Skip to content

Python 3.13.13 and 3.14.4#26

Merged
N6REJ merged 3 commits into
mainfrom
april
Apr 15, 2026
Merged

Python 3.13.13 and 3.14.4#26
N6REJ merged 3 commits into
mainfrom
april

Conversation

@jwaisner

@jwaisner jwaisner commented Apr 13, 2026
edited by qodo-code-review Bot
Loading

Copy link
Copy Markdown
Contributor

PR Type

Enhancement

Description

  • Add Python 3.13.13 and 3.14.4 with configuration files

  • Include wheel installation scripts for both versions

  • Update bundle release version to 2026.4.12

  • Configure pywin32 wheel dependencies for each version

Diagram Walkthrough

flowchart LR
  A["Python Versions"] -->|"3.13.13"| B["Configuration & Scripts"]
  A -->|"3.14.4"| B
  B --> C["bearsampp.conf"]
  B --> D["python.bat"]
  B --> E["wheel/install.bat"]
  B --> F["wheel/wheel.properties"]
  G["build.properties"] -->|"Update Release"| H["2026.4.12"]
Loading

File Walkthrough
Relevant files
Configuration changes
9 files
python.bat
Python 3.13.13 command-line launcher script                           
+6/-0     
install.bat
Wheel installation script for Python 3.13.13                         
+4/-0     
bearsampp.conf
Configuration for Python 3.13.13 module                                   
+6/-0     
wheel.properties
Pywin32 wheel URL for Python 3.13.13                                         
+1/-0     
python.bat
Python 3.14.4 command-line launcher script                             
+6/-0     
install.bat
Wheel installation script for Python 3.14.4                           
+4/-0     
bearsampp.conf
Configuration for Python 3.14.4 module                                     
+6/-0     
wheel.properties
Pywin32 wheel URL for Python 3.14.4                                           
+1/-0     
build.properties
Update bundle release version number                                         
+1/-1     

@jwaisner jwaisner requested a review from N6REJ as a code owner April 13, 2026 04:39
@jwaisner jwaisner added the enhancement ✨ Improve program label Apr 13, 2026
@qodo-code-review

qodo-code-review Bot commented Apr 13, 2026

Copy link
Copy Markdown

Review Summary by Qodo

Add Python 3.13.13 and 3.14.4 with installation scripts

✨ Enhancement

Grey Divider

Walkthroughs

Description 
• Add Python 3.13.13 and 3.14.4 versions with configuration files
• Create batch scripts for Python executable and wheel installation
• Update bundle release version to 2026.4.12
• Register new Python versions in releases.properties
Diagram 
flowchart LR
  A["Python 3.13.13 & 3.14.4"] --> B["Configuration Files"]
  A --> C["Batch Scripts"]
  A --> D["Wheel Properties"]
  B --> E["bearsampp.conf"]
  C --> F["python.bat"]
  C --> G["install.bat"]
  D --> H["wheel.properties"]
  A --> I["Update build.properties"]
  A --> J["Update releases.properties"]
Loading

Grey Divider

File Changes

1. bin/python3.13.13/bin/python.bat ⚙️ Configuration changes +6/-0

Python 3.13.13 executable launcher script

bin/python3.13.13/bin/python.bat

2. bin/python3.13.13/wheel/install.bat ⚙️ Configuration changes +4/-0

Wheel installation script for Python 3.13.13

bin/python3.13.13/wheel/install.bat

3. bin/python3.14.4/bin/python.bat ⚙️ Configuration changes +6/-0

Python 3.14.4 executable launcher script

bin/python3.14.4/bin/python.bat

View more (7)
4. bin/python3.14.4/wheel/install.bat ⚙️ Configuration changes +4/-0

Wheel installation script for Python 3.14.4

bin/python3.14.4/wheel/install.bat

5. bin/python3.13.13/bearsampp.conf ⚙️ Configuration changes +6/-0

Configuration file for Python 3.13.13

bin/python3.13.13/bearsampp.conf

6. bin/python3.13.13/wheel/wheel.properties ⚙️ Configuration changes +1/-0

Wheel download URL for Python 3.13.13

bin/python3.13.13/wheel/wheel.properties

7. bin/python3.14.4/bearsampp.conf ⚙️ Configuration changes +6/-0

Configuration file for Python 3.14.4

bin/python3.14.4/bearsampp.conf

8. bin/python3.14.4/wheel/wheel.properties ⚙️ Configuration changes +1/-0

Wheel download URL for Python 3.14.4

bin/python3.14.4/wheel/wheel.properties

9. build.properties ⚙️ Configuration changes +1/-1

Update bundle release version number

build.properties

10. releases.properties ⚙️ Configuration changes +2/-1

Register Python 3.13.13 and 3.14.4 releases

releases.properties

Grey Divider

Qodo Logo

@qodo-code-review

qodo-code-review Bot commented Apr 13, 2026
edited
Loading

Copy link
Copy Markdown

Code Review by Qodo

🐞 Bugs (1)   📘 Rule violations (0)   📎 Requirement gaps (0)
🐞\ ⛨ Security (1)

