chore(ci): bump the gh-actions-packages group with 2 updates

[dependabot]

Bumps the gh-actions-packages group with 2 updates: github/codeql-action and aquasecurity/trivy-action.

Updates github/codeql-action from 4.32.5 to 4.32.6

Release notes

Sourced from github/codeql-action's releases.

v4.32.6

• Update default CodeQL bundle version to 2.24.3. #3548

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

• Fixed a bug which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. #3557
• The CodeQL Action now loads custom repository properties on GitHub Enterprise Server, enabling the customization of features such as github-codeql-disable-overlay that was previously only available on GitHub.com. #3559
• Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". #3564

4.32.6 - 05 Mar 2026

• Update default CodeQL bundle version to 2.24.3. #3548

4.32.5 - 02 Mar 2026

• Repositories owned by an organization can now set up the github-codeql-disable-overlay custom repository property to disable improved incremental analysis for CodeQL. First, create a custom repository property with the name github-codeql-disable-overlay and the type "True/false" in the organization's settings. Then in the repository's settings, set this property to true to disable improved incremental analysis. For more information, see Managing custom properties for repositories in your organization. This feature is not yet available on GitHub Enterprise Server. #3507
• Added an experimental change so that when improved incremental analysis fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. #3487
• The minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. #3515
• Reduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. #3516
• Added an experimental change which lowers the minimum disk space requirement for improved incremental analysis, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. #3498
• Added an experimental change which allows the start-proxy action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. #3512
• The previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. #3503, #3504

4.32.4 - 20 Feb 2026

• Update default CodeQL bundle version to 2.24.2. #3493
• Added an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when private package registries are configured. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. #3473
• When the CodeQL Action is run with debugging enabled in Default Setup and private package registries are configured, the "Setup proxy for registries" step will output additional diagnostic information that can be used for troubleshooting. #3486
• Added a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. #3485
• Added a setting which enables GitHub-managed workflows, such as Default Setup, to use a nightly CodeQL CLI release instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. #3484

4.32.3 - 13 Feb 2026

• Added experimental support for testing connections to private package registries. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. #3466

4.32.2 - 05 Feb 2026

• Update default CodeQL bundle version to 2.24.1. #3460

4.32.1 - 02 Feb 2026

• A warning is now shown in Default Setup workflow logs if a private package registry is configured using a GitHub Personal Access Token (PAT), but no username is configured. #3422
• Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. #3421

4.32.0 - 26 Jan 2026

• Update default CodeQL bundle version to 2.24.0. #3425

4.31.11 - 23 Jan 2026

... (truncated)

Commits

• 0d579ff Merge pull request #3551 from github/update-v4.32.6-72d2d850d
• d4c6be7 Update changelog for v4.32.6
• 72d2d85 Merge pull request #3548 from github/update-bundle/codeql-bundle-v2.24.3
• 23f983c Merge pull request #3544 from github/dependabot/github_actions/dot-github/wor...
• 832e97c Merge pull request #3545 from github/dependabot/github_actions/dot-github/wor...
• 5ef38c0 Merge pull request #3546 from github/dependabot/npm_and_yarn/tar-7.5.10
• 80c9cda Add changelog note
• f2669dd Update default bundle to codeql-bundle-v2.24.3
• bd03c44 Merge branch 'main' into dependabot/github_actions/dot-github/workflows/actio...
• 102d762 Bump tar from 7.5.7 to 7.5.10
• Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.34.2 to 0.35.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.35.0

What's Changed

• chore(deps): Update trivy to v0.69.3 by @​aqua-bot in aquasecurity/trivy-action#519

Full Changelog: aquasecurity/trivy-action@0.34.2...0.35.0

Commits

• 57a97c7 chore(deps): Update trivy to v0.69.3 (#519)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[pr-commenter]

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	dependabot/github_actions/gh-actions-packages-6e6b86c36e
git_commit_date	1773708467	1773708510
git_commit_sha	ea1eeab	36e59d7
release_version	1.61.0-SNAPSHOT~ea1eeabe60	1.61.0-SNAPSHOT~36e59d7ac2

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1773710275	1773710275
ci_job_id	1511409765	1511409765
ci_pipeline_id	102862024	102862024
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-0-6u1idaa5 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-0-6u1idaa5 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 60 metrics, 11 unstable metrics.

