Skip to content

chore(ci): bump github/codeql-action from 4.31.0 to 4.31.2 in the gh-actions-packages group #9897

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(ci): bump github/codeql-action from 4.31.0 to 4.31.2 in the gh-actions-packages group #9897

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 3, 2025
edited
Loading

Bumps the gh-actions-packages group with 1 update: github/codeql-action.

Updates github/codeql-action from 4.31.0 to 4.31.2

Release notes

Sourced from github/codeql-action's releases.

v4.31.2

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.2 - 30 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.1

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.1 - 30 Oct 2025

  • The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.2 - 30 Oct 2025

No user facing changes.

4.31.1 - 30 Oct 2025

  • The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

4.31.0 - 24 Oct 2025

  • Bump minimum CodeQL bundle version to 2.17.6. #3223
  • When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

4.30.9 - 17 Oct 2025

  • Update default CodeQL bundle version to 2.23.3. #3205
  • Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204

4.30.8 - 10 Oct 2025

No user facing changes.

4.30.7 - 06 Oct 2025

  • [v4+ only] The CodeQL Action now runs on Node.js v24. #3169

3.30.6 - 02 Oct 2025

  • Update default CodeQL bundle version to 2.23.2. #3168

3.30.5 - 26 Sep 2025

  • We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #3160

3.30.4 - 25 Sep 2025

  • We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #3099 and #3100
  • We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #3107
  • You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #3130
  • Update default CodeQL bundle version to 2.23.1. #3118

3.30.3 - 10 Sep 2025

... (truncated)

Commits
  • 0499de3 Merge pull request #3261 from github/henrymercer/setup-python
  • 3b96745 Set up Python in mergeback workflow
  • 8a06050 Merge pull request #3259 from github/update-v4.31.2-9576b5cbe
  • 752a642 Update changelog for v4.31.2
  • 9576b5c Merge pull request #3258 from github/mbg/enablement-errors/case-insensitive
  • cc88437 Merge pull request #3257 from github/henrymercer/ubuntu-slim
  • f0e9bf0 Make isEnablementError case-insensitive
  • 2a3599c Run lightweight workflows on ubuntu-slim
  • 514ff4d Merge pull request #3256 from github/henrymercer/resolve-bad-merge
  • aab1c2f Merge pull request #3253 from github/mergeback/v4.31.1-to-main-5fe9434c
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added comp: tooling Build & Tooling tag: dependencies Dependencies related changes tag: no release notes Changes to exclude from release notes labels Nov 3, 2025
@dependabot dependabot bot requested a review from a team as a code owner November 3, 2025 18:03
@dependabot dependabot bot requested review from bric3 and removed request for a team November 3, 2025 18:03
@dependabot dependabot bot added tag: no release notes Changes to exclude from release notes tag: dependencies Dependencies related changes comp: tooling Build & Tooling labels Nov 3, 2025
@datadog-official
Copy link

datadog-official bot commented Nov 3, 2025
edited
Loading

🎯 Code Coverage
Patch Coverage: 100.00%
Total Coverage: 59.60% (-0.00%)

View detailed report

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: cc02739 | Docs | Datadog PR Page | Was this helpful? Give us feedback!

@pr-commenter
Copy link

pr-commenter bot commented Nov 3, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master dependabot/github_actions/gh-actions-packages-02cf758a13
git_commit_date 1762777415 1762796663
git_commit_sha c6e7fca cc02739
release_version 1.56.0-SNAPSHOT~c6e7fcaefe 1.56.0-SNAPSHOT~cc02739647
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1762798584 1762798584
ci_job_id 1226038244 1226038244
ci_pipeline_id 81845767 81845767
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-hji5eyce 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-hji5eyce 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 55 metrics, 10 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.56.0-SNAPSHOT~cc02739647, baseline=1.56.0-SNAPSHOT~c6e7fcaefe

