Skip to content

chore(ci): bump the gh-actions-packages group with 3 updates #10099

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sarahchen6 merged 2 commits into from
Dec 8, 2025
Merged

chore(ci): bump the gh-actions-packages group with 3 updates #10099

sarahchen6 merged 2 commits into from
Dec 8, 2025
+12 −12

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 8, 2025

Bumps the gh-actions-packages group with 3 updates: actions/checkout, github/codeql-action and actions/stale.

Updates actions/checkout from 6.0.0 to 6.0.1

Release notes

Sourced from actions/checkout's releases.

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

Commits

Updates github/codeql-action from 4.31.6 to 4.31.7

Release notes

Sourced from github/codeql-action's releases.

v4.31.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.7 - 05 Dec 2025

  • Update default CodeQL bundle version to 2.23.7. #3343

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.7 - 05 Dec 2025

  • Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

  • Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

  • CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
  • Update default CodeQL bundle version to 2.23.5. #3288

4.31.2 - 30 Oct 2025

No user facing changes.

4.31.1 - 30 Oct 2025

  • The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

4.31.0 - 24 Oct 2025

  • Bump minimum CodeQL bundle version to 2.17.6. #3223
  • When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

4.30.9 - 17 Oct 2025

  • Update default CodeQL bundle version to 2.23.3. #3205
  • Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204

4.30.8 - 10 Oct 2025

No user facing changes.

... (truncated)

Commits
  • cf1bb45 Merge pull request #3344 from github/update-v4.31.7-f5c63fadd
  • f4ebe95 Update changelog for v4.31.7
  • f5c63fa Merge pull request #3343 from github/update-bundle/codeql-bundle-v2.23.7
  • a2c01e7 Add changelog note
  • ac34c13 Update default bundle to codeql-bundle-v2.23.7
  • 267c467 Merge pull request #3339 from github/dependabot/npm_and_yarn/npm-minor-77d264...
  • aeabef7 Merge branch 'main' into dependabot/npm_and_yarn/npm-minor-77d26487b0
  • 78357d3 Merge pull request #3341 from github/mbg/ci/update-cs-config-cli-tests
  • d61a6fa Update CLI config test to account for overlay db changes on PRs
  • ce27e95 Rebuild
  • Additional commits viewable in compare view

Updates actions/stale from 10.1.0 to 10.1.1

Release notes

Sourced from actions/stale's releases.

v10.1.1

What's Changed

Bug Fix

Improvement

Dependency Upgrades

New Contributors

Full Changelog: actions/stale@v10...v10.1.1

Commits
  • 9971854 build(deps): bump actions/checkout from 4 to 6 (#1306)
  • 5611b9d build(deps): bump actions/publish-action from 0.3.0 to 0.4.0 (#1291)
  • fad0de8 Improves error handling when rate limiting is disabled on GHES. (#1300)
  • 39bea7d Add Missing Input Reading for only-issue-types (#1298)
  • e46bbab build(deps-dev): bump @​types/node from 20.10.3 to 24.2.0 and document breakin...
  • 65d1d48 build(deps-dev): bump eslint-config-prettier from 8.10.0 to 10.1.8 (#1276)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(ci): bump the gh-actions-packages group with 3 updates
a9fe45d 
Bumps the gh-actions-packages group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [github/codeql-action](https://github.com/github/codeql-action) and [actions/stale](https://github.com/actions/stale).