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.61.0-SNAPSHOT~36e59d7ac2, baseline=1.61.0-SNAPSHOT~ea1eeabe60

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.062 s) : 0, 1061682
Total [baseline] (11.09 s) : 0, 11090300
Agent [candidate] (1.06 s) : 0, 1060326
Total [candidate] (11.127 s) : 0, 11127372
section appsec
Agent [baseline] (1.252 s) : 0, 1252251
Total [baseline] (11.193 s) : 0, 11193282
Agent [candidate] (1.254 s) : 0, 1254465
Total [candidate] (11.269 s) : 0, 11269200
section iast
Agent [baseline] (1.236 s) : 0, 1235637
Total [baseline] (11.431 s) : 0, 11431411
Agent [candidate] (1.229 s) : 0, 1229241
Total [candidate] (11.304 s) : 0, 11304246
section profiling
Agent [baseline] (1.182 s) : 0, 1181742
Total [baseline] (11.053 s) : 0, 11053408
Agent [candidate] (1.19 s) : 0, 1190358
Total [candidate] (11.216 s) : 0, 11215929

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.062 s	-
Agent	appsec	1.252 s	190.568 ms (17.9%)
Agent	iast	1.236 s	173.954 ms (16.4%)
Agent	profiling	1.182 s	120.06 ms (11.3%)
Total	tracing	11.09 s	-
Total	appsec	11.193 s	102.982 ms (0.9%)
Total	iast	11.431 s	341.111 ms (3.1%)
Total	profiling	11.053 s	-36.892 ms (-0.3%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.06 s	-
Agent	appsec	1.254 s	194.139 ms (18.3%)
Agent	iast	1.229 s	168.915 ms (15.9%)
Agent	profiling	1.19 s	130.032 ms (12.3%)
Total	tracing	11.127 s	-
Total	appsec	11.269 s	141.828 ms (1.3%)
Total	iast	11.304 s	176.874 ms (1.6%)
Total	profiling	11.216 s	88.557 ms (0.8%)

gantt
    title petclinic - break down per module: candidate=1.61.0-SNAPSHOT~36e59d7ac2, baseline=1.61.0-SNAPSHOT~ea1eeabe60