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.049 s) : 0, 1049432
Total [baseline] (8.635 s) : 0, 8634880
Agent [candidate] (1.053 s) : 0, 1052582
Total [candidate] (8.656 s) : 0, 8655552
section iast
Agent [baseline] (1.177 s) : 0, 1177472
Total [baseline] (9.253 s) : 0, 9253073
Agent [candidate] (1.183 s) : 0, 1183428
Total [candidate] (9.301 s) : 0, 9300873
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.049 s -
Agent iast 1.177 s 128.04 ms (12.2%)
Total tracing 8.635 s -
Total iast 9.253 s 618.193 ms (7.2%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.053 s -
Agent iast 1.183 s 130.846 ms (12.4%)
Total tracing 8.656 s -
Total iast 9.301 s 645.321 ms (7.5%) 
gantt
    title insecure-bank - break down per module: candidate=1.56.0-SNAPSHOT~cc02739647, baseline=1.56.0-SNAPSHOT~c6e7fcaefe

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.459 ms) : 0, 1459
crashtracking [candidate] (1.466 ms) : 0, 1466
BytebuddyAgent [baseline] (706.773 ms) : 0, 706773
BytebuddyAgent [candidate] (707.821 ms) : 0, 707821
GlobalTracer [baseline] (246.161 ms) : 0, 246161
GlobalTracer [candidate] (247.59 ms) : 0, 247590
AppSec [baseline] (32.284 ms) : 0, 32284
AppSec [candidate] (32.657 ms) : 0, 32657
Debugger [baseline] (6.378 ms) : 0, 6378
Debugger [candidate] (6.476 ms) : 0, 6476
Remote Config [baseline] (710.165 µs) : 0, 710
Remote Config [candidate] (714.063 µs) : 0, 714
Telemetry [baseline] (14.491 ms) : 0, 14491
Telemetry [candidate] (13.785 ms) : 0, 13785
Flare Poller [baseline] (6.461 ms) : 0, 6461
Flare Poller [candidate] (7.223 ms) : 0, 7223
section iast
crashtracking [baseline] (1.456 ms) : 0, 1456
crashtracking [candidate] (1.462 ms) : 0, 1462
BytebuddyAgent [baseline] (826.749 ms) : 0, 826749
BytebuddyAgent [candidate] (831.018 ms) : 0, 831018
GlobalTracer [baseline] (234.085 ms) : 0, 234085
GlobalTracer [candidate] (235.556 ms) : 0, 235556
AppSec [baseline] (27.069 ms) : 0, 27069
AppSec [candidate] (28.921 ms) : 0, 28921
Debugger [baseline] (6.081 ms) : 0, 6081
Debugger [candidate] (6.066 ms) : 0, 6066
Remote Config [baseline] (599.597 µs) : 0, 600
Remote Config [candidate] (597.493 µs) : 0, 597
Telemetry [baseline] (8.352 ms) : 0, 8352
Telemetry [candidate] (8.521 ms) : 0, 8521
Flare Poller [baseline] (4.11 ms) : 0, 4110
Flare Poller [candidate] (4.115 ms) : 0, 4115
IAST [baseline] (34.168 ms) : 0, 34168
IAST [candidate] (32.312 ms) : 0, 32312
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.56.0-SNAPSHOT~cc02739647, baseline=1.56.0-SNAPSHOT~c6e7fcaefe

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.05 s) : 0, 1049914
Total [baseline] (10.829 s) : 0, 10829488
Agent [candidate] (1.05 s) : 0, 1050014
Total [candidate] (10.817 s) : 0, 10816503
section appsec
Agent [baseline] (1.225 s) : 0, 1224651
Total [baseline] (10.93 s) : 0, 10929760
Agent [candidate] (1.227 s) : 0, 1226807
Total [candidate] (10.863 s) : 0, 10863152
section iast
Agent [baseline] (1.186 s) : 0, 1185527
Total [baseline] (11.264 s) : 0, 11264407
Agent [candidate] (1.189 s) : 0, 1189404
Total [candidate] (11.203 s) : 0, 11202630
section profiling
Agent [baseline] (1.202 s) : 0, 1202268
Total [baseline] (10.869 s) : 0, 10869113
Agent [candidate] (1.195 s) : 0, 1194939
Total [candidate] (10.836 s) : 0, 10836398
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.05 s -
Agent appsec 1.225 s 174.737 ms (16.6%)
Agent iast 1.186 s 135.613 ms (12.9%)
Agent profiling 1.202 s 152.354 ms (14.5%)
Total tracing 10.829 s -
Total appsec 10.93 s 100.272 ms (0.9%)
Total iast 11.264 s 434.92 ms (4.0%)
Total profiling 10.869 s 39.625 ms (0.4%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.05 s -
Agent appsec 1.227 s 176.794 ms (16.8%)
Agent iast 1.189 s 139.39 ms (13.3%)
Agent profiling 1.195 s 144.926 ms (13.8%)
Total tracing 10.817 s -
Total appsec 10.863 s 46.649 ms (0.4%)
Total iast 11.203 s 386.127 ms (3.6%)
Total profiling 10.836 s 19.895 ms (0.2%) 
gantt
    title petclinic - break down per module: candidate=1.56.0-SNAPSHOT~cc02739647, baseline=1.56.0-SNAPSHOT~c6e7fcaefe

