rack-mini-profiler 1.1.3 → 1.1.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +29 -25
- data/README.md +3 -4
- data/lib/html/includes.js +1 -1
- data/lib/mini_profiler/asset_version.rb +1 -1
- data/lib/mini_profiler/gc_profiler.rb +1 -1
- data/lib/mini_profiler/storage/file_store.rb +2 -2
- data/lib/mini_profiler/timer_struct/sql.rb +1 -1
- data/lib/mini_profiler/version.rb +1 -1
- data/lib/patches/db/mongo.rb +1 -1
- data/lib/patches/db/moped.rb +1 -1
- data/lib/patches/db/plucky.rb +4 -4
- data/lib/patches/sql_patches.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 23beddd8a924076759b5f25229f0e9a2c91dee5b916f2e4712381c247ad4922d
|
4
|
+
data.tar.gz: af7fc0fbe8008e5159e86b4cdf4fb19d694e15ea125eae2c776b0815df3dca0f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bc6a2e360c45f76f9a66f12e649932ced7a2fdad4e6102eb551df688065970ef47d6b3a4871fa3f642c6b86884b236b547c98fc14de5ba93ee44c4fdbf4a6f90
|
7
|
+
data.tar.gz: f6d0ea244eac7b8a40adb7556a7185a245d378402248bd9317be18a616ed2d4c4ba4203401600bb9416f38f875762d688a1191a52a17c643793d4a5a4607f6b5
|
data/CHANGELOG.md
CHANGED
@@ -1,20 +1,24 @@
|
|
1
1
|
# CHANGELOG
|
2
2
|
|
3
|
-
## 1.1.
|
3
|
+
## 1.1.4 - 2019-12-12
|
4
|
+
|
5
|
+
- [SECURITY] carefully crafted SQL could cause an XSS on sites that do not use CSPs
|
6
|
+
|
7
|
+
## 1.1.3 - 2019-10-28
|
4
8
|
|
5
9
|
- [FEATURE] precompile all templates to avoid need for unsafe-eval
|
6
10
|
|
7
|
-
## 1.1.2 2019-24
|
11
|
+
## 1.1.2 - 2019-10-24
|
8
12
|
|
9
13
|
- [FIX] JS payload was not working on IE11 and leading to errors
|
10
14
|
- [FIX] Remove global singleton_class which was injected
|
11
15
|
- [FIX] Regressions post removal of jQuery
|
12
16
|
|
13
|
-
## 1.1.1 2019-22
|
17
|
+
## 1.1.1 - 2019-10-22
|
14
18
|
|
15
19
|
- [FIX] correct JavaScript fetch support header iteration (Jorge Manrubia)
|
16
20
|
|
17
|
-
## 1.1.0 2019-10-01
|
21
|
+
## 1.1.0 - 2019-10-01
|
18
22
|
|
19
23
|
- [FEATURE] remove jQuery dependency, switch template library to dot.js
|
20
24
|
- [FEATURE] disable all sensitive debugging methods by default (env, memory profiling) can be enabled with enable_advanced_debugging_tools.
