Skip to content

chore(ci): bump the gh-actions-packages group across 1 directory with 2 updates #10023

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 26, 2025
Merged

chore(ci): bump the gh-actions-packages group across 1 directory with 2 updates #10023

merged 1 commit into from
Nov 26, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 24, 2025

Bumps the gh-actions-packages group with 2 updates in the / directory: actions/checkout and github/codeql-action.

Updates actions/checkout from 5.0.0 to 6.0.0

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

V6.0.0

V5.0.1

V5.0.0

V4.3.1

V4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

... (truncated)

Commits

Updates github/codeql-action from 4.31.0 to 4.31.5

Release notes

Sourced from github/codeql-action's releases.

v4.31.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.5 - 24 Nov 2025

  • Update default CodeQL bundle version to 2.23.6. #3321

See the full CHANGELOG.md for more information.

v4.31.4

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.4 - 18 Nov 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.3

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.3 - 13 Nov 2025

  • CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
  • Update default CodeQL bundle version to 2.23.5. #3288

See the full CHANGELOG.md for more information.

v4.31.2

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.2 - 30 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.1

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.5 - 24 Nov 2025

  • Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

  • CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
  • Update default CodeQL bundle version to 2.23.5. #3288

4.31.2 - 30 Oct 2025

No user facing changes.

4.31.1 - 30 Oct 2025

  • The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

4.31.0 - 24 Oct 2025

  • Bump minimum CodeQL bundle version to 2.17.6. #3223
  • When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

4.30.9 - 17 Oct 2025

  • Update default CodeQL bundle version to 2.23.3. #3205
  • Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204

4.30.8 - 10 Oct 2025

No user facing changes.

4.30.7 - 06 Oct 2025

  • [v4+ only] The CodeQL Action now runs on Node.js v24. #3169

3.30.6 - 02 Oct 2025

  • Update default CodeQL bundle version to 2.23.2. #3168

... (truncated)

Commits
  • fdbfb4d Merge pull request #3322 from github/update-v4.31.5-ec2ee575c
  • 81f6d64 Update changelog for v4.31.5
  • ec2ee57 Merge pull request #3321 from github/update-bundle/codeql-bundle-v2.23.6
  • ecc8787 Add changelog note
  • 1d2a238 Update default bundle to codeql-bundle-v2.23.6
  • ce729e4 Merge pull request #3315 from github/henrymercer/dead-code-elimination
  • ac359aa Add return type
  • 112cd07 Merge branch 'main' into henrymercer/dead-code-elimination
  • 0b43179 Merge pull request #3306 from github/dependabot/npm_and_yarn/types/sinon-21.0.0
  • e818008 Merge pull request #3305 from github/dependabot/npm_and_yarn/eslint/compat-2.0.0
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(ci): bump the gh-actions-packages group across 1 directory with…
fcfbb52 
… 2 updates

Bumps the gh-actions-packages group with 2 updates in the / directory: [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/checkout` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@08c6903...1af3b93)

Updates `github/codeql-action` from 4.31.0 to 4.31.5
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@4e94bd1...fdbfb4d)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gh-actions-packages
- dependency-name: github/codeql-action
  dependency-version: 4.31.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gh-actions-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added comp: tooling Build & Tooling tag: dependencies Dependencies related changes tag: no release notes Changes to exclude from release notes labels Nov 24, 2025
@dependabot dependabot bot requested a review from a team as a code owner November 24, 2025 17:58
@dependabot dependabot bot added the tag: no release notes Changes to exclude from release notes label Nov 24, 2025
@dependabot dependabot bot requested review from PerfectSlayer and removed request for a team November 24, 2025 17:58
@dependabot dependabot bot added tag: dependencies Dependencies related changes comp: tooling Build & Tooling labels Nov 24, 2025
@pr-commenter
Copy link

pr-commenter bot commented Nov 24, 2025

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master dependabot/github_actions/gh-actions-packages-ebb5f02585
git_commit_date 1763992896 1764007108
git_commit_sha c8bb444 fcfbb52
release_version 1.57.0-SNAPSHOT~c8bb44440b 1.57.0-SNAPSHOT~fcfbb527cc
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1764009038 1764009038
ci_job_id 1254193152 1254193152
ci_pipeline_id 83840348 83840348
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-kjd476dg 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-kjd476dg 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 61 metrics, 4 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.57.0-SNAPSHOT~fcfbb527cc, baseline=1.57.0-SNAPSHOT~c8bb44440b

