Good Morning! Today we’ll have updates about Python 3.12's release, a new PostgreSQL migration tool called pgroll that enables zero-downtime rollbacks, and Boomi's integration of conversational AI to automate app integration workflows. Read on to learn about the notable new features in Python 3.12, how pgroll simplifies database schema migrations, and how Boomi is using AI to accelerate integration processes.

— Forrest Knight & Meghanadh Vasireddy

Python 3.12.0: Exciting New Updates and Features

Python 3.12.0, the latest stable release of the Python programming language, brings a mix of new features, improvements, and optimizations to enhance the overall performance and efficiency of the language. Here are some of the most notable updates:

New Grammar Features and Interpreter Improvements: Python 3.12.0 introduces new grammar features and interpreter improvements that make the language more powerful and efficient for developers.

New Typing Features: The new release includes new typing features that make it easier for developers to work with generic classes.

Improved Error Messages: Python 3.12.0 offers even more improved error messages, with more exceptions potentially caused by typos now making suggestions to the user.

Important Deprecations, Removals, or Restrictions: Some significant changes in Python 3.12.0 include the removal of the `distutils` package and the `wstr` from Unicode. Developers are advised to refer to the official documentation for guidance on replacing the `distutils` package[.

Pending Removal in Python 3.13: Several modules and APIs have been deprecated in earlier Python releases and will be removed in Python 3.13.

Build Changes: Python 3.12.0 introduces build changes that improve the overall performance and efficiency of the language.

Call to Action: Python 3.12.0 is now available, and developers are encouraged to prepare their projects for compatibility with this new release. Maintainers of third-party Python projects should publish Python 3.12 wheels on PyPI to be ready for the final release of 3.12.0.

Read More Here

Introducing pgroll: Zero-Downtime, Reversible Schema Migrations for Postgres

Xata has recently introduced pgroll, a command-line tool that offers safe and reversible schema migrations for PostgreSQL databases. This tool aims to simplify the process of updating database schemas while minimizing downtime and ensuring that previous versions remain functional during the migration process.

How pgroll Works: Pgroll uses the expand and contract pattern to evolve the database schema, automating its entire lifecycle behind an easy-to-use command-line interface. It creates different views in different schemas that map appropriately to underlying tables. By leveraging table views pointing to the right columns, pgroll can expose new parts of the schema and hide the old parts before safely removing them after the migration is completed.

One of the key features of pgroll is its ability to perform automatic backfills when needed, abstracting the problem away while keeping things transparent. For example, a complex migration might involve updating a column to add a constraint. Pgroll allows users to define schema migrations using a high-level JSON format and then takes care of executing them.

Benefits of Using pgroll

• Zero-downtime: Pgroll ensures that both old and new schemas can work simultaneously during the migration process, minimizing downtime.

• Reversible migrations: If the new version of the app or schema doesn't behave as expected, users can simply rollback the commit and undo the migration. Pgroll guarantees that the previous version will still be functional during the entire process.

• Simplified workflow: Pgroll automates the migration process, making it easier for developers to manage schema changes.

Read More Here

Boomi Platform Introduces Conversational AI for App Integration

Boomi, a leading provider of cloud-based integration platforms, has enhanced its connectivity and integration platform with Boomi GPT, a conversational AI that enables customers to automate tasks within the Boomi platform. Trained on data from over 200 million of Boomi's integrations, Boomi GPT allows users to connect applications, data, processes, people, and devices more efficiently.

Similar to ChatGPT, users provide a prompt in English, and the AI generates an outline of the requested integration, which can be accepted or modified further. This new solution aims to help companies overcome challenges such as data fragmentation from siloed systems, lack of governance, lack of skilled workers, and security and compliance requirements.

Boomi GPT is part of Boomi AI, a suite of AI capabilities announced earlier this year. Ed Macosky, Chief Product and Technology Officer at Boomi, stated that Boomi AI can "dramatically accelerate and democratize" integration and connection work, turning natural language requests into integrations that are crucial for application modernization and cloud migration.

Read More Here

GitHub Repos Targeted by Info-Stealing Commits Disguised as Dependabot

GitHub repositories have recently been targeted by a malicious campaign that inserts fake Dependabot contributions to steal authentication secrets and passwords from developers. The attack, which began in July 2023, involved hackers breaching GitHub accounts and injecting malicious code into hundreds of public and private repositories. The fake Dependabot commits were made possible using stolen GitHub access tokens, with the attackers' goal being to steal the project's secrets.

What is Dependabot?: Dependabot is an automated tool provided by GitHub that scans projects for vulnerable dependencies and automatically issues pull requests to install updated versions. It helps developers identify and address vulnerabilities in their code.

How the Attack Unfolded: The attackers obtained their targets' personal GitHub access tokens, although the method of acquisition remains unclear. They then used automated scripts to create fake commit messages titled "fix" that appeared to be by the user account "dependabot[bot]". These commits introduced malicious code into the project, which performed two actions:

1. Extract secrets from the targeted GitHub project and send them to the attacker's command and control server.

2. Modify existing JavaScript files in the breached repository to add malware that steals passwords from web-form submissions.

Read More Here

Was this forwarded to you? Sign Up Here