|
@@ -22,11 +26,11 @@
|
|
22
26
|
- [FEATURE] `/rack-mini-profiler/requests` can be used to monitor all requests for apps that do not have a UI (like API apps)
|
23
27
|
- [SECURITY] XSS injection in `?pp=help` via rogue uri
|
24
28
|
|
25
|
-
## 1.0.2 2019-02-05
|
29
|
+
## 1.0.2 - 2019-02-05
|
26
30
|
|
27
31
|
- [FIX] correct script injection to work with Rails 6 and above
|
28
32
|
|
29
|
-
## 1.0.1 2018-12-10
|
33
|
+
## 1.0.1 - 2018-12-10
|
30
34
|
|
31
35
|
- [FIX] add support for exec_params instrumentation in PG, this method as of PG 1.1.0 no longer
|
32
36
|
routes calls to exec / async_exec
|
@@ -36,7 +40,7 @@
|
|
36
40
|
- [FIX] getEntriesByName is missing in iOS, workaround
|
37
41
|
- [FEATURE] drop support for Ruby 2.2.0 we require 2.3.0 and up (EOL Ruby no longer supported)
|
38
42
|
|
39
|
-
## 1.0.0
|
43
|
+
## 1.0.0 - 2018-03-29
|
40
44
|
|
41
45
|
- [BREAKING CHANGE] Ruby version 2.2.0 or later is required
|
42
46
|
- [FEATURE] use new web performance API to avoid warning @MikeRogers0
|
@@ -44,16 +48,16 @@
|
|
44
48
|
- [FIX] correct jQuery 3.0 deprecations @TiSer
|
45
49
|
- [FIX] JS in IFRAME @naiyt
|
46
50
|
|
47
|
-
## 0.10.8 2017-12-01
|
51
|
+
## 0.10.8 - 2017-12-01
|
48
52
|
|
49
53
|
- [FEATURE] Add `# frozen_string_literal: true` to all `lib/**/*.rb` files
|
50
54
|
|
51
|
-
## 0.10.7 2017-11-24
|
55
|
+
## 0.10.7 - 2017-11-24
|
52
56
|
|
53
57
|
- [FEATURE] Replace Time.now with Process.clock_gettime(Process::CLOCK_MONOTONIC)
|
54
58
|
- [FIX] Error with webrick and empty cache control
|
55
59
|
|
56
|
-
## 0.10.6 2017-10-30
|
60
|
+
## 0.10.6 - 2017-10-30
|
57
61
|
|
58
62
|
- [FEATURE] Support for vertical positions (top/bottom)
|
59
63
|
- [FEATURE] Suppress profiler results in print media @Mike Dillon
|
@@ -61,11 +65,11 @@
|
|
61
65
|
- [FEATURE] install generator @yhirano
|
62
66
|
- [FEATURE] store initial cache control headers in X-MiniProfiler-Original-Cache-Control @mrasu
|
63
67
|
|
64
|
-
## 0.10.5 2017-05-22
|
68
|
+
## 0.10.5 - 2017-05-22
|
65
69
|
|
66
70
|
- [FIX] revert PG bind sniffing until it is properly tested
|
67
71
|
|
68
|
-
## 0.10.4 2017-05-17
|
72
|
+
## 0.10.4 - 2017-05-17
|
69
73
|
|
70
74
|
- [FEATURE] log binds for pg @neznauy
|
71
75
|
- [FIX] use async exec pg monkey patch instead of exec
|
@@ -74,25 +78,25 @@
|
|
74
78
|
- [FIX] ensure redis get_unviewed_ids returns only ids that exist
|
75
79
|
- [FIX] correctly respect SCRIPT in env if it is sniffed by middleware
|
76
80
|
|
77
|
-
## 0.10.2 2017-02-08
|
81
|
+
## 0.10.2 - 2017-02-08
|
78
82
|
|
79
83
|
- [FIX] improve turbolinks support
|
80
84
|
- [FEATURE] make location of mini_profiler injection customizable
|
81
85
|
|
82
|
-
## 0.10.1 2016-05-18
|
86
|
+
## 0.10.1 - 2016-05-18
|
83
87
|
|
84
88
|
- [FEATURE] push forward the security checks so no work is ever done if a valid production
|
85
89
|
cookie is not available (@sam)
|
86
90
|
|
87
|
-
## 0.9.9.2 2016-03-06
|
91
|
+
## 0.9.9.2 - 2016-03-06
|
88
92
|
|
89
93
|
- [FEATURE] on pageTransition collapse previously expanded timings
|
90
94
|
|
91
|
-
## 0.9.9.1 2016-03-06
|
95
|
+
## 0.9.9.1 - 2016-03-06
|
92
96
|
|
93
97
|
- [FEATURE] expost MiniProfiler.pageTransition() for use by SPA web apps (@sam)
|
94
98
|
|
95
|
-
## 0.9.9 2016-03-06
|
99
|
+
## 0.9.9 - 2016-03-06
|
96
100
|
|
97
101
|
- [FIX] removes alias_method_chain in favor of alias_method until Ruby 1.9.3 (@ayfredlund)
|
98
102
|
- [FIX] Dont block mongo when already patched for another db (@rrooding @kbrock)
|
@@ -148,7 +152,7 @@