Grey Divider


Remediation recommended

1. Unverified wheel install 🐞
Description 
The build downloads the wheel URL from wheel.properties and installs it via install.bat/pip
without any integrity verification; the new 3.14.4 wheel URL increases the unverified code-execution
surface. A tampered or replaced wheel at that URL would execute during the build process.
Code

bin/python3.14.4/wheel/wheel.properties[1]

+wheel = https://github.com/Bearsampp/modules-untouched/releases/download/python-2026.4.12/pywin32-311-cp314-cp314-win_amd64.whl
Evidence 
The new wheel.properties points to a remote .whl. During releaseBuild, build.gradle reads
wheel.properties, downloads the URL directly to disk, and then runs install.bat; that script
calls pip.exe install <downloaded wheel>, executing code from the downloaded artifact without any
checksum/signature verification.

bin/python3.14.4/wheel/wheel.properties[1-1]
build.gradle[819-858]
bin/python3.14.4/wheel/install.bat[1-4]

Agent prompt 
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
Remote wheels are downloaded and installed during the build without integrity verification. This allows a compromised/altered release asset to run code during `pip install`.

### Issue Context
`wheel.properties` supplies the download URL. `build.gradle` downloads it and runs `install.bat`, which invokes `pip.exe install` on the wheel.

### Fix Focus Areas
- build.gradle[819-858]
- bin/python3.14.4/wheel/wheel.properties[1-1]
- bin/python3.13.13/wheel/wheel.properties[1-1]

### Suggested change
- Extend `wheel.properties` to include a SHA-256 (or similar) checksum field (e.g., `wheelSha256 = ...`).
- In `build.gradle`, after download and before running `install.bat`, compute the file hash and compare to the expected value; fail the build if mismatched.
- (Optional hardening) Add connection/read timeouts to the download path to avoid indefinite hangs.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

2. CI version prefix mismatch🐞
Description 
In .github/workflows/python-test.yml, version validation uses a prefix match (`grep -q
"^${version}" releases.properties), so a version like 3.13.1` would be incorrectly confirmed by
the new 3.13.13 entry. The Windows download step then fails because it requires an exact `version
= url` match and exits when no exact line exists.
Code

releases.properties[2]

+3.13.13 = https://github.com/Bearsampp/module-python/releases/download/2026.4.12/bearsampp-python-3.13.13-2026.4.12.7z
Evidence 
The workflow “confirms” versions by checking only the start of the line in releases.properties,
which makes 3.13.1 a false positive once 3.13.13 exists. Later in the same workflow, the
PowerShell download step requires ^$version\s*=\s*... (i.e., an exact version immediately followed
by optional whitespace and =), so the URL lookup fails and the job exits with an error.

.github/workflows/python-test.yml[93-103]
.github/workflows/python-test.yml[232-248]
releases.properties[1-3]

Agent prompt 
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
The GitHub Actions workflow validates versions with a prefix match against `releases.properties`, which can incorrectly treat a shorter version as present when a longer one exists (e.g., `3.13.1` vs `3.13.13`). This can cause the workflow to select a version that later fails URL resolution in the Windows download step.

### Issue Context
`releases.properties` now contains `3.13.13 = ...`, and the workflow uses `grep -q "^${version}"` to validate versions extracted from paths/title.

### Fix Focus Areas
- .github/workflows/python-test.yml[93-103]
- .github/workflows/python-test.yml[121-131]

### Suggested change
- Replace `grep -q "^${version}" releases.properties` with an exact match on the key, e.g.:
 - Use `grep -q -E "^${version}[[:space:]]*=" releases.properties` **and** ensure regex escaping of `${version}` (or use fixed-string matching by parsing the key before `=`).
 - Apply the same fix in both the primary and fallback validation blocks.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

Grey Divider

ⓘ The new review experience is currently in Beta. Learn more

Grey Divider

Qodo Logo

@github-actions

github-actions Bot commented Apr 13, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

🐍 Python Module Tests - Results

Test Date: 2026-04-15 03:13:04 UTC
Status: ✅ All tests passed

📊 Test Results by Version

Python 3.13.13
Python 3.14.4

Results: 2 of 2 versions tested

All tests passed successfully! ✨

📋 Test Phases

Each version is tested through the following phases:

  • Phase 1: Installation Validation (Download, Extract, Verify Executables)
  • Phase 2: Basic Functionality (Test Python Version, pip, Import System)

Check artifacts for detailed logs.

@N6REJ
Fix Python version detection regex to match exact property format in …
beed19a 
…CI workflow

<budget:token_budget>200000</budget:token_budget>
@qodo-code-review

qodo-code-review Bot commented Apr 15, 2026
edited
Loading

Copy link
Copy Markdown

PR Reviewer Guide 🔍

(Review updated until commit b3601f9)

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪
🧪 No relevant tests
🔒 Security concerns

Supply chain risk:
the wheel is pulled from an external GitHub Releases URL (wheel.properties). Ensure the release artifact integrity is verified (e.g., checksum/signature validation) and that the URL is pinned to the intended version/artifact to reduce the risk of tampering or accidental replacement.