Updates `actions/checkout` from 6.0.0 to 6.0.1
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@1af3b93...8e8c483)

Updates `github/codeql-action` from 4.31.6 to 4.31.7
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@fe4161a...cf1bb45)

Updates `actions/stale` from 10.1.0 to 10.1.1
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@5f858e3...9971854)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gh-actions-packages
- dependency-name: github/codeql-action
  dependency-version: 4.31.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gh-actions-packages
- dependency-name: actions/stale
  dependency-version: 10.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gh-actions-packages
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added comp: tooling Build & Tooling tag: dependencies Dependencies related changes tag: no release notes Changes to exclude from release notes labels Dec 8, 2025
@dependabot dependabot bot requested a review from a team as a code owner December 8, 2025 17:17
@dependabot dependabot bot requested review from sarahchen6 and removed request for a team December 8, 2025 17:17
@dependabot dependabot bot added tag: no release notes Changes to exclude from release notes tag: dependencies Dependencies related changes comp: tooling Build & Tooling labels Dec 8, 2025
@pr-commenter
Copy link

pr-commenter bot commented Dec 8, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master dependabot/github_actions/gh-actions-packages-414d85a46e
git_commit_date 1765222535 1765224150
git_commit_sha 94e770c 60f3eb4
release_version 1.57.0-SNAPSHOT~94e770cd67 1.57.0-SNAPSHOT~60f3eb4381
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1765225952 1765225952
ci_job_id 1277194278 1277194278
ci_pipeline_id 85394179 85394179
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-w1hhjxj8 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-w1hhjxj8 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 58 metrics, 7 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.57.0-SNAPSHOT~60f3eb4381, baseline=1.57.0-SNAPSHOT~94e770cd67

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.085 s) : 0, 1084642
Total [baseline] (10.882 s) : 0, 10881719
Agent [candidate] (1.081 s) : 0, 1081394
Total [candidate] (10.813 s) : 0, 10812745
section appsec
Agent [baseline] (1.272 s) : 0, 1271530
Total [baseline] (11.113 s) : 0, 11113225
Agent [candidate] (1.264 s) : 0, 1263668
Total [candidate] (11.085 s) : 0, 11084940
section iast
Agent [baseline] (1.232 s) : 0, 1231518
Total [baseline] (11.183 s) : 0, 11183252
Agent [candidate] (1.223 s) : 0, 1223235
Total [candidate] (11.133 s) : 0, 11133462
section profiling
Agent [baseline] (1.205 s) : 0, 1205319
Total [baseline] (11.046 s) : 0, 11045984
Agent [candidate] (1.203 s) : 0, 1202823
Total [candidate] (10.994 s) : 0, 10993918
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.085 s -
Agent appsec 1.272 s 186.889 ms (17.2%)
Agent iast 1.232 s 146.876 ms (13.5%)
Agent profiling 1.205 s 120.677 ms (11.1%)
Total tracing 10.882 s -
Total appsec 11.113 s 231.506 ms (2.1%)
Total iast 11.183 s 301.533 ms (2.8%)
Total profiling 11.046 s 164.265 ms (1.5%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.081 s -
Agent appsec 1.264 s 182.273 ms (16.9%)
Agent iast 1.223 s 141.841 ms (13.1%)
Agent profiling 1.203 s 121.429 ms (11.2%)
Total tracing 10.813 s -
Total appsec 11.085 s 272.195 ms (2.5%)
Total iast 11.133 s 320.717 ms (3.0%)
Total profiling 10.994 s 181.173 ms (1.7%) 
gantt
    title petclinic - break down per module: candidate=1.57.0-SNAPSHOT~60f3eb4381, baseline=1.57.0-SNAPSHOT~94e770cd67