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.208 ms) : 0, 1208
crashtracking [candidate] (1.192 ms) : 0, 1192
BytebuddyAgent [baseline] (628.753 ms) : 0, 628753
BytebuddyAgent [candidate] (629.389 ms) : 0, 629389
AgentMeter [baseline] (29.269 ms) : 0, 29269
AgentMeter [candidate] (29.155 ms) : 0, 29155
GlobalTracer [baseline] (257.598 ms) : 0, 257598
GlobalTracer [candidate] (257.443 ms) : 0, 257443
AppSec [baseline] (31.824 ms) : 0, 31824
AppSec [candidate] (31.684 ms) : 0, 31684
Debugger [baseline] (60.39 ms) : 0, 60390
Debugger [candidate] (60.279 ms) : 0, 60279
Remote Config [baseline] (588.839 µs) : 0, 589
Remote Config [candidate] (589.742 µs) : 0, 590
Telemetry [baseline] (7.988 ms) : 0, 7988
Telemetry [candidate] (8.079 ms) : 0, 8079
Flare Poller [baseline] (8.034 ms) : 0, 8034
Flare Poller [candidate] (6.464 ms) : 0, 6464
section appsec
crashtracking [baseline] (1.21 ms) : 0, 1210
crashtracking [candidate] (1.201 ms) : 0, 1201
BytebuddyAgent [baseline] (661.244 ms) : 0, 661244
BytebuddyAgent [candidate] (662.494 ms) : 0, 662494
AgentMeter [baseline] (12.145 ms) : 0, 12145
AgentMeter [candidate] (12.148 ms) : 0, 12148
GlobalTracer [baseline] (259.11 ms) : 0, 259110
GlobalTracer [candidate] (259.835 ms) : 0, 259835
IAST [baseline] (24.324 ms) : 0, 24324
IAST [candidate] (24.345 ms) : 0, 24345
AppSec [baseline] (178.295 ms) : 0, 178295
AppSec [candidate] (178.452 ms) : 0, 178452
Debugger [baseline] (66.807 ms) : 0, 66807
Debugger [candidate] (66.9 ms) : 0, 66900
Remote Config [baseline] (636.59 µs) : 0, 637
Remote Config [candidate] (626.215 µs) : 0, 626
Telemetry [baseline] (8.37 ms) : 0, 8370
Telemetry [candidate] (8.338 ms) : 0, 8338
Flare Poller [baseline] (3.604 ms) : 0, 3604
Flare Poller [candidate] (3.592 ms) : 0, 3592
section iast
crashtracking [baseline] (1.209 ms) : 0, 1209
crashtracking [candidate] (1.199 ms) : 0, 1199
BytebuddyAgent [baseline] (802.142 ms) : 0, 802142
BytebuddyAgent [candidate] (797.258 ms) : 0, 797258
AgentMeter [baseline] (11.464 ms) : 0, 11464
AgentMeter [candidate] (11.365 ms) : 0, 11365
GlobalTracer [baseline] (248.106 ms) : 0, 248106
GlobalTracer [candidate] (247.872 ms) : 0, 247872
IAST [baseline] (25.326 ms) : 0, 25326
IAST [candidate] (25.304 ms) : 0, 25304
AppSec [baseline] (26.493 ms) : 0, 26493
AppSec [candidate] (26.531 ms) : 0, 26531
Debugger [baseline] (71.359 ms) : 0, 71359
Debugger [candidate] (70.594 ms) : 0, 70594
Remote Config [baseline] (541.94 µs) : 0, 542
Remote Config [candidate] (525.102 µs) : 0, 525
Telemetry [baseline] (9.271 ms) : 0, 9271
Telemetry [candidate] (9.109 ms) : 0, 9109
Flare Poller [baseline] (3.359 ms) : 0, 3359
Flare Poller [candidate] (3.319 ms) : 0, 3319
section profiling
crashtracking [baseline] (1.174 ms) : 0, 1174
crashtracking [candidate] (1.188 ms) : 0, 1188
BytebuddyAgent [baseline] (682.23 ms) : 0, 682230
BytebuddyAgent [candidate] (686.295 ms) : 0, 686295
AgentMeter [baseline] (8.66 ms) : 0, 8660
AgentMeter [candidate] (8.671 ms) : 0, 8671
GlobalTracer [baseline] (215.241 ms) : 0, 215241
GlobalTracer [candidate] (216.628 ms) : 0, 216628
AppSec [baseline] (32.193 ms) : 0, 32193
AppSec [candidate] (32.59 ms) : 0, 32590
Debugger [baseline] (64.304 ms) : 0, 64304
Debugger [candidate] (65.222 ms) : 0, 65222
Remote Config [baseline] (580.66 µs) : 0, 581
Remote Config [candidate] (587.753 µs) : 0, 588
Telemetry [baseline] (8.422 ms) : 0, 8422
Telemetry [candidate] (9.379 ms) : 0, 9379
Flare Poller [baseline] (4.213 ms) : 0, 4213
Flare Poller [candidate] (3.599 ms) : 0, 3599
ProfilingAgent [baseline] (93.838 ms) : 0, 93838
ProfilingAgent [candidate] (94.969 ms) : 0, 94969
Profiling [baseline] (94.404 ms) : 0, 94404
Profiling [candidate] (95.536 ms) : 0, 95536

Loading

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.61.0-SNAPSHOT~36e59d7ac2, baseline=1.61.0-SNAPSHOT~ea1eeabe60

