News

Python Black Friday & Cyber Monday sales (2025)

More Black Friday and Cyber Monday deals for Python and Django developers!

LearnDjango has 50% off courses too!

Django Software Foundation

DSF member of the month - Akio Ogasahara

Akio Ogasahara, DSF member of the month, contributes extensive Japanese documentation translation, advocates Django admin for operations and highlights Django security alongside AI assisted development.

Python Software Foundation

PyPI and Shai-Hulud: Staying Secure Amid Emerging Threats

PyPI warns developers about the Shai-Hulud npm supply chain campaign, revoking exposed tokens and recommending trusted publishers, CI workflow audits, and token rotation.

Wagtail CMS News

Wagtail 7.2.1

Wagtail shipped several fixes that improve userbar previews, document and image handling, search stability, and reference index performance, along with a small search test cleanup.

Sponsored Link 1

Sleep tight with HackSoft and our Django services!

While you recharge, we keep your software running smoothly - secure, stable, and ready for tomorrow. We are HackSoft - your Django development partner, beyond code. Learn more!

Articles

Django: implement HTTP bearer authentication

Shows how to implement simple single token HTTP Bearer authentication in Django views with secure compare, unit tests, and a reusable decorator.

Building a Translations Dashboard In Wagtail

Built a custom Wagtail dashboard using wagtail localize to list original pages, show per locale translation percentages, and add filters and page explorer links.

Open source funding in 2025

Buttondown updates its open source funding and developer stack, continuing significant support for Django and Python while simplifying tooling and supply chain.

Upgrading Postgres Major, and Django model with Logical Replication.

Use Postgres logical replication to migrate from v13 to v16 with the new Django schema already applied and temporary columns to enable minimal downtime switchover.

We should all be using dependency cooldowns

Use dependency cooldowns (for example Dependabot or Renovate) to block most open source supply chain attacks by delaying new releases several days.

Django and Password Manager SDKs

A look at how Django could integrate with modern password-manager SDKs—like Bitwarden and 1Password—to securely store dynamic API credentials using pluggable secret backends instead of plain database fields.

Setting secrets in env vars

Use 1Password CLI with direnv on macOS to load secrets into ephemeral environment variables and avoid long lived tokens, prefer PyPI Trusted Publishing.

The varying strictness of TypedDict

Python 3.15 TypedDict introduces closed and extra_items to forbid unknown keys or type them, resolving Mapping compatibility issues with strict type checkers.

Why your mock breaks later

Patch dependencies where your code imports them rather than builtins to avoid global side effects that break tools like coverage.py and other tests.

Events

PyCascades 2026

PyCascades 2026 is March 21 & 22 in Vancouver, British Columbia.

Podcasts

Django Chat #190: AI in the Real World - Marlene Mhangami & Tim Allen

Marlene and Tim both gave talks on AI at the recent DjangoCon US conference, but with very different angles. In this episode, we discuss the real-world strengths and weaknesses of AI, how it is impacting developers' daily workflows, and also examples of AI failures. Marlene is a Senior Developer Advocate at Microsoft and Tim is the Principal Engineer at Wharton Research Data Services.

Projects

vintasoftware/django-ai-boost

A MCP server for Django applications, inspired by Laravel Boost.

adamghill/dj-waf

Add WAF rules to block known bots and malicious traffic for Django applications. Provides easy integration with popular WAF services like Cloudflare.