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.101 s) : 0, 1101353
Total [baseline] (8.902 s) : 0, 8902145
Agent [candidate] (1.108 s) : 0, 1107546
Total [candidate] (8.845 s) : 0, 8845012
section iast
Agent [baseline] (1.248 s) : 0, 1248199
Total [baseline] (9.564 s) : 0, 9564349
Agent [candidate] (1.242 s) : 0, 1241799
Total [candidate] (9.551 s) : 0, 9550859
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.101 s -
Agent iast 1.248 s 146.847 ms (13.3%)
Total tracing 8.902 s -
Total iast 9.564 s 662.204 ms (7.4%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.108 s -
Agent iast 1.242 s 134.253 ms (12.1%)
Total tracing 8.845 s -
Total iast 9.551 s 705.847 ms (8.0%) 
gantt
    title insecure-bank - break down per module: candidate=1.57.0-SNAPSHOT~fcfbb527cc, baseline=1.57.0-SNAPSHOT~c8bb44440b

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.497 ms) : 0, 1497
crashtracking [candidate] (1.498 ms) : 0, 1498
BytebuddyAgent [baseline] (708.238 ms) : 0, 708238
BytebuddyAgent [candidate] (712.473 ms) : 0, 712473
GlobalTracer [baseline] (248.964 ms) : 0, 248964
GlobalTracer [candidate] (250.848 ms) : 0, 250848
AppSec [baseline] (32.171 ms) : 0, 32171
AppSec [candidate] (32.23 ms) : 0, 32230
Debugger [baseline] (63.076 ms) : 0, 63076
Debugger [candidate] (63.065 ms) : 0, 63065
Remote Config [baseline] (624.922 µs) : 0, 625
Remote Config [candidate] (633.275 µs) : 0, 633
Telemetry [baseline] (8.159 ms) : 0, 8159
Telemetry [candidate] (8.142 ms) : 0, 8142
Flare Poller [baseline] (3.653 ms) : 0, 3653
Flare Poller [candidate] (3.69 ms) : 0, 3690
section iast
crashtracking [baseline] (1.5 ms) : 0, 1500
crashtracking [candidate] (1.483 ms) : 0, 1483
BytebuddyAgent [baseline] (839.185 ms) : 0, 839185
BytebuddyAgent [candidate] (833.373 ms) : 0, 833373
GlobalTracer [baseline] (238.846 ms) : 0, 238846
GlobalTracer [candidate] (238.291 ms) : 0, 238291
AppSec [baseline] (33.453 ms) : 0, 33453
AppSec [candidate] (33.992 ms) : 0, 33992
Debugger [baseline] (59.931 ms) : 0, 59931
Debugger [candidate] (60.286 ms) : 0, 60286
Remote Config [baseline] (545.068 µs) : 0, 545
Remote Config [candidate] (549.538 µs) : 0, 550
Telemetry [baseline] (7.575 ms) : 0, 7575
Telemetry [candidate] (7.635 ms) : 0, 7635
Flare Poller [baseline] (3.427 ms) : 0, 3427
Flare Poller [candidate] (3.494 ms) : 0, 3494
IAST [baseline] (28.579 ms) : 0, 28579
IAST [candidate] (27.718 ms) : 0, 27718
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.57.0-SNAPSHOT~fcfbb527cc, baseline=1.57.0-SNAPSHOT~c8bb44440b

