Feeds
Matt Layman: An Opinionated Introduction to CI/CD
ImageX: Exploring the Drupal 11 Release: New Features and Major Enhancements
Authored by Nadiia Nykolaichuk.
Drupal 11.0.0 has been successfully released as a new major Drupal version which is very exciting news for everyone using Drupal or thinking about making the switch! This flexible, accessible, powerful, integration-ready, and secure CMS has transformed even more on the way from Drupal 10 to Drupal 11.
Dries Buytaert: Introducing Drupal Starshot's product strategy
I'm excited to share the first version of Drupal Starshot's product strategy, a document that aims to guide the development and marketing of Drupal Starshot. To read it, download the full Drupal Starshot strategy document as a PDF (8 MB).
This strategy document is the result of a collaborative effort among the Drupal Starshot leadership team, the Drupal Starshot Advisory Council, and the Drupal Core Committers. We also tested it with marketers who provided feedback and validation.
Drupal Starshot and Drupal CoreDrupal Starshot is the temporary codename for an initiative that extends the capabilities of Drupal Core. Drupal Starshot aims to broaden Drupal's appeal to marketers and a wider range of project budgets. Our ultimate goal is to increase Drupal's adoption, solidify Drupal's position as a leading CMS, and champion an Open Web.
For more context, please watch my DrupalCon Portland keynote.
It's important to note that Drupal Starshot and Drupal Core will have separate yet complementary product strategies. Drupal Starshot will focus on empowering marketers and expanding Drupal's presence in the mid-market, while Drupal Core will prioritize the needs of developers and more technical users. I'll write more about the Drupal Core product strategy in a future blog post once we have finalized it. Together, these two strategies will form a comprehensive vision for Drupal as a product.
Why a product strategy?By defining our goals, target audience and necessary features, we can more effectively guide contributors and ensure that everyone is working towards a common vision. This product strategy will serve as a foundation for our development roadmap, our marketing efforts, enabling Drupal Certified Partners, and more.
Drupal Starshot product strategy TL;DRFor the detailed product strategy, please read the full Drupal Starshot strategy document (8 MB, PDF). Below is just a summary.
Drupal Starshot aims to be the gold standard for marketers that want to build great digital experiences.
We'd like to expand Drupal's reach by focusing on two strategic shifts:
- Prioritizing Drupal for content creators, marketers, web managers, and web designers so they can independently build websites. A key goal is to empower these marketing professionals to build and manage their websites independently without relying on developers or having to use the command line or an IDE.
- Extending Drupal's presence in the mid-market segment, targeting projects with total budgets between $30,000 and $120,000 USD (€25,000 to €100,000).
Drupal Starshot will differentiate itself from competitors by providing:
- A thoughtfully designed platform for marketers, balancing ease of use with flexibility. It includes smart defaults, best practices for common marketing tasks, marketing-focused editorial tools, and helpful learning resources.
- A growth-oriented approach. Start simple with Drupal Starshot's user-friendly tools, and unlock advanced features as your site grows or you gain expertise. With sophisticated content modeling, efficient content reuse across channels, and robust integrations with other leading marketing technologies, ambitious marketers won't face the limitations of other CMSs and will have the flexibility to scale their site as needed.
- AI-assisted site building tools to simplify complex tasks, making Drupal accessible to a wider range of users.
- Drupal's existing competitive advantages such as extensibility, scalability, security, accessibility, multilingual support, and more.
The product strategy is a living document, and we value input. We invite you to share your thoughts, suggestions, and questions in the product strategy feedback issue within the Drupal Starshot issue queue.
Get involvedThere are many opportunities to get involved with Drupal Starshot, whether you're a marketer, developer, designer, writer, project manager, or simply passionate about the future of Drupal. To learn more about how you can contribute to Drupal Starshot, visit https://drupal.org/starshot.
Thank youI'd like to thank the Drupal Starshot leadership team, the Drupal Starshot Advisory Council, and the Drupal Core Committers for their input on the strategy. I'm also grateful for the marketers who provided feedback on our strategy, helping us refine our approach.
PyCoder’s Weekly: Issue #641 (Aug. 6, 2024)
#641 – AUGUST 6, 2024
View in Browser »
This post is Bite Code’s monthly summary, but the lead story happened just days ago. In line with a 7 year old deprecation, setuptools finally removed the ability to call its test command. Many packages promptly broke. The following day the change was undone.