|
|
148
152
|
- [FIXED] Possible XSS (admin only)
|
149
153
|
- [FIXED] Corrected Sql patching to avoid setting instance vars on nil which is frozen (thanks Andy, huoxito)
|
150
154
|
|
151
|
-
## 0.9.0.pre - 2013-12-
|
155
|
+
## 0.9.0.pre - 2013-12-05 (Sam Saffron)
|
152
156
|
- Bumped up version to reflect the stability of the project
|
153
157
|
- [IMPROVED] Reports for pp=profile-gc
|
154
158
|
- [IMPROVED] pp=flamegraph&flamegraph_sample_rate=1 , allow you to specify sampling rates
|
@@ -158,7 +162,7 @@
|
|
158
162
|
config.assets.prefix path since developers can rename the path to serve Asset Pipeline
|
159
163
|
files from
|
160
164
|
|
161
|
-
## 2013-09-03
|
165
|
+
## 0.1.31 - 2013-09-03
|
162
166
|
- [IMPROVED] Flamegraph now has much increased fidelity
|
163
167
|
- [REMOVED] Ripped out flamegraph so it can be isolated into a gem
|
164
168
|
- [REMOVED] Ripped out pp=sample it just was never really used
|
@@ -214,13 +218,13 @@
|
|
214
218
|
- [ADDED] New MemchacedStore
|
215
219
|
- [ADDED] Rails 4 support
|
216
220
|
|
217
|
-
## 2012-09-12 (Sam Saffron)
|
221
|
+
## 0.1.20 - 2012-09-12 (Sam Saffron)
|
218
222
|
- [ADDED] pp=profile-gc: allows you to profile the GC in Ruby 1.9.3
|
219
223
|
|
220
224
|
## 0.1.19 - 2012-09-10 (Sam Saffron)
|
221
225
|
- [FIXED] Compatibility issue with Ruby 1.8.7
|
222
226
|
|
223
|
-
## 0.1.17 - 2012-09-
|
227
|
+
## 0.1.17 - 2012-09-07 (Sam Saffron)
|
224
228
|
- [FIXED] pp=sample was bust unless stacktrace was installed
|
225
229
|
|
226
230
|
## 0.1.16 - 2012-09-05 (Sam Saffron)
|
@@ -244,10 +248,10 @@
|
|
244
248
|
## 0.1.12.pre - 2012-08-20 (Sam Saffron)
|
245
249
|
- [IMPROVED] Cap X-MiniProfiler-Ids at 10, otherwise the header can get killed
|
246
250
|
|
247
|
-
## 2012-08-10 (Sam Saffron)
|
251
|
+
## 0.1.11.pre - 2012-08-10 (Sam Saffron)
|
248
252
|
- [ADDED] Basic prepared statement profiling for Postgres
|
249
253
|
|
250
|
-
## 2012-08-07 (Sam Saffron)
|
254
|
+
## 0.1.10 - 2012-08-07 (Sam Saffron)
|
251
255
|
- [ADDED] Option to disable profiler for the current session (pp=disable / pp=enable)
|
252
256
|
- [ADDED] yajl compatability contributed by Sven Riedel
|
253
257
|
|
@@ -261,7 +265,7 @@
|
|
261
265
|
- [ADDED] First Paint time for Google Chrome
|
262
266
|
- [FIXED] Ensure non Rails installs have mini profiler
|
263
267
|
|
264
|
-
## 2012-07-12 (Sam Saffron)
|
268
|
+
## 0.1.6 - 2012-07-12 (Sam Saffron)
|
265
269
|
- [ADDED] Native PG and MySql2 interceptors, this gives way more accurate times
|
266
270
|
- [ADDED] some more client probing built in to rails
|
267
271
|
- [IMPROVED] Refactored context so its a proper class and not a hash
|
@@ -275,7 +279,7 @@
|
|
275
279
|
production
|
276
280
|
- [IMPROVED] Cleaned up railties, got rid of the post authorize callback
|
277
281
|
|
278
|
-
## 2012-06-28 (Sam Saffron)
|
282
|
+
## 0.1.1 - 2012-06-28 (Sam Saffron)
|
279
283
|
- [ADDED] Started change log
|
280
284
|
- [ADDED] added MemcacheStore
|
281
285
|
- [IMPROVED] Corrected profiler so it properly captures POST requests (was supressing non 200s)
|
data/README.md
CHANGED
@@ -19,7 +19,7 @@ Middleware that displays speed badge for every html page. Designed to work both
|
|
19
19
|
|
20
20
|
## rack-mini-profiler needs your help
|
21
21
|
|
22
|
-
We have decided to restructure our repository so there is a central UI repo and the various language
|
22
|
+
We have decided to restructure our repository so there is a central UI repo and the various language implementations have their own.