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.111 s) : 0, 1111299
Total [baseline] (11.088 s) : 0, 11088370
Agent [candidate] (1.113 s) : 0, 1113473
Total [candidate] (10.906 s) : 0, 10906153
section appsec
Agent [baseline] (1.294 s) : 0, 1293646
Total [baseline] (11.06 s) : 0, 11060433
Agent [candidate] (1.296 s) : 0, 1295981
Total [candidate] (11.159 s) : 0, 11158632
section iast
Agent [baseline] (1.25 s) : 0, 1249675
Total [baseline] (11.211 s) : 0, 11211224
Agent [candidate] (1.246 s) : 0, 1245797
Total [candidate] (11.264 s) : 0, 11264152
section profiling
Agent [baseline] (1.238 s) : 0, 1237558
Total [baseline] (11.135 s) : 0, 11135270
Agent [candidate] (1.237 s) : 0, 1236770
Total [candidate] (11.145 s) : 0, 11144976
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.111 s -
Agent appsec 1.294 s 182.347 ms (16.4%)
Agent iast 1.25 s 138.376 ms (12.5%)
Agent profiling 1.238 s 126.259 ms (11.4%)
Total tracing 11.088 s -
Total appsec 11.06 s -27.938 ms (-0.3%)
Total iast 11.211 s 122.854 ms (1.1%)
Total profiling 11.135 s 46.899 ms (0.4%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.113 s -
Agent appsec 1.296 s 182.508 ms (16.4%)
Agent iast 1.246 s 132.324 ms (11.9%)
Agent profiling 1.237 s 123.297 ms (11.1%)
Total tracing 10.906 s -
Total appsec 11.159 s 252.479 ms (2.3%)
Total iast 11.264 s 357.999 ms (3.3%)
Total profiling 11.145 s 238.823 ms (2.2%) 
gantt
    title petclinic - break down per module: candidate=1.57.0-SNAPSHOT~fcfbb527cc, baseline=1.57.0-SNAPSHOT~c8bb44440b