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.055 s) : 0, 1055464
Total [baseline] (8.86 s) : 0, 8859845
Agent [candidate] (1.064 s) : 0, 1064003
Total [candidate] (8.878 s) : 0, 8877711
section iast
Agent [baseline] (1.224 s) : 0, 1223627
Total [baseline] (9.571 s) : 0, 9570547
Agent [candidate] (1.224 s) : 0, 1224298
Total [candidate] (9.616 s) : 0, 9615902

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.055 s	-
Agent	iast	1.224 s	168.163 ms (15.9%)
Total	tracing	8.86 s	-
Total	iast	9.571 s	710.703 ms (8.0%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.064 s	-
Agent	iast	1.224 s	160.295 ms (15.1%)
Total	tracing	8.878 s	-
Total	iast	9.616 s	738.191 ms (8.3%)

gantt
    title insecure-bank - break down per module: candidate=1.61.0-SNAPSHOT~36e59d7ac2, baseline=1.61.0-SNAPSHOT~ea1eeabe60

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.208 ms) : 0, 1208
crashtracking [candidate] (1.211 ms) : 0, 1211
BytebuddyAgent [baseline] (626.192 ms) : 0, 626192
BytebuddyAgent [candidate] (629.918 ms) : 0, 629918
AgentMeter [baseline] (29.153 ms) : 0, 29153
AgentMeter [candidate] (29.178 ms) : 0, 29178
GlobalTracer [baseline] (256.106 ms) : 0, 256106
GlobalTracer [candidate] (257.788 ms) : 0, 257788
AppSec [baseline] (31.613 ms) : 0, 31613
AppSec [candidate] (31.73 ms) : 0, 31730
Debugger [baseline] (59.374 ms) : 0, 59374
Debugger [candidate] (59.463 ms) : 0, 59463
Remote Config [baseline] (588.1 µs) : 0, 588
Remote Config [candidate] (608.491 µs) : 0, 608
Telemetry [baseline] (8.019 ms) : 0, 8019
Telemetry [candidate] (8.175 ms) : 0, 8175
Flare Poller [baseline] (7.222 ms) : 0, 7222
Flare Poller [candidate] (9.694 ms) : 0, 9694
section iast
crashtracking [baseline] (1.195 ms) : 0, 1195
crashtracking [candidate] (1.201 ms) : 0, 1201
BytebuddyAgent [baseline] (793.615 ms) : 0, 793615
BytebuddyAgent [candidate] (792.821 ms) : 0, 792821
AgentMeter [baseline] (11.323 ms) : 0, 11323
AgentMeter [candidate] (11.293 ms) : 0, 11293
GlobalTracer [baseline] (246.468 ms) : 0, 246468
GlobalTracer [candidate] (246.898 ms) : 0, 246898
AppSec [baseline] (27.326 ms) : 0, 27326
AppSec [candidate] (26.365 ms) : 0, 26365
Debugger [baseline] (67.342 ms) : 0, 67342
Debugger [candidate] (70.949 ms) : 0, 70949
Remote Config [baseline] (519.675 µs) : 0, 520
Remote Config [candidate] (542.788 µs) : 0, 543
Telemetry [baseline] (10.731 ms) : 0, 10731
Telemetry [candidate] (9.348 ms) : 0, 9348
Flare Poller [baseline] (3.768 ms) : 0, 3768
Flare Poller [candidate] (3.458 ms) : 0, 3458
IAST [baseline] (25.288 ms) : 0, 25288
IAST [candidate] (25.299 ms) : 0, 25299

Loading

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	dependabot/github_actions/gh-actions-packages-6e6b86c36e
git_commit_date	1773708467	1773708510
git_commit_sha	ea1eeab	36e59d7
release_version	1.61.0-SNAPSHOT~ea1eeabe60	1.61.0-SNAPSHOT~36e59d7ac2

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1773710747	1773710747
ci_job_id	1511409766	1511409766
ci_pipeline_id	102862024	102862024
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-0-pvz28r9z 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-0-pvz28r9z 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 19 metrics, 16 unstable metrics.

