Skip to content

chore(ci): bump the gh-actions-packages group with 3 updates #10216

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 2 commits into
base: master
Choose a base branch
from
Open

chore(ci): bump the gh-actions-packages group with 3 updates #10216

dependabot wants to merge 2 commits into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 15, 2025
edited
Loading

Bumps the gh-actions-packages group with 3 updates: actions/cache, github/codeql-action and actions/upload-artifact.

Updates actions/cache from 4.3.0 to 5.0.1

Release notes

Sourced from actions/cache's releases.

v5.0.1

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

v5.0.1

What's Changed

v5.0.0

What's Changed

Full Changelog: actions/cache@v5...v5.0.1

v5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

What's Changed

Full Changelog: actions/cache@v4.3.0...v5.0.0

Changelog

Sourced from actions/cache's changelog.

Releases

Changelog

5.0.1

  • Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

4.3.0

  • Bump @actions/cache to v4.1.0

4.2.4

  • Bump @actions/cache to v4.0.5

4.2.3

  • Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

  • Bump @actions/cache to v4.0.2

4.2.1

  • Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

4.1.2

... (truncated)

Commits
  • 9255dc7 Merge pull request #1686 from actions/cache-v5.0.1-release
  • 8ff5423 chore: release v5.0.1
  • 9233019 Merge pull request #1685 from salmanmkc/node24-storage-blob-fix
  • b975f2b fix: add peer property to package-lock.json for dependencies
  • d0a0e18 fix: update license files for @​actions/cache, fast-xml-parser, and strnum
  • 74de208 fix: update @​actions/cache to ^5.0.1 for Node.js 24 punycode fix
  • ac7f115 peer
  • b0f846b fix: update @​actions/cache with storage-blob fix for Node.js 24 punycode depr...
  • a783357 Merge pull request #1684 from actions/prepare-cache-v5-release
  • 3bb0d78 docs: highlight v5 runner requirement in releases
  • Additional commits viewable in compare view

Updates github/codeql-action from 4.31.7 to 4.31.8

Release notes

Sourced from github/codeql-action's releases.

v4.31.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.8 - 11 Dec 2025

  • Update default CodeQL bundle version to 2.23.8. #3354

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.8 - 11 Dec 2025

  • Update default CodeQL bundle version to 2.23.8. #3354

4.31.7 - 05 Dec 2025

  • Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

  • Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

  • CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
  • Update default CodeQL bundle version to 2.23.5. #3288

4.31.2 - 30 Oct 2025

No user facing changes.

4.31.1 - 30 Oct 2025

  • The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

4.31.0 - 24 Oct 2025

  • Bump minimum CodeQL bundle version to 2.17.6. #3223
  • When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

4.30.9 - 17 Oct 2025

  • Update default CodeQL bundle version to 2.23.3. #3205
  • Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204

... (truncated)

Commits
  • 1b168cd Merge pull request #3355 from github/update-v4.31.8-1b0b941e1
  • 120f277 Update changelog for v4.31.8
  • 1b0b941 Merge pull request #3354 from github/update-bundle/codeql-bundle-v2.23.8
  • db812c1 Add changelog note
  • 2930dba Update default bundle to codeql-bundle-v2.23.8
  • c43362b Merge pull request #3340 from github/kaspersv/check-for-overlayBaseSpecifier
  • 002a7f2 Overlay: log overlayBaseSpecifier at debug log-level
  • 5b7e7fc Update src/codeql.ts
  • 149d184 Merge pull request #3345 from github/mergeback/v4.31.7-to-main-cf1bb45a
  • 97c2630 Rebuild
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 5.0.0 to 6.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

Commits
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • ddc45ed docs: update README to correct action name for Node.js 24 support
  • 615b319 chore: release v6.0.0 for Node.js 24 support
  • 017748b Merge pull request #744 from actions/fix-storage-blob
  • 38d4c79 chore: rebuild dist
  • 7d27270 chore: add missing license cache files for @​actions/core, @​actions/io, and mi...
  • 5f643d3 chore: update license files for @​actions/artifact@​5.0.1 dependencies
  • 1df1684 chore: update package-lock.json with @​actions/artifact@​5.0.1
  • b5b1a91 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(ci): bump the gh-actions-packages group with 3 updates
562b32a 
Bumps the gh-actions-packages group with 3 updates: [actions/cache](https://github.com/actions/cache), [github/codeql-action](https://github.com/github/codeql-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact).