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.53 ms) : 0, 1530
crashtracking [candidate] (1.474 ms) : 0, 1474
BytebuddyAgent [baseline] (714.074 ms) : 0, 714074
BytebuddyAgent [candidate] (713.911 ms) : 0, 713911
GlobalTracer [baseline] (251.043 ms) : 0, 251043
GlobalTracer [candidate] (252.973 ms) : 0, 252973
AppSec [baseline] (32.249 ms) : 0, 32249
AppSec [candidate] (32.543 ms) : 0, 32543
Debugger [baseline] (64.578 ms) : 0, 64578
Debugger [candidate] (64.957 ms) : 0, 64957
Remote Config [baseline] (633.558 µs) : 0, 634
Remote Config [candidate] (641.734 µs) : 0, 642
Telemetry [baseline] (8.376 ms) : 0, 8376
Telemetry [candidate] (8.407 ms) : 0, 8407
Flare Poller [baseline] (3.796 ms) : 0, 3796
Flare Poller [candidate] (3.784 ms) : 0, 3784
section appsec
crashtracking [baseline] (1.505 ms) : 0, 1505
crashtracking [candidate] (1.498 ms) : 0, 1498
BytebuddyAgent [baseline] (739.211 ms) : 0, 739211
BytebuddyAgent [candidate] (739.055 ms) : 0, 739055
GlobalTracer [baseline] (243.365 ms) : 0, 243365
GlobalTracer [candidate] (243.693 ms) : 0, 243693
AppSec [baseline] (175.092 ms) : 0, 175092
AppSec [candidate] (175.733 ms) : 0, 175733
Debugger [baseline] (61.442 ms) : 0, 61442
Debugger [candidate] (62.343 ms) : 0, 62343
Remote Config [baseline] (668.651 µs) : 0, 669
Remote Config [candidate] (685.622 µs) : 0, 686
Telemetry [baseline] (8.262 ms) : 0, 8262
Telemetry [candidate] (8.462 ms) : 0, 8462
Flare Poller [baseline] (3.99 ms) : 0, 3990
Flare Poller [candidate] (4.181 ms) : 0, 4181
IAST [baseline] (24.948 ms) : 0, 24948
IAST [candidate] (25.122 ms) : 0, 25122
section iast
crashtracking [baseline] (1.496 ms) : 0, 1496
crashtracking [candidate] (1.502 ms) : 0, 1502
BytebuddyAgent [baseline] (840.314 ms) : 0, 840314
BytebuddyAgent [candidate] (836.94 ms) : 0, 836940
GlobalTracer [baseline] (239.1 ms) : 0, 239100
GlobalTracer [candidate] (238.779 ms) : 0, 238779
AppSec [baseline] (30.44 ms) : 0, 30440
AppSec [candidate] (30.315 ms) : 0, 30315
Debugger [baseline] (60.781 ms) : 0, 60781
Debugger [candidate] (60.633 ms) : 0, 60633
Remote Config [baseline] (553.431 µs) : 0, 553
Remote Config [candidate] (545.652 µs) : 0, 546
Telemetry [baseline] (7.631 ms) : 0, 7631
Telemetry [candidate] (7.57 ms) : 0, 7570
Flare Poller [baseline] (3.488 ms) : 0, 3488
Flare Poller [candidate] (3.472 ms) : 0, 3472
IAST [baseline] (30.855 ms) : 0, 30855
IAST [candidate] (31.009 ms) : 0, 31009
section profiling
crashtracking [baseline] (1.439 ms) : 0, 1439
crashtracking [candidate] (1.437 ms) : 0, 1437
BytebuddyAgent [baseline] (736.164 ms) : 0, 736164
BytebuddyAgent [candidate] (736.948 ms) : 0, 736948
GlobalTracer [baseline] (224.116 ms) : 0, 224116
GlobalTracer [candidate] (223.821 ms) : 0, 223821
AppSec [baseline] (32.421 ms) : 0, 32421
AppSec [candidate] (32.362 ms) : 0, 32362
Debugger [baseline] (63.688 ms) : 0, 63688
Debugger [candidate] (63.548 ms) : 0, 63548
Remote Config [baseline] (673.051 µs) : 0, 673
Remote Config [candidate] (655.081 µs) : 0, 655
Telemetry [baseline] (7.959 ms) : 0, 7959
Telemetry [candidate] (7.929 ms) : 0, 7929
Flare Poller [baseline] (3.821 ms) : 0, 3821
Flare Poller [candidate] (3.716 ms) : 0, 3716
ProfilingAgent [baseline] (97.977 ms) : 0, 97977
ProfilingAgent [candidate] (97.146 ms) : 0, 97146
Profiling [baseline] (98.564 ms) : 0, 98564
Profiling [candidate] (97.739 ms) : 0, 97739
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master dependabot/github_actions/gh-actions-packages-ebb5f02585
git_commit_date 1763992896 1764007108
git_commit_sha c8bb444 fcfbb52
release_version 1.57.0-SNAPSHOT~c8bb44440b 1.57.0-SNAPSHOT~fcfbb527cc
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1764009425 1764009425
ci_job_id 1254193154 1254193154
ci_pipeline_id 83840348 83840348