scenario	Δ mean agg_http_req_duration_p50	Δ mean agg_http_req_duration_p95	Δ mean throughput	candidate mean agg_http_req_duration_p50	candidate mean agg_http_req_duration_p95	candidate mean throughput	baseline mean agg_http_req_duration_p50	baseline mean agg_http_req_duration_p95	baseline mean throughput
scenario:load:petclinic:no_agent:high_load	better [-2.702ms; -1.061ms] or [-14.699%; -5.770%]	unstable [-4.047ms; -0.727ms] or [-13.313%; -2.390%]	unstable [-5.478op/s; +59.540op/s] or [-2.216%; +24.084%]	16.502ms	28.012ms	274.250op/s	18.384ms	30.398ms	247.219op/s

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.61.0-SNAPSHOT~36e59d7ac2, baseline=1.61.0-SNAPSHOT~ea1eeabe60
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.177 ms) : 1165, 1188
.   : milestone, 1177,
iast (3.226 ms) : 3184, 3268
.   : milestone, 3226,
iast_FULL (5.749 ms) : 5691, 5807
.   : milestone, 5749,
iast_GLOBAL (3.513 ms) : 3455, 3571
.   : milestone, 3513,
profiling (1.926 ms) : 1910, 1942
.   : milestone, 1926,
tracing (1.741 ms) : 1726, 1755
.   : milestone, 1741,
section candidate
no_agent (1.179 ms) : 1167, 1190
.   : milestone, 1179,
iast (3.249 ms) : 3203, 3295
.   : milestone, 3249,
iast_FULL (5.832 ms) : 5773, 5890
.   : milestone, 5832,
iast_GLOBAL (3.428 ms) : 3372, 3484
.   : milestone, 3428,
profiling (1.996 ms) : 1979, 2013
.   : milestone, 1996,
tracing (1.795 ms) : 1781, 1809
.   : milestone, 1795,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.177 ms [1.165 ms, 1.188 ms]	-
iast	3.226 ms [3.184 ms, 3.268 ms]	2.049 ms (174.2%)
iast_FULL	5.749 ms [5.691 ms, 5.807 ms]	4.572 ms (388.6%)
iast_GLOBAL	3.513 ms [3.455 ms, 3.571 ms]	2.337 ms (198.6%)
profiling	1.926 ms [1.91 ms, 1.942 ms]	749.538 µs (63.7%)
tracing	1.741 ms [1.726 ms, 1.755 ms]	564.031 µs (47.9%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.179 ms [1.167 ms, 1.19 ms]	-
iast	3.249 ms [3.203 ms, 3.295 ms]	2.07 ms (175.6%)
iast_FULL	5.832 ms [5.773 ms, 5.89 ms]	4.653 ms (394.7%)
iast_GLOBAL	3.428 ms [3.372 ms, 3.484 ms]	2.249 ms (190.8%)
profiling	1.996 ms [1.979 ms, 2.013 ms]	817.189 µs (69.3%)
tracing	1.795 ms [1.781 ms, 1.809 ms]	616.26 µs (52.3%)

