#483 Thanks Brian episode artwork

EPISODE · Jun 9, 2026 · 28 MIN

#483 Thanks Brian

from Python Bytes · host Michael Kennedy and Calvin Hendryx-Parker

Topics covered in this episode: Vulnerability and malware checks in uv HTTP GET requests with the Python standard library Millions of AI agents imperiled by critical vulnerability in open source package alembic-git-revisions Extras Joke Watch on YouTube About the show Goodbye and Thanks Brian Thanks Calvin for being part of this and future episodes! Also new time for the live show. Thanks Brian for all the hard work over the years. Calvin #1: Vulnerability and malware checks in uv release just yesterday by Astral https://astral.sh/blog/uv-audit uv audit scans dependencies for known vulnerabilities and abandoned packages via the OSV database — runs 4–10x faster than pip-audit Malware check runs on every install/sync, catching actively malicious packages (credential stealers, etc.) before they execute — including ones PyPI quarantined but lockfiles can still reference Enable malware scanning with UV_MALWARE_CHECK=1 — it's opt-in and in preview Future roadmap includes a resolver that steers toward vulnerability-free versions and install-time warnings scoped to newly added deps only Michael #2: HTTP GET requests with the Python standard library If you’re doing HTTP in Python, you’re probably using one of three popular libraries: requests, httpx, or urllib3. There have been issues with httpx lately. Niquest is another option: Drop-in replacement for Requests. Automatic HTTP/1.1, HTTP/2, and HTTP/3. WebSocket, and SSE included. But maybe less is more, especially in the age of agentic AI A good candidate needs two things to be true at once, not one: the used surface is small, and the behavior behind that surface is shallow. Calvin #3: Millions of AI agents imperiled by critical vulnerability in open source package "BadHost" (CVE-2026-48710) is a critical vulnerability in Starlette — the ASGI framework underlying FastAPI — with 325 million weekly downloads; also affects vLLM, LiteLLM, and most MCP server tooling The exploit is trivial: injecting a single character into an HTTP Host header bypasses path-based authentication, and can lead to credential theft, SSRF, and in some cases remote code execution MCP servers are a prime target since they store credentials for external services (email, databases, cloud accounts) — exposed data in the wild includes biopharma clinical trial DBs, full mailboxes, HR/PII pipelines, and AWS topology Fix is available — patch to Starlette 1.0.1 immediately; use the free scanner at mcp-scan.nemesis.services to check if your servers are still running a vulnerable version Open source sustainability footnote: the maintainer triages near-daily security reports solo, in his free time — most are AI-generated noise, and real ones like this still compete for the same evenings and weekends Michael #4: alembic-git-revisions By Julien Danjou from Mergify Automatic Alembic migration chaining based on git commit history. No more Multiple head revisions are present for given argument 'head'. See the introductory article Caused by two migrations landed with the same down_revision, and Alembic doesn’t know which one comes first. The fix is always the same: someone manually edits the migration file to re-chain the revisions. The insight: git already knows the order Extras Calvin: GNU make can do pattern matching in the target. Not new at all, mentioned in the 1994-era docs. just and task don’t have this super power on the target name yet. train-%: uv run ./train.py $* --save-hyper-params --overwrite $(TRAIN_ARGS) Michael: Updated my HTTP client using packages from httpx to httpx2: listmonk, umami, and memberful. For motivation, see this reddit thread. Joke: Accurate

Topics include , HTTP GET requests with the Python standard library, , and alembic-git-revisions.

NOW PLAYING

#483 Thanks Brian

0:00 28:40

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Unofficial EF Ultimate Break Podcast wherebytesgoes Welcome to the Unofficial EF Ultimate Break Podcast! Here we'll talk about everything EF Ultimate Break. The trip, vibes of the trips, the experiences, the excursions, the flights, the hotel stays - everything you need to know before booking your trip and going on your trip. We'll talk about tips and tricks when traveling and how to avoid common travel mistakes.Hi, I'm your host - bytes! I've traveled with EF almost a dozen times and they are my favorite company to travel with. My day job is software engineering and I'm always looking to make things easier and more efficient - EF does this extremely well, but there's always more to learn. Like what should you actually pack for your trip? Is Ultimate Plus worth it? What happens if you miss your flight? What if you are introverted and you are nervous about traveling in a big group? We'll answer all those questions and more in this podcast. I can't wait for you to listen in and get pumped for your next EF Ultimate Break trip. Vegan Bytes VEG3 | Your Vegan AI Welcome to Vegan Bytes - your two-minute destination for everything you need to supercharge your vegan journey or advocacy efforts, all served up by VEG3’s cutting-edge AI.That’s right, every byte of this podcast is generated by artificial intelligence, turning complex research into digestible tips, blending in a dash of vegan-friendly humor, and wrapping it all in a short story that will leave you hooked. From the latest trends in veganism and AI to tried and tested strategies, each episode serves up relevant real-world examples and actionable insights that you can immediately implement to accelerate the vegan revolution.Whether you’re a seasoned vegan or a newcomer to the plant-based world, our AI has cooked up the perfect recipe to help you drive the cause forward.Tune in, grab a vegan snack, and let’s create a world where animal rights are recognized, and the vegan movement thrives.Learn more about VEG3, your AI-powered vegan companion, at https://veg3.ai Python for Everybody (Audio/PY4E) Dr. Charles Russell Severance These are the audio lectures to supplement the textbook 'Python for Everybody: Exploring Information' and its associated web site www.py4e.com. There is also a video podcast of this material. Business Bytes: Social Media Uncovered. Matt Mckay Business Bytes: Social Media Uncovered' is your premier destination for digestible, bite-sized information, unveiling the latest trends, and transformative tools that can catapult your business to unprecedented heights. We are committed to demystifying the intricacies of social media, making it accessible and engaging for everyone.  Whether you're an entrepreneur on the brink of a breakthrough, a marketer aiming to conquer new frontiers, or a social media enthusiast keen to stay ahead of the curve, our podcast is tailored just for you. Our goal is to empower you with the knowledge and insights to harness the power of social media effectively.  So, sit back, relax, and join us on this exhilarating journey as we delve into the dynamic, ever-evolving world of social media, one byte at a time. Welcome aboard 'Business Bytes: Social Media Uncovered' - your key to unlocking the secrets of social media success! 

Frequently Asked Questions

How long is this episode of Python Bytes?

This episode is 28 minutes long.

When was this Python Bytes episode published?

This episode was published on June 9, 2026.

What is this episode about?

Topics covered in this episode: Vulnerability and malware checks in uv HTTP GET requests with the Python standard library Millions of AI agents imperiled by critical vulnerability in open source package alembic-git-revisions Extras Joke Watch on...

Can I download this Python Bytes episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!