D-Strings Could End Your textwrap.dedent() Days and Other Python News for April 2026

Python 3.15.0 Alpha 7: Lazy Imports Land

Python 3.15.0a7 dropped on March 10, the second-to-last alpha before the beta freeze on May 5. The headline feature you can finally test is PEP 810, explicit lazy imports. The Steering Council accepted PEP 810 back in November, but this is the first alpha where the implementation is available to try.

The idea is straightforward: prefix any import statement with lazy, and the module won’t actually load until you first access an attribute on it:

lazy import json
lazy from datetime import timedelta

# The json module isn't loaded yet, so no startup cost

# Later, when you actually use it:
data = json.loads(payload)  # Now it loads

The PEP authors note that 17 percent of standard library imports are already placed inside functions to defer loading. Tools like Django’s management commands, Click-based CLIs, and codebases heavy on type checking often spend hundreds of milliseconds on imports they might never use. Lazy imports make that optimization explicit and clean, without scattering imports deep inside function bodies.

Security Releases: Python 3.12.13, 3.11.15, and 3.10.20

On March 3, Thomas Wouters released security-only patches across three older Python branches. The updates fix several CVEs, including two XML parsing vulnerabilities (CVE-2026-24515 and CVE-2026-25210), patched by upgrading the bundled libexpat to 2.7.4. Additional fixes cover an XML memory amplification bug and the rejection of control characters in HTTP headers and URL parsing.

If you’re still running Python 3.12 or older in production, applying these patches is highly recommended. Python 3.12 is now in security-fixes-only mode, so no binary installers are provided. You’ll need to build from source.

PEP 822: Dedented Multiline Strings (D-Strings)

PEP 822, authored by Inada Naoki, proposes a new d"""...""" string prefix that automatically strips leading indentation from multiline strings, using the same algorithm as textwrap.dedent().

Anyone who’s written a multiline SQL query or help text inside a function and battled with indentation knows the pain:

import textwrap

# Before: awkward indentation or textwrap.dedent() wrapper
def get_query():
    return textwrap.dedent("""\
        SELECT name, email
        FROM users
        WHERE active = true
    """)

# With d-strings: clean and readable
def get_query():
    return d"""
        SELECT name, email
        FROM users
        WHERE active = true
    """

The d prefix combines with f, r, b, and even the upcoming t (template strings) prefixes. PEP 822 was submitted to the Steering Council on March 9 and targets Python 3.15, though a decision hasn’t landed yet. If you’ve ever wished Python strings would just handle indentation for you, this one’s worth keeping an eye on.

Other PEPs in Progress

The Steering Council has a busy review queue this month:

• PEP 803 proposes an abi3t stable ABI variant for free-threaded builds, so extension authors can ship a single wheel for both GIL-enabled and GIL-disabled Python.
• PEP 806 would let you mix synchronous and asynchronous context managers in a single with statement, eliminating the “staircase of doom” of nested async with blocks.
• PEP 820 redesigns the C API slot mechanism with a new PySlot tagged union. The C API Working Group voted 4–0 to recommend acceptance.

Keep an eye on these proposals—any of them could move forward before the beta freeze in May.

Python Insider Blog Moves to blog.python.org

After years on Blogger, the Python Insider blog has a new home. On March 3, Jacob Coffee announced that all 307 historical posts have been migrated to blog.python.org, with old URLs redirecting automatically.

The new site runs on Astro for static generation with Tailwind CSS for styling, deployed through GitHub Actions. The biggest practical change is that contributors can now submit blog posts as pull requests using plain Markdown rather than needing a Google account. It’s a small but meaningful modernization of Python’s community infrastructure.

The Great Empty Set Debate: PEP 802

Python syntax discussions can definitely generate a lot of heat. Have a look at PEP 802. With 185 discussion replies and counting, this proposal for {/} as an empty set literal has become one of the most debated PEPs of the year.

The pitch is straightforward: {} creates an empty dict, [] creates an empty list, but there’s no literal for an empty set. You have to write set(). PEP 802 proposes {/}, echoing the mathematical empty-set symbol. The community is split on whether this is elegant or confusing, and no Steering Council decision has been announced.