BITE CODE!
In this step-by-step tutorial, you’ll learn how to create an installable Django app. You’ll cover everything you need to know, from extracting your app from a Django project to turning it into a package that’s available on PyPI and installable through pip.
REAL PYTHON
Let Judoscale solve your scaling issues. We support Django, Flask, and FastAPI, and we also autoscale your Celery and RQ task queues. Traffic spike? Scaled up. Quiet night? Scaled down. Work queue backlog? No problem →
JUDOSCALE sponsor
Talk Python interviews David Lord, the lead maintainer of the Pallets open source organization which is responsible for Flask, Jinja, and Click. They talk about the latest for the org and Flask.
TALK PYTHON podcast
Scouring an open source project’s issues can lead to an open source contribution, but there is often an overwhelming amount of issues to sift through. In this article, Stefanie shares her tips for navigating an open source project’s issue tracker to find something to work on.
STEFANIE MOLIN • Shared by Stefanie Molin
In this tutorial, you’ll learn how to read and write JSON-encoded data in Python. You’ll begin with practical examples that show how to use Python’s built-in “json” module and then move on to learn how to serialize and deserialize custom data.
REAL PYTHON
Testing an application that reads files from a disk can be complicated. It may depend on the machine, require special access, or be frustratingly slow. This course shows you how to simulate a text file using Python to simplify testing.
REAL PYTHON course
This is a description of how Joshua uses Python in a package-centric way to organize his approach to data analyses. This is a system he has evolved while working on his computational biology Ph.D. and working in industry.
JOSHUA COOK • Shared by Joshua Cook
In this tutorial, you’ll learn about the main tools for string formatting in Python, as well as their strengths and weaknesses. These tools include f-strings, the .format() method, and the modulo operator.
REAL PYTHON
Python’s json.tool command-line interface pretty prints your JSON. Have you ever wondered why it is in json.tool instead of the module directly? This article explains the history behind this module.
TREY HUNNER
Recently, the PSF board was alerted to a flaw in the bylaws that could expose the foundation to unbounded financial liability. As such, a board driven change has been instituted.
PYTHON SOFTWARE FOUNDATION
This opinion piece outlines why the culture of rapid delivery has eroded quality engineering. It talks about how we got where we are and what should be done instead.
PAO RAMEN
The git log command has arguments you can use to examine just part of a commit. This article shows you how to trace the changes to a single Python function.
JOËL PERRAS
This post introduces you to the new tea-tasting project that lets you do statistical analysis on your A/B tests.
EVGENY IVANOV
August 7, 2024
REALPYTHON.COM
August 8 to August 9, 2024
MEETUP.COM
August 9 to August 11, 2024
PYTHONNORDESTE.ORG
August 10 to August 11, 2024
NOKIDBEHIND.ORG
August 10, 2024
MEETUP.COM
August 10, 2024
MEETUP.COM
Happy Pythoning!
This was PyCoder’s Weekly Issue #641.
View in Browser »
[ Subscribe to 🐍 PyCoder’s Weekly 💌 – Get the best Python news, articles, and tutorials delivered to your inbox once a week >> Click here to learn more ]
FSF Blogs: Call for volunteers: Help us with the GNU Press shop and new member mailings
Call for volunteers: Help us with the GNU Press shop and new member mailings
Acquia Developer Portal Blog: Changing to Drupal and Maintaining Search Engine Rankings
So you’ve decided to change to Drupal, or maybe you are making a major upgrade from a really old version of Drupal to a more modern one and you are concerned about your SEO.
Changing content management systems will impact your search engine optimization (SEO), but with careful consideration and planning this can be a positive change rather than a negative one.
What is SEOThere are many misconceptions about search engine optimization, and part of that is because the industry has often been cast in a negative light. Really SEO is the process of making sure your website meets certain guidelines and standards so search engines can understand its content, relevance, and value to users.
GUAC adopts license metadata from ClearlyDefined
The software supply chain just gained some transparency thanks to an integration of the Open Source Initiative (OSI) project, ClearlyDefined, into GUAC (Graph for Understanding Artifact Composition), an OpenSSF project from the Linux Foundation. GUAC provides a comprehensive mapping of software packages, dependencies, vulnerabilities, attestations, and more, allowing organizations to achieve better compliance and security of their software supply chain.