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.215 ms) : 0, 1215
crashtracking [candidate] (1.197 ms) : 0, 1197
BytebuddyAgent [baseline] (652.356 ms) : 0, 652356
BytebuddyAgent [candidate] (648.935 ms) : 0, 648935
GlobalTracer [baseline] (281.247 ms) : 0, 281247
GlobalTracer [candidate] (282.02 ms) : 0, 282020
AppSec [baseline] (32.318 ms) : 0, 32318
AppSec [candidate] (32.193 ms) : 0, 32193
Debugger [baseline] (68.281 ms) : 0, 68281
Debugger [candidate] (68.05 ms) : 0, 68050
Remote Config [baseline] (657.103 µs) : 0, 657
Remote Config [candidate] (654.222 µs) : 0, 654
Telemetry [baseline] (9.12 ms) : 0, 9120
Telemetry [candidate] (9.004 ms) : 0, 9004
Flare Poller [baseline] (3.781 ms) : 0, 3781
Flare Poller [candidate] (3.774 ms) : 0, 3774
section appsec
crashtracking [baseline] (1.201 ms) : 0, 1201
crashtracking [candidate] (1.198 ms) : 0, 1198
BytebuddyAgent [baseline] (693.625 ms) : 0, 693625
BytebuddyAgent [candidate] (688.867 ms) : 0, 688867
GlobalTracer [baseline] (260.995 ms) : 0, 260995
GlobalTracer [candidate] (259.047 ms) : 0, 259047
AppSec [baseline] (174.549 ms) : 0, 174549
AppSec [candidate] (174.831 ms) : 0, 174831
Debugger [baseline] (66.857 ms) : 0, 66857
Debugger [candidate] (65.957 ms) : 0, 65957
Remote Config [baseline] (714.75 µs) : 0, 715
Remote Config [candidate] (706.748 µs) : 0, 707
Telemetry [baseline] (9.204 ms) : 0, 9204
Telemetry [candidate] (9.016 ms) : 0, 9016
Flare Poller [baseline] (3.952 ms) : 0, 3952
Flare Poller [candidate] (3.993 ms) : 0, 3993
IAST [baseline] (24.807 ms) : 0, 24807
IAST [candidate] (24.545 ms) : 0, 24545
section iast
crashtracking [baseline] (1.196 ms) : 0, 1196
crashtracking [candidate] (1.189 ms) : 0, 1189
BytebuddyAgent [baseline] (795.955 ms) : 0, 795955
BytebuddyAgent [candidate] (790.869 ms) : 0, 790869
GlobalTracer [baseline] (256.997 ms) : 0, 256997
GlobalTracer [candidate] (255.352 ms) : 0, 255352
AppSec [baseline] (35.643 ms) : 0, 35643
AppSec [candidate] (35.247 ms) : 0, 35247
Debugger [baseline] (66.328 ms) : 0, 66328
Debugger [candidate] (65.782 ms) : 0, 65782
Remote Config [baseline] (578.162 µs) : 0, 578
Remote Config [candidate] (560.262 µs) : 0, 560
Telemetry [baseline] (8.448 ms) : 0, 8448
Telemetry [candidate] (8.415 ms) : 0, 8415
Flare Poller [baseline] (3.502 ms) : 0, 3502
Flare Poller [candidate] (3.418 ms) : 0, 3418
IAST [baseline] (27.304 ms) : 0, 27304
IAST [candidate] (27.051 ms) : 0, 27051
section profiling
ProfilingAgent [baseline] (97.301 ms) : 0, 97301
ProfilingAgent [candidate] (97.051 ms) : 0, 97051
crashtracking [baseline] (1.192 ms) : 0, 1192
crashtracking [candidate] (1.212 ms) : 0, 1212
BytebuddyAgent [baseline] (702.35 ms) : 0, 702350
BytebuddyAgent [candidate] (701.161 ms) : 0, 701161
GlobalTracer [baseline] (220.706 ms) : 0, 220706
GlobalTracer [candidate] (220.315 ms) : 0, 220315
AppSec [baseline] (32.199 ms) : 0, 32199
AppSec [candidate] (32.088 ms) : 0, 32088
Debugger [baseline] (68.447 ms) : 0, 68447
Debugger [candidate] (68.261 ms) : 0, 68261
Remote Config [baseline] (632.289 µs) : 0, 632
Remote Config [candidate] (646.127 µs) : 0, 646
Telemetry [baseline] (9.025 ms) : 0, 9025
Telemetry [candidate] (8.911 ms) : 0, 8911
Flare Poller [baseline] (3.813 ms) : 0, 3813
Flare Poller [candidate] (3.732 ms) : 0, 3732
Profiling [baseline] (97.874 ms) : 0, 97874
Profiling [candidate] (97.627 ms) : 0, 97627
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.57.0-SNAPSHOT~60f3eb4381, baseline=1.57.0-SNAPSHOT~94e770cd67

