Python This Week — June 22, 2026: 3.15 Beta 3, uv Ships Twice, and EuroPython Counts Down

Welcome to this week's Python roundup. It's a tooling-and-testing kind of week: the 3.15 beta cadence rolls on, Astral's uv shipped twice in two days, a fresh wave of PyPI supply-chain attacks pushed security back into the spotlight, and EuroPython 2026 hit the one-month mark.

Python 3.15.0 beta 3 is due June 23

The next preview of Python 3.15, beta 3, is scheduled to land on June 23 — the third checkpoint since the feature freeze arrived with beta 1 on May 7 and beta 2 followed on June 2. With the feature set now locked, the headline additions for 3.15 include a built-in sentinel (PEP 661), explicit lazy imports (PEP 810), a frozendict built-in (PEP 814), and UTF-8 as the default encoding (PEP 686), alongside an 8–9% JIT speedup on x86-64 Linux. The release-candidate phase opens August 4, with the final release expected this fall. Now is the time to test your code against the beta while regressions can still be fixed. source

Astral's uv ships 0.11.22 and 0.11.23

The Rust-based Python package manager uv had a busy week, releasing 0.11.22 on June 18 and 0.11.23 on June 19. The 0.11.22 release teaches uv publish to upload wheels before sdists, adds TY and RUFF environment variables for pointing at custom binary paths, and lets you configure preview features directly in uv.toml and pyproject.toml. The very next day, 0.11.23 reverted a transparent Python-upgrade change to stop unintended breakage in pre-commit-uv — a reminder of how quickly the tool iterates. source

PyPI supply-chain attacks spur new malware tooling

Security researchers at Socket flagged a new wave of the "Shai-Hulud" supply-chain campaign on June 8, with 37 malicious releases across 19 science-focused PyPI packages — including bioinformatics tools like Dynamo, Spateo and CoolBox — that shipped a malicious .pth file and an obfuscated payload triggered the moment Python starts. The timing underscores why PEP 829 is starting to deprecate code execution from .pth files in 3.15. In response, Astral rolled out uv audit for scanning dependencies and experimental malware detection to block known-bad packages at install time. The lesson stands: pin, audit, and upgrade promptly. source

Python 3.14.6 and 3.13.14 maintenance releases

On the stable side, Python 3.14.6 and 3.13.14 arrived on June 10. The 3.14.6 release is the sixth maintenance update of the 3.14 series, bundling roughly 179 bug fixes, build improvements and documentation changes since 3.14.5. If you're running production workloads on either series, these are low-drama upgrades worth scheduling. source

EuroPython 2026 hits the one-month mark

With the conference now one month out (July 13–19 in Kraków), EuroPython published its full talk schedule and confirmed three more keynote speakers: Astral's William Woodruff, Microsoft and GitHub's Marlene Mhangami, and Amazon EC2's Imogen Wright — joining a lineup that already includes Guido van Rossum, Łukasz Langa and Pablo Galindo Salgado. Remote tickets opened on June 15, late-bird prices kick in June 26, and registration remains open for a full-day Rust Summit on Rust-and-Python tooling. source

That's the week in Python. Test the beta, audit your dependencies, and see you next week. 🐍