|
23
23
|
|
24
24
|
**WE NEED HELP.**
|
25
25
|
|
@@ -53,7 +53,7 @@ All you have to do is to include the Gem and you're good to go in development. S
|
|
53
53
|
|
54
54
|
#### Rails and manual initialization
|
55
55
|
|
56
|
-
In case you need to make sure rack_mini_profiler initialized
|
56
|
+
In case you need to make sure rack_mini_profiler is initialized after all other gems, or you want to execute some code before rack_mini_profiler required:
|
57
57
|
|
58
58
|
```ruby
|
59
59
|
gem 'rack-mini-profiler', require: false
|
@@ -227,8 +227,7 @@ Rack::MiniProfiler.config.storage = Rack::MiniProfiler::MemoryStore
|
|
227
227
|
|
228
228
|
# set RedisStore
|
229
229
|
if Rails.env.production?
|
230
|
-
|
231
|
-
Rack::MiniProfiler.config.storage_options = { :host => uri.host, :port => uri.port, :password => uri.password }
|
230
|
+
Rack::MiniProfiler.config.storage_options = { url: ENV["REDIS_SERVER_URL"] }
|
232
231
|
Rack::MiniProfiler.config.storage = Rack::MiniProfiler::RedisStore
|
233
232
|
end
|
234
233
|
```
|
data/lib/html/includes.js
CHANGED
@@ -36,7 +36,7 @@ module Rack
|
|
36
36
|
start_millis = ((Process.clock_gettime(Process::CLOCK_MONOTONIC) * 1000).to_i - page[:started]) - duration_ms
|
37
37
|
super(
|
38
38
|
execute_type: 3, # TODO
|
39
|
-
formatted_command_string: query,
|
39
|
+
formatted_command_string: ERB::Util.html_escape(query),
|
40
40
|
stack_trace_snippet: stack_trace,
|
41
41
|
start_milliseconds: start_millis,
|
42
42
|
duration_milliseconds: duration_ms,
|
data/lib/patches/db/mongo.rb
CHANGED
@@ -8,7 +8,7 @@ class Mongo::Server::Connection
|
|
8
8
|
result, _record = SqlPatches.record_sql(args[0][0].payload.inspect) do
|
9
9
|
dispatch_without_timing(*args, &blk)
|
10
10
|
end
|
11
|
-
|
11
|
+
result
|
12
12
|
end
|
13
13
|
|
14
14
|
# TODO: change to Module#prepend as soon as Ruby 1.9.3 support is dropped
|
data/lib/patches/db/moped.rb
CHANGED
data/lib/patches/db/plucky.rb
CHANGED
@@ -9,19 +9,19 @@ class Plucky::Query
|
|
9
9
|
alias_method :remove_without_profiling, :remove
|
10
10
|
|
11
11
|
def find_each(*args, &blk)
|
12
|
-
|
12
|
+
profile_database_operation(__callee__, filtered_inspect(), *args, &blk)
|
13
13
|
end
|
14
14
|
|
15
15
|
def find_one(*args, &blk)
|
16
|
-
|
16
|
+
profile_database_operation(__callee__, filtered_inspect(args[0]), *args, &blk)
|
17
17
|
end
|
18
18
|
|
19
19
|
def count(*args, &blk)
|
20
|
-
|
20
|
+
profile_database_operation(__callee__, filtered_inspect(), *args, &blk)
|
21
21
|
end
|
22
22
|
|
23
23
|
def remove(*args, &blk)
|
24
|
-
|
24
|
+
profile_database_operation(__callee__, filtered_inspect(), *args, &blk)
|
25
25
|
end
|
26
26
|
|
27
27
|
private
|
data/lib/patches/sql_patches.rb
CHANGED
@@ -11,7 +11,7 @@ class SqlPatches
|
|
11
11
|
start = Process.clock_gettime(Process::CLOCK_MONOTONIC)
|
12
12
|
result = yield
|
13
13
|
record = ::Rack::MiniProfiler.record_sql(statement, elapsed_time(start), parameters)
|
14
|
-
|
14
|
+
[result, record]
|
15
15
|
end
|
16
16
|
|
17
17
|
def self.should_measure?
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-mini-profiler
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sam Saffron
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2019-
|
13
|
+
date: 2019-12-12 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: rack
|