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.467 ms) : 0, 1467
crashtracking [candidate] (1.46 ms) : 0, 1460
BytebuddyAgent [baseline] (707.73 ms) : 0, 707730
BytebuddyAgent [candidate] (705.933 ms) : 0, 705933
GlobalTracer [baseline] (245.676 ms) : 0, 245676
GlobalTracer [candidate] (246.651 ms) : 0, 246651
AppSec [baseline] (32.178 ms) : 0, 32178
AppSec [candidate] (32.795 ms) : 0, 32795
Debugger [baseline] (6.375 ms) : 0, 6375
Debugger [candidate] (6.478 ms) : 0, 6478
Remote Config [baseline] (708.995 µs) : 0, 709
Remote Config [candidate] (725.849 µs) : 0, 726
Telemetry [baseline] (15.147 ms) : 0, 15147
Telemetry [candidate] (14.514 ms) : 0, 14514
Flare Poller [baseline] (5.809 ms) : 0, 5809
Flare Poller [candidate] (6.628 ms) : 0, 6628
section appsec
crashtracking [baseline] (1.457 ms) : 0, 1457
crashtracking [candidate] (1.458 ms) : 0, 1458
BytebuddyAgent [baseline] (731.273 ms) : 0, 731273
BytebuddyAgent [candidate] (731.973 ms) : 0, 731973
GlobalTracer [baseline] (237.954 ms) : 0, 237954
GlobalTracer [candidate] (238.489 ms) : 0, 238489
AppSec [baseline] (175.154 ms) : 0, 175154
AppSec [candidate] (175.663 ms) : 0, 175663
Debugger [baseline] (5.986 ms) : 0, 5986
Debugger [candidate] (6.052 ms) : 0, 6052
Remote Config [baseline] (639.825 µs) : 0, 640
Remote Config [candidate] (653.71 µs) : 0, 654
Telemetry [baseline] (8.5 ms) : 0, 8500
Telemetry [candidate] (8.641 ms) : 0, 8641
Flare Poller [baseline] (3.993 ms) : 0, 3993
Flare Poller [candidate] (4.028 ms) : 0, 4028
IAST [baseline] (24.773 ms) : 0, 24773
IAST [candidate] (25.027 ms) : 0, 25027
section iast
crashtracking [baseline] (1.482 ms) : 0, 1482
crashtracking [candidate] (1.503 ms) : 0, 1503
BytebuddyAgent [baseline] (831.375 ms) : 0, 831375
BytebuddyAgent [candidate] (837.703 ms) : 0, 837703
GlobalTracer [baseline] (236.735 ms) : 0, 236735
GlobalTracer [candidate] (234.656 ms) : 0, 234656
AppSec [baseline] (29.052 ms) : 0, 29052
AppSec [candidate] (28.724 ms) : 0, 28724
Debugger [baseline] (5.999 ms) : 0, 5999
Debugger [candidate] (5.955 ms) : 0, 5955
Remote Config [baseline] (605.828 µs) : 0, 606
Remote Config [candidate] (604.894 µs) : 0, 605
Telemetry [baseline] (8.48 ms) : 0, 8480
Telemetry [candidate] (8.429 ms) : 0, 8429
Flare Poller [baseline] (4.182 ms) : 0, 4182
Flare Poller [candidate] (4.179 ms) : 0, 4179
IAST [baseline] (32.756 ms) : 0, 32756
IAST [candidate] (32.464 ms) : 0, 32464
section profiling
crashtracking [baseline] (1.448 ms) : 0, 1448
crashtracking [candidate] (1.437 ms) : 0, 1437
BytebuddyAgent [baseline] (735.105 ms) : 0, 735105
BytebuddyAgent [candidate] (729.778 ms) : 0, 729778
GlobalTracer [baseline] (223.233 ms) : 0, 223233
GlobalTracer [candidate] (222.398 ms) : 0, 222398
AppSec [baseline] (32.498 ms) : 0, 32498
AppSec [candidate] (32.092 ms) : 0, 32092
Debugger [baseline] (7.603 ms) : 0, 7603
Debugger [candidate] (6.78 ms) : 0, 6780
Remote Config [baseline] (685.69 µs) : 0, 686
Remote Config [candidate] (677.005 µs) : 0, 677
Telemetry [baseline] (15.42 ms) : 0, 15420
Telemetry [candidate] (16.237 ms) : 0, 16237
Flare Poller [baseline] (4.206 ms) : 0, 4206
Flare Poller [candidate] (4.138 ms) : 0, 4138
ProfilingAgent [baseline] (111.849 ms) : 0, 111849
ProfilingAgent [candidate] (111.382 ms) : 0, 111382
Profiling [baseline] (112.512 ms) : 0, 112512
Profiling [candidate] (112.065 ms) : 0, 112065
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master dependabot/github_actions/gh-actions-packages-02cf758a13
git_commit_date 1762777415 1762796663
git_commit_sha c6e7fca cc02739
release_version 1.56.0-SNAPSHOT~c6e7fcaefe 1.56.0-SNAPSHOT~cc02739647
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1762799078 1762799078
ci_job_id 1226038245 1226038245
ci_pipeline_id 81845767 81845767
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-o84hqas7 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-o84hqas7 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 2 performance regressions! Performance is the same for 9 metrics, 12 unstable metrics.