Updates `actions/cache` from 4.3.0 to 5.0.1
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@0057852...9255dc7)

Updates `github/codeql-action` from 4.31.7 to 4.31.8
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@cf1bb45...1b168cd)

Updates `actions/upload-artifact` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@330a01c...b7c566a)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: 5.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gh-actions-packages
- dependency-name: github/codeql-action
  dependency-version: 4.31.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gh-actions-packages
- dependency-name: actions/upload-artifact
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gh-actions-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added comp: tooling Build & Tooling tag: dependencies Dependencies related changes tag: no release notes Changes to exclude from release notes labels Dec 15, 2025
@dependabot dependabot bot requested a review from a team as a code owner December 15, 2025 17:19
@dependabot dependabot bot added the tag: no release notes Changes to exclude from release notes label Dec 15, 2025
@dependabot dependabot bot requested review from amarziali and removed request for a team December 15, 2025 17:19
@dependabot dependabot bot added tag: dependencies Dependencies related changes comp: tooling Build & Tooling labels Dec 15, 2025
@pr-commenter
Copy link

pr-commenter bot commented Dec 15, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master dependabot/github_actions/gh-actions-packages-bb8a6fe874
git_commit_date 1765826150 1765872817
git_commit_sha 3101a85 b36e3fe
release_version 1.57.0-SNAPSHOT~3101a85cf1 1.57.0-SNAPSHOT~b36e3fe520
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1765874694 1765874694
ci_job_id 1297875448 1297875448
ci_pipeline_id 86964888 86964888
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-tr34c6k5 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-tr34c6k5 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 56 metrics, 9 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.57.0-SNAPSHOT~b36e3fe520, baseline=1.57.0-SNAPSHOT~3101a85cf1

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.085 s) : 0, 1085214
Total [baseline] (10.789 s) : 0, 10789492
Agent [candidate] (1.086 s) : 0, 1086367
Total [candidate] (10.803 s) : 0, 10803438
section appsec
Agent [baseline] (1.262 s) : 0, 1262299
Total [baseline] (10.981 s) : 0, 10981147
Agent [candidate] (1.271 s) : 0, 1271426
Total [candidate] (10.978 s) : 0, 10977854
section iast
Agent [baseline] (1.226 s) : 0, 1225753
Total [baseline] (11.241 s) : 0, 11240929
Agent [candidate] (1.228 s) : 0, 1228093
Total [candidate] (11.235 s) : 0, 11235067
section profiling
Agent [baseline] (1.204 s) : 0, 1203731
Total [baseline] (10.956 s) : 0, 10956175
Agent [candidate] (1.202 s) : 0, 1202113
Total [candidate] (10.925 s) : 0, 10924762
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.085 s -
Agent appsec 1.262 s 177.085 ms (16.3%)
Agent iast 1.226 s 140.538 ms (13.0%)
Agent profiling 1.204 s 118.517 ms (10.9%)
Total tracing 10.789 s -
Total appsec 10.981 s 191.655 ms (1.8%)
Total iast 11.241 s 451.437 ms (4.2%)
Total profiling 10.956 s 166.683 ms (1.5%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.086 s -
Agent appsec 1.271 s 185.059 ms (17.0%)
Agent iast 1.228 s 141.726 ms (13.0%)
Agent profiling 1.202 s 115.746 ms (10.7%)
Total tracing 10.803 s -
Total appsec 10.978 s 174.416 ms (1.6%)
Total iast 11.235 s 431.629 ms (4.0%)
Total profiling 10.925 s 121.324 ms (1.1%) 
gantt
    title petclinic - break down per module: candidate=1.57.0-SNAPSHOT~b36e3fe520, baseline=1.57.0-SNAPSHOT~3101a85cf1