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-o8hqc08h 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-o8hqc08h 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 1 performance regressions! Performance is the same for 18 metrics, 16 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:petclinic:tracing:high_load better
[-1355.650µs; -404.053µs] or [-7.433%; -2.215%]		 same
[-1292.662µs; +315.536µs] or [-4.378%; +1.069%]		 unstable
[-16.678op/s; +39.678op/s] or [-6.640%; +15.796%]		 17.359ms 29.041ms 262.688op/s 18.238ms 29.529ms 251.188op/s
scenario:load:petclinic:profiling:high_load worse
[+0.736ms; +2.021ms] or [+4.009%; +11.014%]		 unsure
[+0.395ms; +2.213ms] or [+1.330%; +7.444%]		 unstable
[-40.483op/s; +14.483op/s] or [-16.240%; +5.810%]		 19.728ms 31.036ms 236.281op/s 18.349ms 29.731ms 249.281op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.57.0-SNAPSHOT~fcfbb527cc, baseline=1.57.0-SNAPSHOT~c8bb44440b
    dateFormat X
    axisFormat %s
section baseline
no_agent (18.062 ms) : 17878, 18245
.   : milestone, 18062,
appsec (18.627 ms) : 18441, 18814
.   : milestone, 18627,
code_origins (17.777 ms) : 17601, 17954
.   : milestone, 17777,
iast (17.722 ms) : 17545, 17899
.   : milestone, 17722,
profiling (18.724 ms) : 18539, 18910
.   : milestone, 18724,
tracing (18.583 ms) : 18397, 18769
.   : milestone, 18583,
section candidate
no_agent (19.249 ms) : 19048, 19451
.   : milestone, 19249,
appsec (18.798 ms) : 18608, 18988
.   : milestone, 18798,
code_origins (17.636 ms) : 17464, 17808
.   : milestone, 17636,
iast (17.677 ms) : 17501, 17853
.   : milestone, 17677,
profiling (19.759 ms) : 19555, 19964
.   : milestone, 19759,
tracing (17.76 ms) : 17582, 17938
.   : milestone, 17760,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 18.062 ms [17.878 ms, 18.245 ms] -
appsec 18.627 ms [18.441 ms, 18.814 ms] 565.879 µs (3.1%)
code_origins 17.777 ms [17.601 ms, 17.954 ms] -284.031 µs (-1.6%)
iast 17.722 ms [17.545 ms, 17.899 ms] -339.785 µs (-1.9%)
profiling 18.724 ms [18.539 ms, 18.91 ms] 662.658 µs (3.7%)
tracing 18.583 ms [18.397 ms, 18.769 ms] 521.737 µs (2.9%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 19.249 ms [19.048 ms, 19.451 ms] -
appsec 18.798 ms [18.608 ms, 18.988 ms] -451.222 µs (-2.3%)
code_origins 17.636 ms [17.464 ms, 17.808 ms] -1.613 ms (-8.4%)
iast 17.677 ms [17.501 ms, 17.853 ms] -1.573 ms (-8.2%)
profiling 19.759 ms [19.555 ms, 19.964 ms] 510.176 µs (2.7%)
tracing 17.76 ms [17.582 ms, 17.938 ms] -1.489 ms (-7.7%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.57.0-SNAPSHOT~fcfbb527cc, baseline=1.57.0-SNAPSHOT~c8bb44440b
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.214 ms) : 1202, 1225
.   : milestone, 1214,
iast (3.206 ms) : 3165, 3248
.   : milestone, 3206,
iast_FULL (5.67 ms) : 5614, 5726
.   : milestone, 5670,
iast_GLOBAL (3.564 ms) : 3520, 3609
.   : milestone, 3564,
profiling (2.169 ms) : 2149, 2190
.   : milestone, 2169,
tracing (1.768 ms) : 1754, 1783
.   : milestone, 1768,
section candidate
no_agent (1.209 ms) : 1197, 1221
.   : milestone, 1209,
iast (3.237 ms) : 3188, 3285
.   : milestone, 3237,
iast_FULL (5.756 ms) : 5687, 5826
.   : milestone, 5756,
iast_GLOBAL (3.644 ms) : 3596, 3693
.   : milestone, 3644,
profiling (2.131 ms) : 2111, 2150
.   : milestone, 2131,
tracing (1.795 ms) : 1781, 1809
.   : milestone, 1795,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.214 ms [1.202 ms, 1.225 ms] -
iast 3.206 ms [3.165 ms, 3.248 ms] 1.993 ms (164.2%)
iast_FULL 5.67 ms [5.614 ms, 5.726 ms] 4.456 ms (367.2%)
iast_GLOBAL 3.564 ms [3.52 ms, 3.609 ms] 2.351 ms (193.7%)
profiling 2.169 ms [2.149 ms, 2.19 ms] 955.705 µs (78.7%)
tracing 1.768 ms [1.754 ms, 1.783 ms] 554.859 µs (45.7%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.209 ms [1.197 ms, 1.221 ms] -
iast 3.237 ms [3.188 ms, 3.285 ms] 2.027 ms (167.7%)
iast_FULL 5.756 ms [5.687 ms, 5.826 ms] 4.547 ms (376.1%)
iast_GLOBAL 3.644 ms [3.596 ms, 3.693 ms] 2.435 ms (201.4%)