scenario Δ mean http_req_duration Δ mean throughput candidate mean http_req_duration candidate mean throughput baseline mean http_req_duration baseline mean throughput
scenario:load:insecure-bank:profiling:high_load worse
[+187.570µs; +229.513µs] or [+9.346%; +11.435%]		 unstable
[-501.119op/s; +91.807op/s] or [-22.286%; +4.083%]		 2.216ms 2043.938op/s 2.007ms 2248.594op/s
scenario:load:insecure-bank:iast_FULL:high_load better
[-261.253µs; -136.709µs] or [-4.434%; -2.320%]		 unstable
[-68.885op/s; +123.073op/s] or [-8.777%; +15.681%]		 5.693ms 811.969op/s 5.892ms 784.875op/s
scenario:load:insecure-bank:tracing:high_load worse
[+37.643µs; +70.461µs] or [+2.109%; +3.947%]		 unstable
[-385.812op/s; +242.374op/s] or [-15.329%; +9.630%]		 1.839ms 2445.188op/s 1.785ms 2516.906op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.56.0-SNAPSHOT~cc02739647, baseline=1.56.0-SNAPSHOT~c6e7fcaefe
    dateFormat X
    axisFormat %s
section baseline
no_agent (19.029 ms) : 18832, 19226
.   : milestone, 19029,
appsec (18.816 ms) : 18626, 19005
.   : milestone, 18816,
code_origins (18.046 ms) : 17865, 18228
.   : milestone, 18046,
iast (17.558 ms) : 17383, 17733
.   : milestone, 17558,
profiling (18.674 ms) : 18486, 18863
.   : milestone, 18674,
tracing (17.731 ms) : 17554, 17909
.   : milestone, 17731,
section candidate
no_agent (19.349 ms) : 19152, 19546
.   : milestone, 19349,
appsec (18.563 ms) : 18372, 18753
.   : milestone, 18563,
code_origins (17.817 ms) : 17635, 17998
.   : milestone, 17817,
iast (17.685 ms) : 17507, 17862
.   : milestone, 17685,
profiling (18.977 ms) : 18788, 19167
.   : milestone, 18977,
tracing (17.827 ms) : 17646, 18008
.   : milestone, 17827,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 19.029 ms [18.832 ms, 19.226 ms] -
appsec 18.816 ms [18.626 ms, 19.005 ms] -213.05 µs (-1.1%)
code_origins 18.046 ms [17.865 ms, 18.228 ms] -982.432 µs (-5.2%)
iast 17.558 ms [17.383 ms, 17.733 ms] -1.471 ms (-7.7%)
profiling 18.674 ms [18.486 ms, 18.863 ms] -354.495 µs (-1.9%)
tracing 17.731 ms [17.554 ms, 17.909 ms] -1.297 ms (-6.8%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 19.349 ms [19.152 ms, 19.546 ms] -
appsec 18.563 ms [18.372 ms, 18.753 ms] -786.446 µs (-4.1%)
code_origins 17.817 ms [17.635 ms, 17.998 ms] -1.532 ms (-7.9%)
iast 17.685 ms [17.507 ms, 17.862 ms] -1.664 ms (-8.6%)
profiling 18.977 ms [18.788 ms, 19.167 ms] -371.706 µs (-1.9%)
tracing 17.827 ms [17.646 ms, 18.008 ms] -1.522 ms (-7.9%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.56.0-SNAPSHOT~cc02739647, baseline=1.56.0-SNAPSHOT~c6e7fcaefe
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.186 ms) : 1174, 1198
.   : milestone, 1186,
iast (3.263 ms) : 3220, 3305
.   : milestone, 3263,
iast_FULL (5.892 ms) : 5833, 5951
.   : milestone, 5892,
iast_GLOBAL (3.662 ms) : 3601, 3724
.   : milestone, 3662,
profiling (2.007 ms) : 1990, 2024