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.087 s) : 0, 1086743
Total [baseline] (8.811 s) : 0, 8810841
Agent [candidate] (1.085 s) : 0, 1085312
Total [candidate] (8.795 s) : 0, 8794910
section iast
Agent [baseline] (1.219 s) : 0, 1219007
Total [baseline] (9.445 s) : 0, 9444999
Agent [candidate] (1.222 s) : 0, 1222007
Total [candidate] (9.472 s) : 0, 9472179
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.087 s -
Agent iast 1.219 s 132.264 ms (12.2%)
Total tracing 8.811 s -
Total iast 9.445 s 634.158 ms (7.2%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.085 s -
Agent iast 1.222 s 136.695 ms (12.6%)
Total tracing 8.795 s -
Total iast 9.472 s 677.268 ms (7.7%) 
gantt
    title insecure-bank - break down per module: candidate=1.57.0-SNAPSHOT~60f3eb4381, baseline=1.57.0-SNAPSHOT~94e770cd67

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.2 ms) : 0, 1200
crashtracking [candidate] (1.2 ms) : 0, 1200
BytebuddyAgent [baseline] (653.641 ms) : 0, 653641
BytebuddyAgent [candidate] (651.142 ms) : 0, 651142
GlobalTracer [baseline] (282.973 ms) : 0, 282973
GlobalTracer [candidate] (283.418 ms) : 0, 283418
AppSec [baseline] (32.581 ms) : 0, 32581
AppSec [candidate] (32.668 ms) : 0, 32668
Debugger [baseline] (67.285 ms) : 0, 67285
Debugger [candidate] (67.81 ms) : 0, 67810
Remote Config [baseline] (669.314 µs) : 0, 669
Remote Config [candidate] (658.704 µs) : 0, 659
Telemetry [baseline] (9.022 ms) : 0, 9022
Telemetry [candidate] (9.042 ms) : 0, 9042
Flare Poller [baseline] (3.766 ms) : 0, 3766
Flare Poller [candidate] (3.856 ms) : 0, 3856
section iast
crashtracking [baseline] (1.195 ms) : 0, 1195
crashtracking [candidate] (1.194 ms) : 0, 1194
BytebuddyAgent [baseline] (788.701 ms) : 0, 788701
BytebuddyAgent [candidate] (790.426 ms) : 0, 790426
GlobalTracer [baseline] (254.579 ms) : 0, 254579
GlobalTracer [candidate] (255.405 ms) : 0, 255405
IAST [baseline] (26.789 ms) : 0, 26789
IAST [candidate] (27.156 ms) : 0, 27156
AppSec [baseline] (35.488 ms) : 0, 35488
AppSec [candidate] (35.298 ms) : 0, 35298
Debugger [baseline] (64.4 ms) : 0, 64400
Debugger [candidate] (64.752 ms) : 0, 64752
Remote Config [baseline] (576.776 µs) : 0, 577
Remote Config [candidate] (576.218 µs) : 0, 576
Telemetry [baseline] (8.374 ms) : 0, 8374
Telemetry [candidate] (8.38 ms) : 0, 8380
Flare Poller [baseline] (3.482 ms) : 0, 3482
Flare Poller [candidate] (3.46 ms) : 0, 3460
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master dependabot/github_actions/gh-actions-packages-414d85a46e
git_commit_date 1765222535 1765224150
git_commit_sha 94e770c 60f3eb4
release_version 1.57.0-SNAPSHOT~94e770cd67 1.57.0-SNAPSHOT~60f3eb4381
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1765226443 1765226443
ci_job_id 1277194279 1277194279
ci_pipeline_id 85394179 85394179
