rack-mini-profiler 1.0.2 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4fa3a381694869814cd3d19c37f76c8c0a4bdddda170ed5199266a14e82e6c55
-  data.tar.gz: c75b035729657117744511f53ced6c7fe76383d5b7ee253a3aa5af1a60b1364c
+  metadata.gz: 7544df4d22f5f615b146fb0d63f18098ffd702ac9dec966d8040187f2e8302b9
+  data.tar.gz: 7c39c41a96205c8c7fbd69765ab5f1e0a3a3a37950055fc58d0f27f4a0591e0f
 SHA512:
-  metadata.gz: 1198efbc5b26cc99d9a0e296fa82f45ea27eb590489324a9cca1bfd764e3994e88cfd4b7d9e16db251b08d570cc6571653f25b23d89bad730323ac3b5369d730
-  data.tar.gz: 8ebb0d569583e67667b725443fd9349a4c9cd588320ec8d57ec49ab18a82a7e9a5e92cd36c346f7b94448844a6b37bc2874e354629e5c3fc8bb9d4c8714734d9
+  metadata.gz: 6e3f5f9a51fc5395dda4a7e793903f998513499d850aeb291fe036171a78617d11c3d8cd6fef57d1144359aa4992055ad54ba878075896c3d0280c426a84e3be
+  data.tar.gz: c4e353c8442db93f29d11d04e2724e6c3f8dacaaf082210acbbb7d47655ffc3a6b5297079750e305fe9f1cd3e7efb1d806aef0ec68bbc1a8e40a0f958de0ec52

data/CHANGELOG.md

@@ -1,10 +1,127 @@
 # CHANGELOG
 
-## 1.0.2 2019-02-05
+## 3.1.0 - 2023-04-11
+
+- [FEATURE] The query parameter that RMP uses (by default, pp) is now configurable [#553](https://github.com/MiniProfiler/rack-mini-profiler/pull/553)
+- [FEATURE] You can now opt-out of the Net::HTTP patch by using RACK_MINI_PROFILER_PATCH_NET_HTTP="false"
+- [FIX] Error responses now include header values from the app, and stackprof not installed message now has correct content [#547](https://github.com/MiniProfiler/rack-mini-profiler/pull/547)
+- [FIX] RMP pages now have more valid HTML, with title elements [#562](https://github.com/MiniProfiler/rack-mini-profiler/pull/562)
+- [BREAKING CHANGE] Ruby 2.4 and Ruby 2.5 are no longer supported.
+- [FIX] Now works with apps that don't otherwise require erb [#531](https://github.com/MiniProfiler/rack-mini-profiler/pull/531)
+- [DOCS] Added Heroku Redis instructions
+- [DEPRECATION] We are changing the name of the generators to `rack_mini_profiler`, e.g. `rack_mini_profiler:install` [#550](https://github.com/MiniProfiler/rack-mini-profiler/pull/550)
+
+## 3.0.0 - 2022-02-24
+
+- PERF: Improve snapshots page performance (#518) (introduces breaking changes to the API of `AbstractStore`, `MemoryStore` and `RedisStore`, and removes the `snapshots_limit` config option.)
+
+## 2.3.4 - 2022-02-23
+
+- [FEATURE] Add cookie path support for subfolder sites
+- [FIX] Remove deprecated uses of Redis#pipelined
+
+## 2.3.3 - 2021-08-30
+
+- [FEATURE] Introduce `pp=flamegraph_mode`
+- [FEATURE] Richer CSP configuration options
+- [FEATURE] Add support for Hotwire Turbo Drive
+
+## 2.3.2 - 2021-04-30
+
+- [FEATURE] Introduce `pp=async-flamegraph` for asynchronous flamegraphs
+
+## 2.3.1 - 2021-01-29
+
+- [FIX] compatability with Ruby 3.0
+- [FIX] compatability with peek-mysql2
+
+## 2.3.0 - 2020-12-29
+
+- [FEATURE] flamegraphs are now based off speedscope
+
+## 2.2.1 - 2020-12-23
+
+- [FIX] Turbolinks integration causing increasing number of GET requests
+- [FEATURE] enahanced log transporter with compression and exponential backoff
+- [FEATURE] sameSite=Lax added to MiniProfiler cookie
+
+## 2.2.0 - 2020-10-19
+
+- [UX] Enhancements to snapshots UI
+- [FEATURE] Mini Profiler cookie is now sameSite=lax
+- [FEATURE] Snapshots transporter
+- [FEATURE] Redact SQL queries in snapshots by default
+
+## 2.1.0 - 2020-09-17
+
+- [FEATURE] Allow assets to be precompiled with Sprockets
+- [FEATURE] Snapshots sampling (see README in repo)
+- [FEATURE] Allow `skip_paths` config to contain regular expressions
+
+## 2.0.4 - 2020-08-04
+
+- [FIX] webpacker may exist with no config, allow for that
+
+## 2.0.3 - 2020-07-29
+
+- [FIX] support for deprecation free Redis 4.2
+- [FEATURE] skip /packs when serving static assets
+- [FEATURE] allow Net::HTTP patch to be applied with either prerpend or alias
+
+## 2.0.2 - 2020-05-25
+
+- [FIX] client timings were not showing up when you clicked show trivial
+
+## 2.0.1 - 2020-03-17
+
+- [REVERT] Prepend Net::HTTP patch instead of class_eval and aliasing (#429) (technique clashes with New Relic and Skylight agents)
+
+## 2.0.0 - 2020-03-11
+
+- [FEATURE] Prepend Net::HTTP patch instead of class_eval and aliasing (#429)
+- [FEATURE] Stop patching Rails and use `ActiveSupport::Notifications` by default (see README.md for details)
+
+## 1.1.6 - 2020-01-30
+
+- [FIX] edge condition on page transition function could lead to exceptions
+
+## 1.1.5 - 2020-01-28
+
+- [FIX] correct custom counter regression
+- [FIX] respect max_traces_to_show
+- [FIX] handle storage engine failures in whitelist mode
+
+## 1.1.4 - 2019-12-12
+
+- [SECURITY] carefully crafted SQL could cause an XSS on sites that do not use CSPs
+
+## 1.1.3 - 2019-10-28
+
+- [FEATURE] precompile all templates to avoid need for unsafe-eval
+
+## 1.1.2 - 2019-10-24
+
+- [FIX] JS payload was not working on IE11 and leading to errors
+- [FIX] Remove global singleton_class which was injected
+- [FIX] Regressions post removal of jQuery
+
+## 1.1.1 - 2019-10-22
+
+- [FIX] correct JavaScript fetch support header iteration (Jorge Manrubia)
+
+## 1.1.0 - 2019-10-01
+
+- [FEATURE] remove jQuery dependency, switch template library to dot.js
+- [FEATURE] disable all sensitive debugging methods by default (env, memory profiling) can be enabled with enable_advanced_debugging_tools.
+- [FIX] when conditionally requiring rack mini profiler, asset precompile could fail
+- [FEATURE] `/rack-mini-profiler/requests` can be used to monitor all requests for apps that do not have a UI (like API apps)
+- [SECURITY] XSS injection in `?pp=help` via rogue uri
+
+## 1.0.2 - 2019-02-05
 