GUAC offers the full view of the supply chainSoftware supply chain attacks are on the rise. Many tools are available to help generate software bills of materials (SBOMs), signed attestations and vulnerability reports, but they stop there, leaving users to figure out how they all fit together. GUAC provides an aggregated, queryable view across the whole software supply chain, not just one SBOM at a time.
GUAC is for developers, operations and security practitioners who need to identify and address problems in their software supply chain, including proactively managing dependencies and responding to vulnerabilities. GUAC provides supply chain observability with a graph view of the software supply chain and tools for performing queries to gain actionable insights.
GUAC enhanced with ClearlyDefined integrationThe latest version of GUAC (v0.8.0) now provides support for ClearlyDefined. GUAC will query the ClearlyDefined license metadata store to discover license information for packages, even when the SBOM does not include that information.
A ClearlyDefined certifier will listen on collector-subscriber for any pkg/src strings, then convert to ClearlyDefined coordinates, then query the API service for the definition. The user agent will be the same as existing outgoing GUAC requests GUAC/<version> (e.g. GUAC/v0.1.0).
A CertifyLegal node will be created using the “licensed” “declared” field from the definition. The expression will be copied and any license identifiers found will result in linked License noun nodes, created if needed. Type will be “declared”. Justification will be “Retrieved from ClearlyDefined”. Time will be the current time the information was retrieved from the API.
Similarly a node will be created using the “licensed” “facets” “core” “discovered” “expressions” field. Multiple expressions will be “AND”ed together. Type will be “discovered”, and other fields the same (Time, Justification, License links, etc).
The “licensed” “facets” “core” “attribution” “parties” array will be concatenated and stored in the Attribution field on CertifyLegal.
Optionally, “described” “sourceLocation” can be used to create a HasSourceAt GUAC node.
Thanks to the communityAlthough licenses don’t directly impact security, they are an important part of understanding the software supply chain. We would like to thank Parth Patel (Kusari), Jeff Mendoza (Kusari), Ben Cotton (Kusari), and Qing Tomlinson (SAP) for their support to get this feature implemented in GUAC. The ClearlyDefined community looks forward to working together with the GUAC community to help organizations worldwide to better achieve compliance and security of their software supply chain.
The Drop Times: Resurrected with Resilience: Dallas Ramsden's Drupal Legacy
Drupal Association blog: Preparing for Drupal 7 End of Life: Key Steps to Take Now
As the end-of-life (EOL) for Drupal 7 approaches on 5 January 2025, site owners must adequately prepare to guarantee their websites' continued security, functionality, and compliance. Here, we outline the key steps to navigate this transition smoothly.
1. Conduct a Comprehensive Site AuditA thorough site audit is the first step in preparing for Drupal 7's EOL. This process involves:
-
Inventorying Content and Modules: List all content types, modules, themes, and custom code currently in use.
-
Assessing Module Usage: Identify which modules are essential and which can be replaced or eliminated.
-
Checking for Unsupported Modules: Determine if any modules are already unsupported and look for alternative solutions.
-
Evaluating Performance: Analyze site performance to identify any bottlenecks or issues that need addressing during the migration.
With a clear understanding of your site's current state, the next step is to plan your migration strategy. Key considerations include:
-
Choosing the Right Drupal Version: While Drupal 11 is the latest version, you may need to evaluate if an interim upgrade to Drupal 10 is more feasible.
-
Timeline and Budget: Estimate the time and resources required for the migration. Consider factors such as the complexity of your site, the number of custom modules, and the need for design changes.
-
Engaging Stakeholders: Communicate the migration plan with all relevant stakeholders, including developers, content creators, and business leaders, to ensure alignment and support.
-
Extended Long-Term Support: If your migration plan has an unsupported gap, consider utilizing HeroDevs Drupal 7 Never-Ending Support, a secure drop-in replacement for Drupal 7. HeroDevs’ service provides security, compliance, and compatibility updates as you plan your migration. As additional partners join the program, options will be listed in the Migration Resource Center.
Migrating from Drupal 7 to a newer version is a complex task that often requires professional assistance. Selecting a certified migration partner who will provide the expertise and experience needed to ensure a successful transition. Look for partners who:
-
Have Proven Experience: Check for case studies or references from similar migration projects.
-
Offer Comprehensive Services: Ensure they can handle all aspects of the migration, from planning and execution to post-migration support.
-
Understand Your Industry: Partners familiar with your industry can provide more tailored solutions and insights.
