a security release with a high severity SQL injection fix on some MySQL or MariaDB patterns, plus a directory traversal fix. If you are on 5.2.x, bump now. The 5.1 and 4.2 lines also got patches. Schedule a short deploy window, run smoke tests, move on.
Pydantic moved as well. 2.11.10 shipped with fixes, and the first 2.12 beta arrived. Most teams should take 2.11.10. If you are testing 3.14 or chasing validation performance, try the beta behind a pin.
Heads up for today: Python 3.14 final is scheduled. If you own packaging, finish your test pass early this morning and check that your images can select 3.14 cleanly.
Security watch: a malicious PyPI package nicknamed “soopsocks” spiked in downloads before takedown. Rotate any tokens used from CI on repos that publish to PyPI, scan recent pip install events for suspicious names, and confirm 2FA for PyPI maintainers. Two minutes in stand-up beats a weekend in incident response.
Now the important bit for candidates. Interviews are tougher right now. More applicants, tighter loops, and less time with hiring managers. Preparation is the difference. Check out my Interview Prep hub. It has LeetCode problem sets to target the right patterns, a technical Q&A for fundamentals, and a full preparation guide so you know what to expect. Start here: https://snakesignals.com/#interview-prep
If you are a developer looking this week, run this simple plan:
Pick 3 LeetCode mediums that overlap your target role. Arrays or strings if you are rusty, graphs if you are aiming senior. Timebox to 25 minutes, then write a clean second pass with tests.
Skim the tech Q&A and write out answers to five topics you actually avoid. GIL vs multiprocessing vs asyncio, typing in real code, error handling and tests, HTTP semantics, and basic SQL performance.
Do a 30 minute mock using the guide’s structure. Keep your answers short and specific. Show tradeoffs. Ask one question about delivery or on-call to show you care about running code, not just writing it.
If you are hiring, do your part. Share the structure in advance, keep the take-home to 60 to 90 minutes, and use a short rubric. You will get better signal and fewer dropouts. For a concise framework you can use this week, see your Interview Prep and Hiring Playbooks pages:
Interview Prep: https://snakesignals.com/#interview-prep
Hiring Playbooks: https://snakesignals.com/#hiring-playbooks
Context for stakeholders lives here too:
Salary ranges and methodology: https://snakesignals.com/#salary-guide
Archive: https://snakesignals.com/#archive
If the website has helped already or might help in the future, share it with someone who builds or hires in Python. New readers can join at snakesignals.com.
Hiring? Contact:
Josh Smith
LinkedIn: https://www.linkedin.com/in/python-recruitment/
Email: [email protected]
Phone: 01727 225 552