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.61.0-SNAPSHOT~36e59d7ac2, baseline=1.61.0-SNAPSHOT~ea1eeabe60
    dateFormat X
    axisFormat %s
section baseline
no_agent (18.879 ms) : 18688, 19071
.   : milestone, 18879,
appsec (18.541 ms) : 18355, 18728
.   : milestone, 18541,
code_origins (17.463 ms) : 17289, 17637
.   : milestone, 17463,
iast (17.714 ms) : 17537, 17891
.   : milestone, 17714,
profiling (18.712 ms) : 18523, 18901
.   : milestone, 18712,
tracing (17.51 ms) : 17340, 17681
.   : milestone, 17510,
section candidate
no_agent (17.007 ms) : 16840, 17175
.   : milestone, 17007,
appsec (18.481 ms) : 18292, 18671
.   : milestone, 18481,
code_origins (17.876 ms) : 17697, 18054
.   : milestone, 17876,
iast (18.051 ms) : 17869, 18233
.   : milestone, 18051,
profiling (18.722 ms) : 18537, 18907
.   : milestone, 18722,
tracing (18.015 ms) : 17834, 18196
.   : milestone, 18015,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	18.879 ms [18.688 ms, 19.071 ms]	-
appsec	18.541 ms [18.355 ms, 18.728 ms]	-337.707 µs (-1.8%)
code_origins	17.463 ms [17.289 ms, 17.637 ms]	-1.416 ms (-7.5%)
iast	17.714 ms [17.537 ms, 17.891 ms]	-1.165 ms (-6.2%)
profiling	18.712 ms [18.523 ms, 18.901 ms]	-167.012 µs (-0.9%)
tracing	17.51 ms [17.34 ms, 17.681 ms]	-1.369 ms (-7.3%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	17.007 ms [16.84 ms, 17.175 ms]	-
appsec	18.481 ms [18.292 ms, 18.671 ms]	1.474 ms (8.7%)
code_origins	17.876 ms [17.697 ms, 18.054 ms]	868.155 µs (5.1%)
iast	18.051 ms [17.869 ms, 18.233 ms]	1.044 ms (6.1%)
profiling	18.722 ms [18.537 ms, 18.907 ms]	1.715 ms (10.1%)
tracing	18.015 ms [17.834 ms, 18.196 ms]	1.007 ms (5.9%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	dependabot/github_actions/gh-actions-packages-6e6b86c36e
git_commit_date	1773708467	1773708510
git_commit_sha	ea1eeab	36e59d7
release_version	1.61.0-SNAPSHOT~ea1eeabe60	1.61.0-SNAPSHOT~36e59d7ac2

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1773710608	1773710608
ci_job_id	1511409767	1511409767
ci_pipeline_id	102862024	102862024
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-1-c007hmgk 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-1-c007hmgk 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 0 unstable metrics.

scenario	Δ mean execution_time	candidate mean execution_time	baseline mean execution_time
scenario:dacapo:tomcat:appsec	better [-1.457ms; -1.110ms] or [-38.328%; -29.193%]	2.519ms	3.802ms

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.61.0-SNAPSHOT~36e59d7ac2, baseline=1.61.0-SNAPSHOT~ea1eeabe60
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.915 s) : 14915000, 14915000
.   : milestone, 14915000,
appsec (14.493 s) : 14493000, 14493000
.   : milestone, 14493000,
iast (17.826 s) : 17826000, 17826000
.   : milestone, 17826000,
iast_GLOBAL (18.164 s) : 18164000, 18164000
.   : milestone, 18164000,
profiling (14.996 s) : 14996000, 14996000
.   : milestone, 14996000,
tracing (14.862 s) : 14862000, 14862000
.   : milestone, 14862000,
section candidate
no_agent (15.699 s) : 15699000, 15699000
.   : milestone, 15699000,
appsec (14.462 s) : 14462000, 14462000
.   : milestone, 14462000,
iast (18.059 s) : 18059000, 18059000
.   : milestone, 18059000,
iast_GLOBAL (17.938 s) : 17938000, 17938000
.   : milestone, 17938000,
profiling (14.989 s) : 14989000, 14989000
.   : milestone, 14989000,
tracing (14.991 s) : 14991000, 14991000
.   : milestone, 14991000,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.915 s [14.915 s, 14.915 s]	-
appsec	14.493 s [14.493 s, 14.493 s]	-422.0 ms (-2.8%)
iast	17.826 s [17.826 s, 17.826 s]	2.911 s (19.5%)
iast_GLOBAL	18.164 s [18.164 s, 18.164 s]	3.249 s (21.8%)
profiling	14.996 s [14.996 s, 14.996 s]	81.0 ms (0.5%)
tracing	14.862 s [14.862 s, 14.862 s]	-53.0 ms (-0.4%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.699 s [15.699 s, 15.699 s]	-
appsec	14.462 s [14.462 s, 14.462 s]	-1.237 s (-7.9%)
iast	18.059 s [18.059 s, 18.059 s]	2.36 s (15.0%)
iast_GLOBAL	17.938 s [17.938 s, 17.938 s]	2.239 s (14.3%)
profiling	14.989 s [14.989 s, 14.989 s]	-710.0 ms (-4.5%)
tracing	14.991 s [14.991 s, 14.991 s]	-708.0 ms (-4.5%)