Ensure your hosting environment is ready for the new Drupal version. This may involve:
-
Upgrading PHP and MySQL Versions: Verify that your hosting provider supports the PHP and MySQL versions required by your new version of Drupal
-
Evaluating Server Performance: Ensure your server infrastructure can handle the new site's requirements, especially if you expect increased traffic or enhanced functionality.
-
Considering a New Hosting Provider: If your current provider doesn't meet the requirements, consider migrating to a provider specializing in hosting Drupal sites.
Before starting the migration, create a full backup of your site. This ensures you have a fallback option in case anything goes wrong. Additionally, set up a testing environment to:
-
Run Migration Tests: Perform a dry run of the migration process to identify and resolve potential issues.
-
Validate Functionality: Test all aspects of the site, including custom modules and integrations, to ensure everything works as expected post-migration.
-
User Acceptance Testing (UAT): Engage end-users to test the site and provide feedback on any usability or functionality issues.
With all preparations in place, proceed with the migration. Follow a phased approach to minimize disruption:
-
Migrate in Stages: Consider migrating in stages, starting with less critical sections of the site to ensure a smooth transition.
-
Monitor Progress: Continuously monitor the migration process to quickly address any issues that arise.
-
Communicate Changes: Keep all stakeholders informed about the migration progress and any potential downtime or changes.
After the migration, there are a few additional steps to ensure long-term success:
-
Conduct a Final Site Audit: Verify that all content, modules, and functionality have been successfully migrated and are working correctly.
-
Optimize Performance: Implement performance optimizations to ensure the new site runs efficiently.
-
Plan for Ongoing Maintenance: Establish a plan for regular updates, backups, and security monitoring to keep the site secure and up-to-date.
Preparing for Drupal 7's end-of-life requires careful planning and execution. By conducting a comprehensive site audit, planning your migration strategy, selecting a certified migration partner, updating your hosting environment, and following through with testing and execution, you can ensure a smooth transition to a more modern, secure, and efficient version of Drupal. Taking these steps now will help future-proof your website and provide a solid foundation for continued success.
Real Python: Interacting With REST APIs and Python
There’s an amazing amount of data available on the Web. Many web services, like YouTube and GitHub, make their data accessible to third-party applications through an application programming interface (API). One of the most popular ways to build APIs is the REST architecture style. Python provides some great tools not only to get data from REST APIs but also to build your own Python REST APIs.
In this video course, you’ll learn:
- What REST architecture is
- How REST APIs provide access to web data
- How to consume data from REST APIs using the requests library
- What steps to take to build a REST API
- What some popular Python tools are for building REST APIs
[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]
FSF Events: Free Software Directory meeting on IRC: Friday, August 9, starting at 12:00 EDT (16:00 UTC)
Django Weblog: Django security releases issued: 5.0.8 and 4.2.15
In accordance with our security release policy, the Django team is issuing releases for Django 5.0.8 and Django 4.2.15. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible.
CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat()The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.
Thanks to Elias Myllymäki for the report.
This issue has severity "moderate" according to the Django security policy.
CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize()The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
Thanks to MProgrammer for the report.
This issue has severity "moderate" according to the Django security policy.
CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidgetThe urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
Thanks to Seokchan Yoon for the report.
This issue has severity "moderate" according to the Django security policy.
CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list()QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
Thanks to Eyal Gabay of EyalSec for the report.
This issue has severity "moderate" according to the Django security policy.
Affected supported versions- Django main branch
- Django 5.1 (currently at release candidate status)
- Django 5.0
- Django 4.2
Patches to resolve the issue have been applied to Django's main, 5.1, 5.0, and 4.2 branches. The patches may be obtained from the following changesets.
CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat()- On the main branch
- On the 5.1 branch
- On the 5.0 branch
- On the 4.2 branch
- On the main branch
- On the 5.1 branch
- On the 5.0 branch
- On the 4.2 branch
- On the main branch
- On the 5.1 branch
- On the 5.0 branch
- On the 4.2 branch
- On the main branch
- On the 5.1 branch
- On the 5.0 branch
- On the 4.2 branch
- Django 5.0.8 (download Django 5.0.8 | 5.0.8 checksums)
- Django 4.2.15 (download Django 4.2.15 | 4.2.15 checksums)
The PGP key ID used for this release is Sarah Boyce: 3955B19851EA96EF
General notes regarding security reportingAs always, we ask that potential security issues be reported via private email to security@djangoproject.com, and not via Django's Trac instance, nor via the Django Forum, nor via the django-developers list. Please see our security policies for further information.
