SECURITY: update rack-mini-profiler to latest to correct XSS

SECURITY: update rack-mini-profiler to latest to correct XSS

This corrects an XSS in ?pp=help.

Also removes the jQuery dependency from rack-mini-profiler and restricts memory sensitive profiling methods development only.

diff --git a/Gemfile.lock b/Gemfile.lock
index 55e2d27..28c1dfe 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -269,7 +269,7 @@ GEM
     puma (3.12.1)
     r2 (0.2.7)
     rack (2.0.7)
-    rack-mini-profiler (1.0.2)
+    rack-mini-profiler (1.1.0)
       rack (>= 1.2.0)
     rack-openid (1.3.1)
       rack (>= 1.1.0)

GitHub sha: ba0114a6

1 Like