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-s2abhk6l 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-s2abhk6l 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 2 performance improvements and 0 performance regressions! Performance is the same for 19 metrics, 15 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:insecure-bank:iast_FULL:high_load better
[-353.073µs; -102.238µs] or [-7.002%; -2.028%]		 same
[-562.106µs; +146.662µs] or [-4.715%; +1.230%]		 unstable
[-62.920op/s; +128.733op/s] or [-7.736%; +15.827%]		 4.815ms 11.714ms 846.281op/s 5.042ms 11.922ms 813.375op/s
scenario:load:petclinic:profiling:high_load better
[-1.634ms; -0.514ms] or [-8.429%; -2.654%]		 unsure
[-2.191ms; -0.338ms] or [-7.022%; -1.084%]		 unstable
[-11.482op/s; +35.419op/s] or [-4.835%; +14.915%]		 18.309ms 29.941ms 249.438op/s 19.383ms 31.206ms 237.469op/s
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.57.0-SNAPSHOT~60f3eb4381, baseline=1.57.0-SNAPSHOT~94e770cd67
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.187 ms) : 1176, 1198
.   : milestone, 1187,
iast (3.214 ms) : 3173, 3255
.   : milestone, 3214,
iast_FULL (5.682 ms) : 5626, 5738
.   : milestone, 5682,
iast_GLOBAL (3.722 ms) : 3659, 3784
.   : milestone, 3722,
profiling (2.038 ms) : 2021, 2056
.   : milestone, 2038,
tracing (1.83 ms) : 1813, 1846
.   : milestone, 1830,
section candidate
no_agent (1.209 ms) : 1197, 1221
.   : milestone, 1209,
iast (3.143 ms) : 3101, 3186
.   : milestone, 3143,
iast_FULL (5.458 ms) : 5405, 5511
.   : milestone, 5458,
iast_GLOBAL (3.568 ms) : 3517, 3619
.   : milestone, 3568,
profiling (2.069 ms) : 2050, 2087
.   : milestone, 2069,
tracing (1.822 ms) : 1807, 1837
.   : milestone, 1822,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.187 ms [1.176 ms, 1.198 ms] -
iast 3.214 ms [3.173 ms, 3.255 ms] 2.026 ms (170.7%)
iast_FULL 5.682 ms [5.626 ms, 5.738 ms] 4.495 ms (378.6%)
iast_GLOBAL 3.722 ms [3.659 ms, 3.784 ms] 2.534 ms (213.4%)
profiling 2.038 ms [2.021 ms, 2.056 ms] 851.033 µs (71.7%)
tracing 1.83 ms [1.813 ms, 1.846 ms] 642.234 µs (54.1%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.209 ms [1.197 ms, 1.221 ms] -
iast 3.143 ms [3.101 ms, 3.186 ms] 1.934 ms (160.0%)
iast_FULL 5.458 ms [5.405 ms, 5.511 ms] 4.249 ms (351.5%)
iast_GLOBAL 3.568 ms [3.517 ms, 3.619 ms] 2.359 ms (195.2%)
profiling 2.069 ms [2.05 ms, 2.087 ms] 859.85 µs (71.1%)
tracing 1.822 ms [1.807 ms, 1.837 ms] 613.115 µs (50.7%)
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.57.0-SNAPSHOT~60f3eb4381, baseline=1.57.0-SNAPSHOT~94e770cd67
    dateFormat X
    axisFormat %s
section baseline
no_agent (18.162 ms) : 17980, 18345
.   : milestone, 18162,
appsec (18.699 ms) : 18509, 18889
.   : milestone, 18699,
code_origins (17.456 ms) : 17281, 17630
.   : milestone, 17456,
iast (17.868 ms) : 17687, 18049
.   : milestone, 17868,
profiling (19.656 ms) : 19456, 19856
.   : milestone, 19656,
tracing (17.766 ms) : 17591, 17941
.   : milestone, 17766,
section candidate
no_agent (18.487 ms) : 18297, 18677
.   : milestone, 18487,
appsec (18.857 ms) : 18664, 19050