 - [FIX] correct script injection to work with Rails 6 and above
 
-## 1.0.1 2018-12-10
+## 1.0.1 - 2018-12-10
 
 - [FIX] add support for exec_params instrumentation in PG, this method as of PG 1.1.0 no longer
  routes calls to exec / async_exec
@@ -14,7 +131,7 @@
 - [FIX] getEntriesByName is missing in iOS, workaround
 - [FEATURE] drop support for Ruby 2.2.0 we require 2.3.0 and up (EOL Ruby no longer supported)
 
-## 1.0.0 2017-03-29
+## 1.0.0 - 2018-03-29
 
 - [BREAKING CHANGE] Ruby version 2.2.0 or later is required
 - [FEATURE] use new web performance API to avoid warning @MikeRogers0
@@ -22,16 +139,16 @@
 - [FIX] correct jQuery 3.0 deprecations @TiSer
 - [FIX] JS in IFRAME @naiyt
 
-## 0.10.8 2017-12-01
+## 0.10.8 - 2017-12-01
 
 - [FEATURE] Add `# frozen_string_literal: true` to all `lib/**/*.rb` files
 
-## 0.10.7 2017-11-24
+## 0.10.7 - 2017-11-24
 
 - [FEATURE] Replace Time.now with Process.clock_gettime(Process::CLOCK_MONOTONIC)
 - [FIX] Error with webrick and empty cache control
 
-## 0.10.6 2017-10-30
+## 0.10.6 - 2017-10-30
 
 - [FEATURE] Support for vertical positions (top/bottom)
 - [FEATURE] Suppress profiler results in print media @Mike Dillon
@@ -39,11 +156,11 @@
 - [FEATURE] install generator @yhirano
 - [FEATURE] store initial cache control headers in X-MiniProfiler-Original-Cache-Control @mrasu
 
-## 0.10.5 2017-05-22
+## 0.10.5 - 2017-05-22
 
 - [FIX] revert PG bind sniffing until it is properly tested
 
-## 0.10.4 2017-05-17
+## 0.10.4 - 2017-05-17
 
 - [FEATURE] log binds for pg @neznauy
 - [FIX] use async exec pg monkey patch instead of exec
@@ -52,25 +169,25 @@
 - [FIX] ensure redis get_unviewed_ids returns only ids that exist
 - [FIX] correctly respect SCRIPT in env if it is sniffed by middleware
 