profiling 2.131 ms [2.111 ms, 2.15 ms] 921.635 µs (76.2%)
tracing 1.795 ms [1.781 ms, 1.809 ms] 585.958 µs (48.5%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master dependabot/github_actions/gh-actions-packages-ebb5f02585
git_commit_date 1763992896 1764007108
git_commit_sha c8bb444 fcfbb52
release_version 1.57.0-SNAPSHOT~c8bb44440b 1.57.0-SNAPSHOT~fcfbb527cc
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1764009229 1764009229
ci_job_id 1254193156 1254193156
ci_pipeline_id 83840348 83840348
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-3j89k8gs 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-3j89k8gs 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.57.0-SNAPSHOT~fcfbb527cc, baseline=1.57.0-SNAPSHOT~c8bb44440b
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.03 s) : 15030000, 15030000
.   : milestone, 15030000,
appsec (14.866 s) : 14866000, 14866000
.   : milestone, 14866000,
iast (18.596 s) : 18596000, 18596000
.   : milestone, 18596000,
iast_GLOBAL (18.042 s) : 18042000, 18042000
.   : milestone, 18042000,
profiling (14.546 s) : 14546000, 14546000
.   : milestone, 14546000,
tracing (14.672 s) : 14672000, 14672000
.   : milestone, 14672000,
section candidate
no_agent (15.251 s) : 15251000, 15251000
.   : milestone, 15251000,
appsec (14.823 s) : 14823000, 14823000
.   : milestone, 14823000,
iast (18.551 s) : 18551000, 18551000
.   : milestone, 18551000,
iast_GLOBAL (18.231 s) : 18231000, 18231000
.   : milestone, 18231000,
profiling (14.385 s) : 14385000, 14385000
.   : milestone, 14385000,
tracing (14.887 s) : 14887000, 14887000
.   : milestone, 14887000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.03 s [15.03 s, 15.03 s] -
appsec 14.866 s [14.866 s, 14.866 s] -164.0 ms (-1.1%)
iast 18.596 s [18.596 s, 18.596 s] 3.566 s (23.7%)
iast_GLOBAL 18.042 s [18.042 s, 18.042 s] 3.012 s (20.0%)
profiling 14.546 s [14.546 s, 14.546 s] -484.0 ms (-3.2%)
tracing 14.672 s [14.672 s, 14.672 s] -358.0 ms (-2.4%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.251 s [15.251 s, 15.251 s] -
appsec 14.823 s [14.823 s, 14.823 s] -428.0 ms (-2.8%)
iast 18.551 s [18.551 s, 18.551 s] 3.3 s (21.6%)
iast_GLOBAL 18.231 s [18.231 s, 18.231 s] 2.98 s (19.5%)
profiling 14.385 s [14.385 s, 14.385 s] -866.0 ms (-5.7%)
tracing 14.887 s [14.887 s, 14.887 s] -364.0 ms (-2.4%)
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.57.0-SNAPSHOT~fcfbb527cc, baseline=1.57.0-SNAPSHOT~c8bb44440b
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.482 ms) : 1471, 1494
.   : milestone, 1482,
appsec (2.483 ms) : 2430, 2535
.   : milestone, 2483,
iast (2.237 ms) : 2172, 2302
.   : milestone, 2237,
iast_GLOBAL (2.27 ms) : 2204, 2336
.   : milestone, 2270,
profiling (2.085 ms) : 2032, 2138
.   : milestone, 2085,
tracing (2.063 ms) : 2012, 2114
.   : milestone, 2063,
section candidate
no_agent (1.481 ms) : 1470, 1493
.   : milestone, 1481,
appsec (2.486 ms) : 2434, 2539
.   : milestone, 2486,
iast (2.23 ms) : 2165, 2294
.   : milestone, 2230,
iast_GLOBAL (2.259 ms) : 2194, 2325
.   : milestone, 2259,
profiling (2.107 ms) : 2053, 2162
.   : milestone, 2107,
tracing (2.065 ms) : 2013, 2116
.   : milestone, 2065,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.482 ms [1.471 ms, 1.494 ms] -
appsec 2.483 ms [2.43 ms, 2.535 ms] 1.0 ms (67.5%)
iast 2.237 ms [2.172 ms, 2.302 ms] 754.9 µs (50.9%)
iast_GLOBAL 2.27 ms [2.204 ms, 2.336 ms] 787.725 µs (53.1%)
profiling 2.085 ms [2.032 ms, 2.138 ms] 602.816 µs (40.7%)
tracing 2.063 ms [2.012 ms, 2.114 ms] 580.985 µs (39.2%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.481 ms [1.47 ms, 1.493 ms] -
appsec 2.486 ms [2.434 ms, 2.539 ms] 1.005 ms (67.8%)
iast 2.23 ms [2.165 ms, 2.294 ms] 748.256 µs (50.5%)
iast_GLOBAL 2.259 ms [2.194 ms, 2.325 ms] 778.008 µs (52.5%)
profiling 2.107 ms [2.053 ms, 2.162 ms] 625.689 µs (42.2%)
tracing 2.065 ms [2.013 ms, 2.116 ms] 583.242 µs (39.4%)