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.185 ms) : 0, 1185
crashtracking [candidate] (1.177 ms) : 0, 1177
BytebuddyAgent [baseline] (651.09 ms) : 0, 651090
BytebuddyAgent [candidate] (651.198 ms) : 0, 651198
GlobalTracer [baseline] (283.261 ms) : 0, 283261
GlobalTracer [candidate] (284.178 ms) : 0, 284178
AppSec [baseline] (32.556 ms) : 0, 32556
AppSec [candidate] (32.56 ms) : 0, 32560
Debugger [baseline] (68.182 ms) : 0, 68182
Debugger [candidate] (68.573 ms) : 0, 68573
Remote Config [baseline] (612.184 µs) : 0, 612
Remote Config [candidate] (608.884 µs) : 0, 609
Telemetry [baseline] (9.08 ms) : 0, 9080
Telemetry [candidate] (8.918 ms) : 0, 8918
Flare Poller [baseline] (3.712 ms) : 0, 3712
Flare Poller [candidate] (3.678 ms) : 0, 3678
section appsec
crashtracking [baseline] (1.177 ms) : 0, 1177
crashtracking [candidate] (1.184 ms) : 0, 1184
BytebuddyAgent [baseline] (688.081 ms) : 0, 688081
BytebuddyAgent [candidate] (693.454 ms) : 0, 693454
GlobalTracer [baseline] (257.907 ms) : 0, 257907
GlobalTracer [candidate] (260.441 ms) : 0, 260441
AppSec [baseline] (172.965 ms) : 0, 172965
AppSec [candidate] (173.413 ms) : 0, 173413
Debugger [baseline] (68.422 ms) : 0, 68422
Debugger [candidate] (68.751 ms) : 0, 68751
Remote Config [baseline] (701.862 µs) : 0, 702
Remote Config [candidate] (698.383 µs) : 0, 698
Telemetry [baseline] (9.039 ms) : 0, 9039
Telemetry [candidate] (9.108 ms) : 0, 9108
Flare Poller [baseline] (3.899 ms) : 0, 3899
Flare Poller [candidate] (3.987 ms) : 0, 3987
IAST [baseline] (24.614 ms) : 0, 24614
IAST [candidate] (24.812 ms) : 0, 24812
section iast
crashtracking [baseline] (1.197 ms) : 0, 1197
crashtracking [candidate] (1.185 ms) : 0, 1185
BytebuddyAgent [baseline] (791.344 ms) : 0, 791344
BytebuddyAgent [candidate] (794.718 ms) : 0, 794718
GlobalTracer [baseline] (257.368 ms) : 0, 257368
GlobalTracer [candidate] (257.055 ms) : 0, 257055
AppSec [baseline] (34.562 ms) : 0, 34562
AppSec [candidate] (35.062 ms) : 0, 35062
Debugger [baseline] (66.07 ms) : 0, 66070
Debugger [candidate] (64.958 ms) : 0, 64958
Remote Config [baseline] (614.69 µs) : 0, 615
Remote Config [candidate] (584.383 µs) : 0, 584
Telemetry [baseline] (8.469 ms) : 0, 8469
Telemetry [candidate] (8.449 ms) : 0, 8449
Flare Poller [baseline] (3.491 ms) : 0, 3491
Flare Poller [candidate] (3.529 ms) : 0, 3529
IAST [baseline] (27.202 ms) : 0, 27202
IAST [candidate] (27.206 ms) : 0, 27206
section profiling
crashtracking [baseline] (1.208 ms) : 0, 1208
crashtracking [candidate] (1.209 ms) : 0, 1209
BytebuddyAgent [baseline] (701.287 ms) : 0, 701287
BytebuddyAgent [candidate] (700.772 ms) : 0, 700772
GlobalTracer [baseline] (221.306 ms) : 0, 221306
GlobalTracer [candidate] (220.876 ms) : 0, 220876
AppSec [baseline] (32.171 ms) : 0, 32171
AppSec [candidate] (32.028 ms) : 0, 32028
Debugger [baseline] (68.243 ms) : 0, 68243
Debugger [candidate] (67.841 ms) : 0, 67841
Remote Config [baseline] (643.539 µs) : 0, 644
Remote Config [candidate] (634.006 µs) : 0, 634
Telemetry [baseline] (8.942 ms) : 0, 8942
Telemetry [candidate] (8.735 ms) : 0, 8735
Flare Poller [baseline] (3.727 ms) : 0, 3727
Flare Poller [candidate] (3.771 ms) : 0, 3771
ProfilingAgent [baseline] (96.53 ms) : 0, 96530
ProfilingAgent [candidate] (96.665 ms) : 0, 96665
Profiling [baseline] (97.109 ms) : 0, 97109
Profiling [candidate] (97.236 ms) : 0, 97236
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.57.0-SNAPSHOT~b36e3fe520, baseline=1.57.0-SNAPSHOT~3101a85cf1

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.086 s) : 0, 1086097
Total [baseline] (8.741 s) : 0, 8740891
Agent [candidate] (1.081 s) : 0, 1081250
Total [candidate] (8.713 s) : 0, 8713139
section iast
Agent [baseline] (1.229 s) : 0, 1228730
Total [baseline] (9.373 s) : 0, 9373291
Agent [candidate] (1.225 s) : 0, 1225131
Total [candidate] (9.387 s) : 0, 9387464
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.086 s -
Agent iast 1.229 s 142.634 ms (13.1%)
Total tracing 8.741 s -
Total iast 9.373 s 632.401 ms (7.2%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.081 s -
Agent iast 1.225 s 143.881 ms (13.3%)
Total tracing 8.713 s -
Total iast 9.387 s 674.324 ms (7.7%) 
gantt
    title insecure-bank - break down per module: candidate=1.57.0-SNAPSHOT~b36e3fe520, baseline=1.57.0-SNAPSHOT~3101a85cf1