PSF Meetup Pro Network Reopens

The Python Software Foundation (PSF) reopened applications for its Meetup Pro Network, which covers subscription fees for qualifying Python meetup groups. The PSF currently sponsors 109 groups at $15/month each. To qualify, groups need to focus on Python content, maintain a Code of Conduct, and host at least two events per year.

uv 0.11.0: A TLS Overhaul Under the Hood

Just weeks after the 0.10.0 breaking-changes release covered last month, uv 0.11.0 was released on March 23, this time focused on the networking stack. The underlying HTTP client was upgraded to reqwest v0.13, swapping in rustls-platform-verifier—which delegates TLS validation to your OS’s security framework—while replacing the ring cryptography backend with aws-lc.

Most Python developers won’t notice a difference, but if you’re behind a corporate proxy or use custom CA certificates, test before upgrading. The --native-tls flag is deprecated in favor of a new --system-certs flag.

Black 26.3.0: Windows Gets Faster

Black 26.3.0 brings winloop as a Windows event-loop backend, pushing formatting performance closer to parity with uvloop on Linux and macOS. The same speedup extends to blackd. The release also fixes a data-corruption bug where non-UTF-8 files could be double-decoded, which is one of those fixes that make you glad someone caught it. A quick follow-up in 26.3.1 patched a Jupyter notebook cell-magic masking bug.

Other Notable Releases

• Ruff shipped four releases across March: 0.15.5–0.15.8, adding default Markdown file discovery in preview mode and recognizing pyrefly: as a pragma comment. Ruff 0.15.5 also migrated publishing to Astral’s own release mirror.
• NumPy released 2.4.3 and 2.4.4 to fix a threading race condition in OpenBLAS on ARM architectures that had been causing crashes in concurrent workloads.
• SQLAlchemy released 2.0.48 to address a critical engine bug where connection arguments could be shared across concurrent connections, which is especially dangerous for applications using token-based authentication.
• Polars continued its rapid weekly release cadence with four patch releases in March. The latest version is 1.39.3.

OpenAI Launches GPT-5.4 With Tool Search

OpenAI released GPT-5.4 on March 5 with a one-million-token context window and a feature that changes how agentic workflows handle tools: tool search. Instead of cramming all tool definitions into your system prompt, the model can now look up tool schemas on demand, cutting token usage in multi-tool systems.

Building on the SDK updates covered last month, the Python SDK shipped five more releases in March (v2.25–v2.29) to support the new model. Other additions include a GA ComputerTool class for computer use, Sora API improvements, custom voices for the TTS API, and two smaller model variants (gpt-5.4-mini and gpt-5.4-nano) that dropped on March 17.

PyTorch 2.11.0: FlashAttention-4 and a CUDA Shift

Following the TorchScript deprecation in PyTorch 2.10 covered in February, PyTorch continued its rapid evolution.

PyTorch 2.11.0 shipped on March 23. The big additions include FlashAttention-4 support on Hopper and Blackwell GPUs through FlexAttention, differentiable collectives for distributed training, and expanded MPS operator coverage for Apple Silicon with Metal 4 support.

The change most likely to affect your workflow is that PyPI wheels now ship with CUDA 13.0 by default. Volta (V100) support has been dropped from CUDA 12.8+ binaries, so if you’re running older hardware, you’ll need CUDA 12.6 builds. TorchScript’s ONNX export fallback was also removed, so if you’ve been relying on it, now’s the time to switch to torch.export.

vLLM Ships Two Major Releases

Hot on the heels of the v0.16.0 WebSocket release covered last month, vLLM had a productive March, shipping both v0.17.0 on March 7 and v0.18.0 on March 20. Highlights include gRPC serving via the new --grpc flag, a --performance-mode knob for quick deployment tuning, GPU-less multimodal preprocessing with vllm launch render, and smart KV cache CPU offloading.

The most significant change is that Ray is no longer a default dependency. If your vLLM deployment uses Ray for distributed serving, you’ll need to install it explicitly after upgrading.