.   : milestone, 18857,
code_origins (18.053 ms) : 17873, 18233
.   : milestone, 18053,
iast (17.679 ms) : 17505, 17854
.   : milestone, 17679,
profiling (18.709 ms) : 18521, 18896
.   : milestone, 18709,
tracing (17.916 ms) : 17738, 18094
.   : milestone, 17916,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 18.162 ms [17.98 ms, 18.345 ms] -
appsec 18.699 ms [18.509 ms, 18.889 ms] 536.817 µs (3.0%)
code_origins 17.456 ms [17.281 ms, 17.63 ms] -706.577 µs (-3.9%)
iast 17.868 ms [17.687 ms, 18.049 ms] -294.048 µs (-1.6%)
profiling 19.656 ms [19.456 ms, 19.856 ms] 1.494 ms (8.2%)
tracing 17.766 ms [17.591 ms, 17.941 ms] -396.681 µs (-2.2%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 18.487 ms [18.297 ms, 18.677 ms] -
appsec 18.857 ms [18.664 ms, 19.05 ms] 370.075 µs (2.0%)
code_origins 18.053 ms [17.873 ms, 18.233 ms] -433.675 µs (-2.3%)
iast 17.679 ms [17.505 ms, 17.854 ms] -807.722 µs (-4.4%)
profiling 18.709 ms [18.521 ms, 18.896 ms] 221.736 µs (1.2%)
tracing 17.916 ms [17.738 ms, 18.094 ms] -570.55 µs (-3.1%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master dependabot/github_actions/gh-actions-packages-414d85a46e
git_commit_date 1765222535 1765224150
git_commit_sha 94e770c 60f3eb4
release_version 1.57.0-SNAPSHOT~94e770cd67 1.57.0-SNAPSHOT~60f3eb4381
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1765226214 1765226214
ci_job_id 1277194280 1277194280
ci_pipeline_id 85394179 85394179
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-i2aiienx 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-i2aiienx 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.57.0-SNAPSHOT~60f3eb4381, baseline=1.57.0-SNAPSHOT~94e770cd67
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.477 ms) : 1465, 1488
.   : milestone, 1477,
appsec (3.655 ms) : 3437, 3872
.   : milestone, 3655,
iast (2.218 ms) : 2154, 2282
.   : milestone, 2218,
iast_GLOBAL (2.269 ms) : 2204, 2334
.   : milestone, 2269,
profiling (2.079 ms) : 2026, 2131
.   : milestone, 2079,
tracing (2.053 ms) : 2002, 2104
.   : milestone, 2053,
section candidate
no_agent (1.481 ms) : 1469, 1492
.   : milestone, 1481,
appsec (3.652 ms) : 3436, 3868
.   : milestone, 3652,
iast (2.223 ms) : 2159, 2288
.   : milestone, 2223,
iast_GLOBAL (2.264 ms) : 2199, 2329
.   : milestone, 2264,
profiling (2.1 ms) : 2047, 2154
.   : milestone, 2100,
tracing (2.052 ms) : 2001, 2103
.   : milestone, 2052,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.477 ms [1.465 ms, 1.488 ms] -
appsec 3.655 ms [3.437 ms, 3.872 ms] 2.178 ms (147.5%)
iast 2.218 ms [2.154 ms, 2.282 ms] 741.396 µs (50.2%)
iast_GLOBAL 2.269 ms [2.204 ms, 2.334 ms] 792.294 µs (53.7%)
profiling 2.079 ms [2.026 ms, 2.131 ms] 602.148 µs (40.8%)
tracing 2.053 ms [2.002 ms, 2.104 ms] 576.019 µs (39.0%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.481 ms [1.469 ms, 1.492 ms] -
appsec 3.652 ms [3.436 ms, 3.868 ms] 2.171 ms (146.6%)
iast 2.223 ms [2.159 ms, 2.288 ms] 742.278 µs (50.1%)