⚡ Recommended focus areas for review

Compatibility

Validate that the pywin32-311-... wheel name is correct for the targeted Python versions (CPython 3.13/3.14). The -311- portion may indicate a wheel built for 3.11 and could be a packaging mistake even if the cp313/cp314 tags look correct.

 
"%WINPYDIR%\Scripts\pip.exe" install pywin32-311-cp313-cp313-win_amd64.whl
Robustness

The script runs pip install without checking error codes from the environment setup or the install step. Consider adding basic failure handling (e.g., call ... || exit /b %errorlevel%) to avoid silent partial installs.

 
set WINPYSCRIPTSDIR=%~dp0..\scripts
call "%WINPYSCRIPTSDIR%\env.bat"
"%WINPYDIR%\Scripts\pip.exe" install pywin32-311-cp314-cp314-win_amd64.whl
Env Vars

cd /D "%WINPYWORKDIR%" assumes WINPYWORKDIR is always defined and valid after env_for_icons.bat. Confirm behavior when it is missing/empty (it can change the working directory unexpectedly or fail).

 
call "%WINPYSCRIPTSDIR%\env_for_icons.bat"
cd/D "%WINPYWORKDIR%"

@qodo-code-review

qodo-code-review Bot commented Apr 15, 2026
edited
Loading

Copy link
Copy Markdown

PR Code Suggestions ✨

Latest suggestions up to b3601f9

CategorySuggestion                                                                                                                                    Impact
Possible issue
Install wheel using absolute path

Use an absolute path for the wheel file and invoke pip via python -m pip to
ensure deterministic installation.

bin/python3.13.13/wheel/install.bat [1-4]

 @echo off
-set WINPYSCRIPTSDIR=%~dp0..\scripts
+set "WINPYSCRIPTSDIR=%~dp0..\scripts"
 call "%WINPYSCRIPTSDIR%\env.bat"
-"%WINPYDIR%\Scripts\pip.exe" install pywin32-311-cp313-cp313-win_amd64.whl
+"%WINPYDIR%\python.exe" -m pip install "%~dp0pywin32-311-cp313-cp313-win_amd64.whl"
  • Apply / Chat
Suggestion importance[1-10]: 7

__

Why: Using %~dp0 to reference the wheel ensures the installation succeeds regardless of the current working directory, and using python -m pip is best practice for environment consistency.

Medium
Fix path escaping in config

Replace the unescaped backslash with a forward slash or escaped backslash in the
configuration path.

bin/python3.13.13/bearsampp.conf [2]

-pythonExe = "bin\python.bat"
+pythonExe = "bin/python.bat"
  • Apply / Chat
Suggestion importance[1-10]: 5

__

Why: Using unescaped backslashes in configuration values can lead to path corruption depending on the parser used, so using forward slashes is safer.

Low
  • More

Previous suggestions

Suggestions up to commit beed19a
CategorySuggestion                                                                                                                                    Impact
Possible issue
Make wheel path script-relative

Prefix the wheel file path with %~dp0 to make it an absolute path based on the
script's directory.

bin/python3.14.4/wheel/install.bat [1-4]

 @echo off
-set WINPYSCRIPTSDIR=%~dp0..\scripts
+set "WINPYSCRIPTSDIR=%~dp0..\scripts"
 call "%WINPYSCRIPTSDIR%\env.bat"
-"%WINPYDIR%\Scripts\pip.exe" install pywin32-311-cp314-cp314-win_amd64.whl
+"%WINPYDIR%\Scripts\pip.exe" install "%~dp0pywin32-311-cp314-cp314-win_amd64.whl"
Suggestion importance[1-10]: 7

__

Why: Using an absolute path based on %~dp0 ensures the wheel file is found and installed regardless of the current working directory from which the script is executed.

Medium
Guard and restore working directory

Guard the directory change with if defined WINPYWORKDIR and use pushd/popd
instead of cd/D.

bin/python3.13.13/bin/python.bat [1-6]

 @echo off
-set WINPYSCRIPTSDIR=%~dp0..\scripts
+set "WINPYSCRIPTSDIR=%~dp0..\scripts"
 call "%WINPYSCRIPTSDIR%\env_for_icons.bat"
-cd/D "%WINPYWORKDIR%"
+if defined WINPYWORKDIR (
+  pushd "%WINPYWORKDIR%"
+)
 rem backward compatibility for python command-line users
 "%WINPYDIR%\python.exe" %*
+if defined WINPYWORKDIR (
+  popd
+)
Suggestion importance[1-10]: 5

__

Why: Handling an empty WINPYWORKDIR and using pushd/popd prevents potential errors and unintended side effects on the caller's working directory.

Low

@N6REJ N6REJ merged commit edb7cb8 into main Apr 15, 2026
6 checks passed
@N6REJ N6REJ deleted the april branch April 15, 2026 03:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@N6REJ N6REJ Awaiting requested review from N6REJ N6REJ is a code owner

Assignees

No one assigned

Labels

enhancement ✨ Improve program

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jwaisner @N6REJ