-## 0.10.2 2017-02-08
+## 0.10.2 - 2017-02-08
 
 - [FIX] improve turbolinks support
 - [FEATURE] make location of mini_profiler injection customizable
 
-## 0.10.1 2016-05-18
+## 0.10.1 - 2016-05-18
 
 - [FEATURE] push forward the security checks so no work is ever done if a valid production
     cookie is not available (@sam)
 
-## 0.9.9.2 2016-03-06
+## 0.9.9.2 - 2016-03-06
 
 - [FEATURE] on pageTransition collapse previously expanded timings
 
-## 0.9.9.1 2016-03-06
+## 0.9.9.1 - 2016-03-06
 
 - [FEATURE] expost MiniProfiler.pageTransition() for use by SPA web apps (@sam)
 
-## 0.9.9 2016-03-06
+## 0.9.9 - 2016-03-06
 
 - [FIX] removes alias_method_chain in favor of alias_method until Ruby 1.9.3 (@ayfredlund)
 - [FIX] Dont block mongo when already patched for another db (@rrooding @kbrock)
@@ -126,7 +243,7 @@
 - [FIXED] Possible XSS (admin only)
 - [FIXED] Corrected Sql patching to avoid setting instance vars on nil which is frozen (thanks Andy, huoxito)
 
-## 0.9.0.pre - 2013-12-12 (Sam Saffron)
+## 0.9.0.pre - 2013-12-05 (Sam Saffron)
 - Bumped up version to reflect the stability of the project
 - [IMPROVED] Reports for pp=profile-gc
 - [IMPROVED] pp=flamegraph&flamegraph_sample_rate=1 , allow you to specify sampling rates
@@ -136,7 +253,7 @@
   config.assets.prefix path since developers can rename the path to serve Asset Pipeline
   files from
 
-## 2013-09-03
+## 0.1.31 - 2013-09-03
 - [IMPROVED] Flamegraph now has much increased fidelity
 - [REMOVED] Ripped out flamegraph so it can be isolated into a gem
 - [REMOVED] Ripped out pp=sample it just was never really used
@@ -192,13 +309,13 @@
 - [ADDED] New MemchacedStore
 - [ADDED] Rails 4 support
 
-## 2012-09-12 (Sam Saffron)
+## 0.1.20 - 2012-09-12 (Sam Saffron)
 - [ADDED] pp=profile-gc: allows you to profile the GC in Ruby 1.9.3
 
 ## 0.1.19 - 2012-09-10 (Sam Saffron)
 - [FIXED] Compatibility issue with Ruby 1.8.7
 
-## 0.1.17 - 2012-09-09 (Sam Saffron)
+## 0.1.17 - 2012-09-07 (Sam Saffron)
 - [FIXED] pp=sample was bust unless stacktrace was installed
 
 ## 0.1.16 - 2012-09-05 (Sam Saffron)
@@ -222,10 +339,10 @@
 ## 0.1.12.pre - 2012-08-20 (Sam Saffron)
 - [IMPROVED] Cap X-MiniProfiler-Ids at 10, otherwise the header can get killed
 
-## 2012-08-10 (Sam Saffron)
+## 0.1.11.pre - 2012-08-10 (Sam Saffron)
 - [ADDED] Basic prepared statement profiling for Postgres
 
-## 2012-08-07 (Sam Saffron)
+## 0.1.10 - 2012-08-07 (Sam Saffron)
 - [ADDED] Option to disable profiler for the current session (pp=disable / pp=enable)
 - [ADDED] yajl compatability contributed by Sven Riedel
 
@@ -239,7 +356,7 @@
 - [ADDED] First Paint time for Google Chrome
 - [FIXED] Ensure non Rails installs have mini profiler
 
-## 2012-07-12 (Sam Saffron)
+## 0.1.6 - 2012-07-12 (Sam Saffron)
 - [ADDED] Native PG and MySql2 interceptors, this gives way more accurate times
 - [ADDED] some more client probing built in to rails
 - [IMPROVED] Refactored context so its a proper class and not a hash
@@ -253,7 +370,7 @@
   production
 - [IMPROVED] Cleaned up railties, got rid of the post authorize callback
 
-## 2012-06-28 (Sam Saffron)
+## 0.1.1 - 2012-06-28 (Sam Saffron)
 - [ADDED] Started change log
 - [ADDED] added MemcacheStore
 - [IMPROVED] Corrected profiler so it properly captures POST requests (was supressing non 200s)