.   : milestone, 2007,
tracing (1.785 ms) : 1770, 1800
.   : milestone, 1785,
section candidate
no_agent (1.184 ms) : 1172, 1195
.   : milestone, 1184,
iast (3.259 ms) : 3212, 3305
.   : milestone, 3259,
iast_FULL (5.693 ms) : 5636, 5749
.   : milestone, 5693,
iast_GLOBAL (3.553 ms) : 3501, 3605
.   : milestone, 3553,
profiling (2.216 ms) : 2194, 2237
.   : milestone, 2216,
tracing (1.839 ms) : 1824, 1855
.   : milestone, 1839,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.186 ms [1.174 ms, 1.198 ms] -
iast 3.263 ms [3.22 ms, 3.305 ms] 2.077 ms (175.1%)
iast_FULL 5.892 ms [5.833 ms, 5.951 ms] 4.706 ms (396.8%)
iast_GLOBAL 3.662 ms [3.601 ms, 3.724 ms] 2.476 ms (208.8%)
profiling 2.007 ms [1.99 ms, 2.024 ms] 821.032 µs (69.2%)
tracing 1.785 ms [1.77 ms, 1.8 ms] 599.151 µs (50.5%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.184 ms [1.172 ms, 1.195 ms] -
iast 3.259 ms [3.212 ms, 3.305 ms] 2.075 ms (175.3%)
iast_FULL 5.693 ms [5.636 ms, 5.749 ms] 4.509 ms (381.0%)
iast_GLOBAL 3.553 ms [3.501 ms, 3.605 ms] 2.369 ms (200.2%)
profiling 2.216 ms [2.194 ms, 2.237 ms] 1.032 ms (87.2%)
tracing 1.839 ms [1.824 ms, 1.855 ms] 655.678 µs (55.4%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master dependabot/github_actions/gh-actions-packages-02cf758a13
git_commit_date 1762777415 1762796663
git_commit_sha c6e7fca cc02739
release_version 1.56.0-SNAPSHOT~c6e7fcaefe 1.56.0-SNAPSHOT~cc02739647
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1762798747 1762798747
ci_job_id 1226038246 1226038246
ci_pipeline_id 81845767 81845767
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-s0nr8erm 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-s0nr8erm 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.56.0-SNAPSHOT~cc02739647, baseline=1.56.0-SNAPSHOT~c6e7fcaefe
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.483 ms) : 1472, 1495
.   : milestone, 1483,
appsec (3.731 ms) : 3511, 3952
.   : milestone, 3731,
iast (2.216 ms) : 2152, 2280
.   : milestone, 2216,
iast_GLOBAL (2.26 ms) : 2197, 2324
.   : milestone, 2260,
profiling (2.085 ms) : 2032, 2138
.   : milestone, 2085,
tracing (2.03 ms) : 1981, 2080
.   : milestone, 2030,
section candidate
no_agent (1.48 ms) : 1469, 1492
.   : milestone, 1480,
appsec (3.674 ms) : 3459, 3890
.   : milestone, 3674,
iast (2.222 ms) : 2158, 2285
.   : milestone, 2222,
iast_GLOBAL (2.269 ms) : 2204, 2334
.   : milestone, 2269,
profiling (2.047 ms) : 1996, 2098
.   : milestone, 2047,
tracing (2.032 ms) : 1982, 2082
.   : milestone, 2032,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.483 ms [1.472 ms, 1.495 ms] -
appsec 3.731 ms [3.511 ms, 3.952 ms] 2.248 ms (151.5%)
iast 2.216 ms [2.152 ms, 2.28 ms] 732.953 µs (49.4%)
iast_GLOBAL 2.26 ms [2.197 ms, 2.324 ms] 776.994 µs (52.4%)
profiling 2.085 ms [2.032 ms, 2.138 ms] 601.872 µs (40.6%)