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.61.0-SNAPSHOT~36e59d7ac2, baseline=1.61.0-SNAPSHOT~ea1eeabe60
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.473 ms) : 1462, 1485
.   : milestone, 1473,
appsec (3.802 ms) : 3581, 4024
.   : milestone, 3802,
iast (2.245 ms) : 2176, 2314
.   : milestone, 2245,
iast_GLOBAL (2.295 ms) : 2226, 2364
.   : milestone, 2295,
profiling (2.099 ms) : 2043, 2155
.   : milestone, 2099,
tracing (2.077 ms) : 2023, 2131
.   : milestone, 2077,
section candidate
no_agent (1.471 ms) : 1459, 1482
.   : milestone, 1471,
appsec (2.519 ms) : 2464, 2574
.   : milestone, 2519,
iast (2.254 ms) : 2185, 2323
.   : milestone, 2254,
iast_GLOBAL (2.301 ms) : 2232, 2371
.   : milestone, 2301,
profiling (2.084 ms) : 2028, 2139
.   : milestone, 2084,
tracing (2.054 ms) : 2000, 2107
.   : milestone, 2054,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.473 ms [1.462 ms, 1.485 ms]	-
appsec	3.802 ms [3.581 ms, 4.024 ms]	2.329 ms (158.1%)
iast	2.245 ms [2.176 ms, 2.314 ms]	771.471 µs (52.4%)
iast_GLOBAL	2.295 ms [2.226 ms, 2.364 ms]	821.616 µs (55.8%)
profiling	2.099 ms [2.043 ms, 2.155 ms]	625.862 µs (42.5%)
tracing	2.077 ms [2.023 ms, 2.131 ms]	603.803 µs (41.0%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.471 ms [1.459 ms, 1.482 ms]	-
appsec	2.519 ms [2.464 ms, 2.574 ms]	1.048 ms (71.3%)
iast	2.254 ms [2.185 ms, 2.323 ms]	783.363 µs (53.3%)
iast_GLOBAL	2.301 ms [2.232 ms, 2.371 ms]	830.817 µs (56.5%)
profiling	2.084 ms [2.028 ms, 2.139 ms]	612.892 µs (41.7%)
tracing	2.054 ms [2.0 ms, 2.107 ms]	583.025 µs (39.6%)

[AlexeyKuznetsov-DD]

/merge

[gh-worker-devflow-routing-ef8351]

View all feedbacks in Devflow UI.

2026-03-16 17:24:39 UTC ℹ️ Start processing command /merge

---

2026-03-16 17:24:49 UTC ℹ️ MergeQueue: waiting for PR to be ready

This pull request is not mergeable according to GitHub. Common reasons include pending required checks, missing approvals, or merge conflicts — but it could also be blocked by other repository rules or settings.
It will be added to the queue as soon as checks pass and/or get approvals. View in MergeQueue UI.
Note: if you pushed new commits since the last approval, you may need additional approval.
You can remove it from the waiting list with /remove command.

---

2026-03-16 17:27:04 UTC ⚠️ MergeQueue: This merge request was unqueued

alexey.kuznetsov@datadoghq.com unqueued this merge request

[AlexeyKuznetsov-DD]

/merge --cancel

[gh-worker-devflow-routing-ef8351]

View all feedbacks in Devflow UI.

2026-03-16 17:26:58 UTC ℹ️ Start processing command /merge --cancel

[dd-octo-sts]

/merge

[gh-worker-devflow-routing-ef8351]

View all feedbacks in Devflow UI.

2026-03-17 01:41:17 UTC ℹ️ Start processing command /merge

---

2026-03-17 01:41:21 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in master is approximately 3h (p90).

---

2026-03-17 02:41:49 UTC ℹ️ MergeQueue: This merge request was merged