Workflow

Guarddog

Latest version: v2.5.0

Safety actively analyzes 723717 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 7 of 9

1.1.4

What's Changed

Minor enhancements and bug fixes:
* Detect when join(...) is used in exec/eval/... functions by romain-dd in https://github.com/DataDog/guarddog/pull/207
* Bump tarsafe version to benefit from a performance improvement by christophetd in https://github.com/DataDog/guarddog/pull/209
* Allow specifying a location where to cache top packages by christophetd in https://github.com/DataDog/guarddog/pull/213

Chores:
* Bump platformdirs from 3.0.0 to 3.1.1 by dependabot in https://github.com/DataDog/guarddog/pull/203
* Bump urllib3 from 1.26.14 to 1.26.15 by dependabot in https://github.com/DataDog/guarddog/pull/201
* Bump setuptools from 67.4.0 to 67.6.0 by dependabot in https://github.com/DataDog/guarddog/pull/202
* Bump typing-extensions from 4.3.0 to 4.5.0 by dependabot in https://github.com/DataDog/guarddog/pull/200
* Bump pathspec from 0.11.0 to 0.11.1 by dependabot in https://github.com/DataDog/guarddog/pull/208
* Bump platformdirs from 3.1.1 to 3.2.0 by dependabot in https://github.com/DataDog/guarddog/pull/211

New Contributors
* romain-dd made their first contribution in https://github.com/DataDog/guarddog/pull/207

**Full Changelog**: https://github.com/DataDog/guarddog/compare/v1.1.3...v1.1.4

1.1.3

What's Changed

Bug fixes:
* Fix integrity rule crash when a project does not have a homepage URL set (190) by christophetd in https://github.com/DataDog/guarddog/pull/199
* Fix 'potentially_compromised_email_domain' behavior when a package on… by christophetd in https://github.com/DataDog/guarddog/pull/198

Chores:
* Bump colorama from 0.4.5 to 0.4.6 by dependabot in https://github.com/DataDog/guarddog/pull/193
* Bump flake8 from 5.0.4 to 6.0.0 by dependabot in https://github.com/DataDog/guarddog/pull/196
* Bump pytest from 7.2.1 to 7.2.2 by dependabot in https://github.com/DataDog/guarddog/pull/192
* Bump tqdm from 4.64.0 to 4.65.0 by dependabot in https://github.com/DataDog/guarddog/pull/194
* Bump pathspec from 0.9.0 to 0.11.0 by dependabot in https://github.com/DataDog/guarddog/pull/195


**Full Changelog**: https://github.com/DataDog/guarddog/compare/v1.1.2...v1.1.3

1.1.2

What's Changed

Bug fixes:
* Fix JSON output (188)

Chores:
* Bump python-dotenv from 0.20.0 to 1.0.0 by dependabot in https://github.com/DataDog/guarddog/pull/184
* Bump setuptools from 67.3.2 to 67.4.0 by dependabot in https://github.com/DataDog/guarddog/pull/185
* Bump charset-normalizer from 2.1.0 to 2.1.1 by dependabot in https://github.com/DataDog/guarddog/pull/181
* Bump wcmatch from 8.4 to 8.4.1 by dependabot in https://github.com/DataDog/guarddog/pull/183


**Full Changelog**: https://github.com/DataDog/guarddog/compare/v1.1.1...v1.1.2

1.1.1

What's Changed

Enhancements:
* Catch code execution through exec(...(zlib.decompress(xxx)) by christophetd in https://github.com/DataDog/guarddog/pull/164
* Remove incorrect double quotes from semgrep rule for code-execution (closes 178) by christophetd in https://github.com/DataDog/guarddog/pull/179

Bug fixes:
* Fix duplicate bug in NPM typosquatting algorithm (fixes 131) by christophetd in https://github.com/DataDog/guarddog/pull/165
* Consider 'guarddog xxx scan .' a local target (fixes 175) by christophetd in https://github.com/DataDog/guarddog/pull/176

Chores:
* Bump setup-python versions and remove unused files by christophetd in https://github.com/DataDog/guarddog/pull/167
* Bump setuptools from 65.7.0 to 67.3.2 by dependabot in https://github.com/DataDog/guarddog/pull/173
* Bump urllib3 from 1.26.11 to 1.26.14 by dependabot in https://github.com/DataDog/guarddog/pull/171
* Bump mypy-extensions from 0.4.3 to 1.0.0 by dependabot in https://github.com/DataDog/guarddog/pull/172


**Full Changelog**: https://github.com/DataDog/guarddog/compare/v1.1.0...v1.1.1

1.1.0

What's Changed

New features:
* Create new heuristic to identify PyPI packages with a single Python file (closes 160) by christophetd in https://github.com/DataDog/guarddog/pull/162

Enhancements:
* Catch dynamic execution of base64-encoded code through `__import__` (fixes 157) by christophetd in https://github.com/DataDog/guarddog/pull/158

Bug fixes:
* Don't run Semgrep when no sourcecode rule should be run (fixes 161) by christophetd in https://github.com/DataDog/guarddog/pull/163
* Fix package extraction for namespaced npm packages (fixes 155) by christophetd in https://github.com/DataDog/guarddog/pull/156



Chores:
* Bump click-option-group from 0.5.3 to 0.5.5 by dependabot in https://github.com/DataDog/guarddog/pull/152
* Bump docker from 6.0.0b1 to 6.0.1 by dependabot in https://github.com/DataDog/guarddog/pull/149
* Bump idna from 3.3 to 3.4 by dependabot in https://github.com/DataDog/guarddog/pull/151
* Bump platformdirs from 2.5.2 to 3.0.0 by dependabot in https://github.com/DataDog/guarddog/pull/150
* Sync requirements.txt by christophetd in https://github.com/DataDog/guarddog/pull/154

**Full Changelog**: https://github.com/DataDog/guarddog/compare/v1.0.2...v1.1.0

1.0.2

What's Changed

Bug fixes:
* Fixed a bug where a local target could be considered a remote one by mistake (e.g. `guarddog pypi scan ../foo`) (147)

**Full Changelog**: https://github.com/DataDog/guarddog/compare/v1.0.1...v1.0.2

Page 7 of 9

Links

Releases

Has known vulnerabilities

Previous Next

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.