tracing 2.03 ms [1.981 ms, 2.08 ms] 546.954 µs (36.9%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.48 ms [1.469 ms, 1.492 ms] -
appsec 3.674 ms [3.459 ms, 3.89 ms] 2.194 ms (148.2%)
iast 2.222 ms [2.158 ms, 2.285 ms] 741.399 µs (50.1%)
iast_GLOBAL 2.269 ms [2.204 ms, 2.334 ms] 788.772 µs (53.3%)
profiling 2.047 ms [1.996 ms, 2.098 ms] 566.928 µs (38.3%)
tracing 2.032 ms [1.982 ms, 2.082 ms] 551.939 µs (37.3%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.56.0-SNAPSHOT~cc02739647, baseline=1.56.0-SNAPSHOT~c6e7fcaefe
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.547 s) : 15547000, 15547000
.   : milestone, 15547000,
appsec (14.686 s) : 14686000, 14686000
.   : milestone, 14686000,
iast (18.694 s) : 18694000, 18694000
.   : milestone, 18694000,
iast_GLOBAL (17.844 s) : 17844000, 17844000
.   : milestone, 17844000,
profiling (15.452 s) : 15452000, 15452000
.   : milestone, 15452000,
tracing (14.915 s) : 14915000, 14915000
.   : milestone, 14915000,
section candidate
no_agent (15.134 s) : 15134000, 15134000
.   : milestone, 15134000,
appsec (14.764 s) : 14764000, 14764000
.   : milestone, 14764000,
iast (18.454 s) : 18454000, 18454000
.   : milestone, 18454000,
iast_GLOBAL (17.869 s) : 17869000, 17869000
.   : milestone, 17869000,
profiling (14.855 s) : 14855000, 14855000
.   : milestone, 14855000,
tracing (14.794 s) : 14794000, 14794000
.   : milestone, 14794000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.547 s [15.547 s, 15.547 s] -
appsec 14.686 s [14.686 s, 14.686 s] -861.0 ms (-5.5%)
iast 18.694 s [18.694 s, 18.694 s] 3.147 s (20.2%)
iast_GLOBAL 17.844 s [17.844 s, 17.844 s] 2.297 s (14.8%)
profiling 15.452 s [15.452 s, 15.452 s] -95.0 ms (-0.6%)
tracing 14.915 s [14.915 s, 14.915 s] -632.0 ms (-4.1%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.134 s [15.134 s, 15.134 s] -
appsec 14.764 s [14.764 s, 14.764 s] -370.0 ms (-2.4%)
iast 18.454 s [18.454 s, 18.454 s] 3.32 s (21.9%)
iast_GLOBAL 17.869 s [17.869 s, 17.869 s] 2.735 s (18.1%)
profiling 14.855 s [14.855 s, 14.855 s] -279.0 ms (-1.8%)
tracing 14.794 s [14.794 s, 14.794 s] -340.0 ms (-2.2%)

@dependabot
chore(ci): bump github/codeql-action in the gh-actions-packages group
cc02739 
Bumps the gh-actions-packages group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 4.31.0 to 4.31.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@4e94bd1...0499de3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gh-actions-packages
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/github_actions/gh-actions-packages-02cf758a13 branch from 769714a to cc02739 Compare November 10, 2025 17:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bric3 bric3 bric3 approved these changes

Assignees

No one assigned

Labels

comp: tooling Build & Tooling tag: dependencies Dependencies related changes tag: no release notes Changes to exclude from release notes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bric3