@PerfectSlayer PerfectSlayer added the tag: do not merge Do not merge changes label Nov 25, 2025
@PerfectSlayer PerfectSlayer changed the title chore(ci): bump the gh-actions-packages group across 1 directory with 2 updates DO NOT MERGE - chore(ci): bump the gh-actions-packages group across 1 directory with 2 updates Nov 25, 2025
@PerfectSlayer PerfectSlayer removed the tag: do not merge Do not merge changes label Nov 26, 2025
@PerfectSlayer PerfectSlayer changed the title DO NOT MERGE - chore(ci): bump the gh-actions-packages group across 1 directory with 2 updates chore(ci): bump the gh-actions-packages group across 1 directory with 2 updates Nov 26, 2025
@PerfectSlayer PerfectSlayer merged commit c69c2cd into master Nov 26, 2025
390 of 396 checks passed
@PerfectSlayer PerfectSlayer deleted the dependabot/github_actions/gh-actions-packages-ebb5f02585 branch November 26, 2025 07:16
@github-actions github-actions bot added this to the 1.57.0 milestone Nov 26, 2025
@PerfectSlayer
Copy link
Contributor

PerfectSlayer commented Nov 26, 2025

There was an irrelevant issue with system tests #10033
I used this issue to investigate it (hence the temporary "do not merge" state).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PerfectSlayer PerfectSlayer PerfectSlayer approved these changes

Assignees

No one assigned

Labels

comp: tooling Build & Tooling tag: dependencies Dependencies related changes tag: no release notes Changes to exclude from release notes

Projects

None yet

Milestone

1.57.0

Development

Successfully merging this pull request may close these issues.

2 participants

@PerfectSlayer