iast_GLOBAL 2.264 ms [2.199 ms, 2.329 ms] 783.486 µs (52.9%)
profiling 2.1 ms [2.047 ms, 2.154 ms] 619.738 µs (41.9%)
tracing 2.052 ms [2.001 ms, 2.103 ms] 571.189 µs (38.6%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.57.0-SNAPSHOT~60f3eb4381, baseline=1.57.0-SNAPSHOT~94e770cd67
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.89 s) : 14890000, 14890000
.   : milestone, 14890000,
appsec (14.739 s) : 14739000, 14739000
.   : milestone, 14739000,
iast (18.309 s) : 18309000, 18309000
.   : milestone, 18309000,
iast_GLOBAL (17.841 s) : 17841000, 17841000
.   : milestone, 17841000,
profiling (14.73 s) : 14730000, 14730000
.   : milestone, 14730000,
tracing (14.755 s) : 14755000, 14755000
.   : milestone, 14755000,
section candidate
no_agent (15.314 s) : 15314000, 15314000
.   : milestone, 15314000,
appsec (14.529 s) : 14529000, 14529000
.   : milestone, 14529000,
iast (18.391 s) : 18391000, 18391000
.   : milestone, 18391000,
iast_GLOBAL (18.16 s) : 18160000, 18160000
.   : milestone, 18160000,
profiling (14.774 s) : 14774000, 14774000
.   : milestone, 14774000,
tracing (14.587 s) : 14587000, 14587000
.   : milestone, 14587000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.89 s [14.89 s, 14.89 s] -
appsec 14.739 s [14.739 s, 14.739 s] -151.0 ms (-1.0%)
iast 18.309 s [18.309 s, 18.309 s] 3.419 s (23.0%)
iast_GLOBAL 17.841 s [17.841 s, 17.841 s] 2.951 s (19.8%)
profiling 14.73 s [14.73 s, 14.73 s] -160.0 ms (-1.1%)
tracing 14.755 s [14.755 s, 14.755 s] -135.0 ms (-0.9%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.314 s [15.314 s, 15.314 s] -
appsec 14.529 s [14.529 s, 14.529 s] -785.0 ms (-5.1%)
iast 18.391 s [18.391 s, 18.391 s] 3.077 s (20.1%)
iast_GLOBAL 18.16 s [18.16 s, 18.16 s] 2.846 s (18.6%)
profiling 14.774 s [14.774 s, 14.774 s] -540.0 ms (-3.5%)
tracing 14.587 s [14.587 s, 14.587 s] -727.0 ms (-4.7%)

@sarahchen6 sarahchen6 enabled auto-merge (squash) December 8, 2025 19:55
@sarahchen6 sarahchen6 disabled auto-merge December 8, 2025 19:56
@sarahchen6
Copy link
Contributor

sarahchen6 commented Dec 8, 2025

System tests originally failed on akka. Merging with master resolved the issue.

@sarahchen6 sarahchen6 enabled auto-merge (squash) December 8, 2025 20:39
@sarahchen6 sarahchen6 merged commit 958e884 into master Dec 8, 2025
538 of 539 checks passed
@sarahchen6 sarahchen6 deleted the dependabot/github_actions/gh-actions-packages-414d85a46e branch December 8, 2025 22:25
@github-actions github-actions bot added this to the 1.57.0 milestone Dec 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sarahchen6 sarahchen6 sarahchen6 approved these changes

Assignees

No one assigned

Labels

comp: tooling Build & Tooling tag: dependencies Dependencies related changes tag: no release notes Changes to exclude from release notes

Projects

None yet

Milestone

1.57.0

Development

Successfully merging this pull request may close these issues.

2 participants

@sarahchen6