Stefanie Molin: Common Pre-Commit Errors and How to Solve Them
Daniel Roy Greenfeld: TIL: Parsing messy datetimes strings
How to convert inconsistent datetime strings into datetime objects.
Recently I've been working on yet another rewrite of my blog, this time to FastHTML. Thanks to the power and ease of that framework, that took about 45 minutes to replicate all the web pages of my blog. Wahoo!
Alas, the atom/rss feeds took quite a bit longer.
For the atom/rss feeds I chose to use the venerable Feedgen library. The challenge there is that Feedgen is rightfully particular about the datetime objects it accepts. And over the years as this site has had 650 posts added the timestamps have become rather inconsistent in their format. On that issue I fully blame the author, who unfortunately is me.
In any case, I wrote a little Python function that handles it in a timezone aware way using the dateutils.parser() functon that I learned.
# Python stdlib from datetime import datetime from dateutils import parser # You'll need to install the pytz dependency import pytz def convert_dtstr_to_dt(date_str: str) -> datetime: """ Convert a naive or non-naive date/datetime string to a datetime object. Naive datetime strings are assumed to be in GMT (UTC) timezone. """ try: dt = parser.parse(date_str) if dt.tzinfo is None: # If the datetime object is naive, set it to GMT (UTC) dt = dt.replace(tzinfo=pytz.UTC) return dt except (ValueError, TypeError) as e: Raise Exception(f"Error parsing date string: {e}")Original source code here.
Note: As of publishing, this article is still on my old blog. The DNS switchover to the FastHTML version of my blog happens later this week.
Specbee: How to split configurations across different sites in Drupal 10
Akansha Tech Journal: Inside the Codebase: A Deep Dive into Drupal Rag Integration
Python Bytes: #395 pythont compatible packages
Akademy 2024 T-shirt online orders now open & in-person extended
Orders for the Akademy 2024 T-shirt for those attending online are now open till 29th September, these will be shipped after Akademy. For those attending in person the order deadline has been extended till Sunday 11th
Full details are on the Akademy 2024 T-shirt page
Mockup of Akademy 2024 T-shirt by Jens ReuterbergMike Driscoll: Create Amazing Progress Bars in Python with alive-progress
Have you ever needed a progress bar in your Python command-line application? One great way of creating a progress bar is to use the alive-progress package created by Rogério Sampaio de Almeida! Alive progress provides multiple different types of progress bars in your terminal or IPython REPL session. The alive progress package will work with any iterable, from lists to querysets, and more.
Let’s spend a little time learning how the alive-progress package works!
InstallationInstalling the alive-progress package is easy using the pip installer utility. Here is the command you should use in your terminal:
python -m pip install alive-progressPip will install the package and any dependencies it needs. The pip tool shouldn’t take very long to install alive-progress.
Example UsageThe alive-progress package comes with a great demo that you can use to see all the different types of progress bars that the package supports. Open up a Python REPL and run the following code:
from alive_progress.styles import showtime showtime()When you run this code, you will see something similar to the following:
There is another alive-progress demo that is a little different from the one above. You don’t need to use a Python REPL to run it though. Instead, you can open up your terminal application and run the following command:
python -m alive_progress.tools.demoWhen you run this command, you will see something like this:
https://www.blog.pythonlibrary.org/wp-content/uploads/2024/08/alive_demo.mp4The alive-progress GitHub page also shows several different code examples that demonstrate how to use alive-progress in your code. Here is one of the examples:
from alive_progress import alive_bar import time for x in 1000, 1500, 700, 0: with alive_bar(x) as bar: for i in range(1000): time.sleep(.005) bar()Here you loop over four different integer values and create a progress bar for each of them. Then you loop over a range of one thousand and the progress bars will run through to completion.
When you run this code in your terminal, you will see this output:
Check out the GitHub repository for more fun examples!
Wrapping UpThe alive-progress package is lots of fun. You can add progress bars to any of your regular Python scripts and see them visually in your applications. This can be especially useful for command-line utilities that you create as they will show the user how far along they are in processing the data.
Download the package and start tinkering today!
The post Create Amazing Progress Bars in Python with alive-progress appeared first on Mouse Vs Python.