Whispers

Latest version: v2.4.0

Safety actively analyzes 714860 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 4

2.1.0

:x: Breaking changes :x:

:x: Arguments :x:

Several arguments have been modified and/or adapted to improve usability.

- Human readable output is shown in logs (2.1), `-H` and `--human` (2.0) are removed.

- Version can be shown with `--version` (2.1), `-v` (2.0) is removed.

- Extended help can be shown with `--info` (2.1), `-i` (2.0) is removed.

- Debug mode can be enabled with `--debug` (2.1), `-d` (2.0) is removed.

- Logs can be redirected to a file with `--log log.txt` (2.1), constant `/tmp/whispers.log` (2.0) is removed.

- Configuration template can be created with `--init` (2.1), `--print_config` (2.0) is removed.


:x: Logging :x:

**Version 2.0:** Opt-in logging for tracing execution flow, useful only for debugging. Results printed to `stdout` using `print()` as a JSON dict, one result per line. Enabling logging required adding the `--log` argument.

**Version 2.1:** Logging is used to alert identified secrets during execution with `WARNING` level. Results are written to `stdout` as a JSON list at the end. This improves results parseability as a JSON list, while maintaining live results display that was previously achieved by printing secrets as JSON one per line.


:white_check_mark: New features :white_check_mark:

:white_check_mark: Results as JSON list :white_check_mark:

To improve integration and downstream processing, Whispers now outputs results as a JSON list of dictionaries with all detected secrets together (2.1), instead of one JSON dictionary per line (2.0). This list is directly loadable and parsable as JSON.

2.0.6

This release addresses two reported bugs, as well as dependency updates.

* Install `dataclasses` only for Python 3.6 to avoid dependency conflicts with higher versions (Fixes https://github.com/Skyscanner/whispers/issues/107)
* Improve hardcoded secret detection for values starting with `$` (Fixes https://github.com/Skyscanner/whispers/issues/108)

What's Changed
* Bump typing-extensions from 4.0.1 to 4.1.1 by dependabot in https://github.com/adeptex/whispers/pull/21
* Bump lxml from 4.7.1 to 4.8.0 by dependabot in https://github.com/adeptex/whispers/pull/22
* Update issue templates by adeptex in https://github.com/adeptex/whispers/pull/23
* Bump astroid from 2.9.3 to 2.10.0 by dependabot in https://github.com/adeptex/whispers/pull/24
* Bump wrapt from 1.13.3 to 1.14.0 by dependabot in https://github.com/adeptex/whispers/pull/25
* Bump astroid from 2.10.0 to 2.11.0 by dependabot in https://github.com/adeptex/whispers/pull/26
* Bump astroid from 2.11.0 to 2.11.1 by dependabot in https://github.com/adeptex/whispers/pull/27
* Bump astroid from 2.11.1 to 2.11.2 by dependabot in https://github.com/adeptex/whispers/pull/28
* Bump soupsieve from 2.3.1 to 2.3.2 by dependabot in https://github.com/adeptex/whispers/pull/29
* Bump beautifulsoup4 from 4.10.0 to 4.11.0 by dependabot in https://github.com/adeptex/whispers/pull/30
* Bump beautifulsoup4 from 4.11.0 to 4.11.1 by dependabot in https://github.com/adeptex/whispers/pull/31
* Bump soupsieve from 2.3.2 to 2.3.2.post1 by dependabot in https://github.com/adeptex/whispers/pull/32
* Bump typing-extensions from 4.1.1 to 4.2.0 by dependabot in https://github.com/adeptex/whispers/pull/33
* Bump astroid from 2.11.2 to 2.11.3 by dependabot in https://github.com/adeptex/whispers/pull/34
* Bump wrapt from 1.14.0 to 1.14.1 by dependabot in https://github.com/adeptex/whispers/pull/35
* 2.0.6 by adeptex in https://github.com/adeptex/whispers/pull/36


**Full Changelog**: https://github.com/adeptex/whispers/compare/2.0.5...2.0.6

2.0.5

Summary
* Added Mozilla SOPS placeholder detection
* Added AWS Account Number detection based on AWS ARN

What's Changed
* Detection by adeptex in https://github.com/adeptex/whispers/pull/20


**Full Changelog**: https://github.com/adeptex/whispers/compare/2.0.4...2.0.5

2.0.4

Summary
* Target file or directory CLI argument is now position independent. For example, these two now work the same:
* `whispers -G files -H tests/fixtures`
* `whispers tests/fixtures -G files -H`
* File inclusion and exclusion can now be specified with CLI args (not just in config file as before):
* `whispers -f '*.json,*.yml' tests/fixtures` - include **globs** that match (ie: include only JSON & YML files)
* `whispers -F '.*\.(json|yml)' tests/fixtures` - exclude **regex** that matches (ie: exclude all JSON & YML files)
* Output can now be printed in human readable format by using the CLI arg `--human` or `-H` for short.

What's Changed
* Bump astroid from 2.9.0 to 2.9.3 by dependabot in https://github.com/adeptex/whispers/pull/16
* Bump jellyfish from 0.8.9 to 0.9.0 by dependabot in https://github.com/adeptex/whispers/pull/17
* Modify stdout format by adeptex in https://github.com/adeptex/whispers/pull/18
* Surface files configuration by adeptex in https://github.com/adeptex/whispers/pull/19

**Full Changelog**: https://github.com/adeptex/whispers/compare/2.0.3...2.0.4

2.0.3

* Update dependencies

What's Changed
* Bump lxml from 4.6.4 to 4.7.0 by dependabot in https://github.com/adeptex/whispers/pull/10
* Bump lxml from 4.7.0 to 4.7.1 by dependabot in https://github.com/adeptex/whispers/pull/11
* Bump lazy-object-proxy from 1.6.0 to 1.7.0 by dependabot in https://github.com/adeptex/whispers/pull/12
* Bump lazy-object-proxy from 1.7.0 to 1.7.1 by dependabot in https://github.com/adeptex/whispers/pull/13


**Full Changelog**: https://github.com/adeptex/whispers/compare/2.0.2...2.0.3

2.0.2

* Added `--print_config` argument to facilitate configuration, ie: `whispers --print_config > custom.yml`. This allows quickly getting a working editable template.

Page 3 of 4

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.