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.196 ms) : 0, 1196
crashtracking [candidate] (1.173 ms) : 0, 1173
BytebuddyAgent [baseline] (651.837 ms) : 0, 651837
BytebuddyAgent [candidate] (649.381 ms) : 0, 649381
GlobalTracer [baseline] (283.644 ms) : 0, 283644
GlobalTracer [candidate] (282.572 ms) : 0, 282572
AppSec [baseline] (32.487 ms) : 0, 32487
AppSec [candidate] (32.201 ms) : 0, 32201
Debugger [baseline] (67.736 ms) : 0, 67736
Debugger [candidate] (67.226 ms) : 0, 67226
Remote Config [baseline] (631.926 µs) : 0, 632
Remote Config [candidate] (617.25 µs) : 0, 617
Telemetry [baseline] (9.227 ms) : 0, 9227
Telemetry [candidate] (9.046 ms) : 0, 9046
Flare Poller [baseline] (3.792 ms) : 0, 3792
Flare Poller [candidate] (3.703 ms) : 0, 3703
section iast
crashtracking [baseline] (1.188 ms) : 0, 1188
crashtracking [candidate] (1.19 ms) : 0, 1190
BytebuddyAgent [baseline] (794.702 ms) : 0, 794702
BytebuddyAgent [candidate] (793.381 ms) : 0, 793381
GlobalTracer [baseline] (257.324 ms) : 0, 257324
GlobalTracer [candidate] (256.395 ms) : 0, 256395
AppSec [baseline] (33.684 ms) : 0, 33684
AppSec [candidate] (32.696 ms) : 0, 32696
Debugger [baseline] (66.537 ms) : 0, 66537
Debugger [candidate] (66.86 ms) : 0, 66860
Remote Config [baseline] (604.755 µs) : 0, 605
Remote Config [candidate] (536.594 µs) : 0, 537
Telemetry [baseline] (8.411 ms) : 0, 8411
Telemetry [candidate] (8.333 ms) : 0, 8333
Flare Poller [baseline] (3.548 ms) : 0, 3548
Flare Poller [candidate] (3.468 ms) : 0, 3468
IAST [baseline] (27.283 ms) : 0, 27283
IAST [candidate] (26.953 ms) : 0, 26953
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master dependabot/github_actions/gh-actions-packages-bb8a6fe874
git_commit_date 1765826150 1765872817
git_commit_sha 3101a85 b36e3fe
release_version 1.57.0-SNAPSHOT~3101a85cf1 1.57.0-SNAPSHOT~b36e3fe520
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1765875187 1765875187
ci_job_id 1297875449 1297875449
ci_pipeline_id 86964888 86964888
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-knff3uxn 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-knff3uxn 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 2 performance improvements and 1 performance regressions! Performance is the same for 16 metrics, 17 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:petclinic:no_agent:high_load better
[-2.729ms; -1.253ms] or [-14.638%; -6.724%]		 unstable
[-4.973ms; -1.784ms] or [-16.052%; -5.758%]		 unstable
[+0.150op/s; +58.600op/s] or [+0.061%; +24.001%]		 16.651ms 27.603ms 273.531op/s 18.642ms 30.981ms 244.156op/s
scenario:load:petclinic:tracing:high_load better
[-1.395ms; -0.655ms] or [-7.660%; -3.597%]		 unsure
[-1661.636µs; -253.976µs] or [-5.638%; -0.862%]		 unstable
[-0.665op/s; +42.677op/s] or [-0.264%; +16.923%]		 17.179ms 28.512ms 273.194op/s 18.204ms 29.470ms 252.188op/s
scenario:load:petclinic:appsec:high_load worse
[+0.796ms; +1.704ms] or [+4.420%; +9.466%]		 unsure
[+0.101ms; +2.409ms] or [+0.343%; +8.185%]		 unstable
[-42.418op/s; +8.918op/s] or [-16.651%; +3.501%]		 19.249ms 30.681ms 238.000op/s 17.999ms 29.426ms 254.750op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.57.0-SNAPSHOT~b36e3fe520, baseline=1.57.0-SNAPSHOT~3101a85cf1
    dateFormat X
    axisFormat %s
section baseline
no_agent (19.118 ms) : 18921, 19315
.   : milestone, 19118,
appsec (18.317 ms) : 18131, 18502
.   : milestone, 18317,
code_origins (17.609 ms) : 17435, 17783
.   : milestone, 17609,
iast (17.729 ms) : 17552, 17906
.   : milestone, 17729,
profiling (18.355 ms) : 18169, 18541
.   : milestone, 18355,
tracing (18.503 ms) : 18317, 18688
.   : milestone, 18503,
section candidate
no_agent (17.055 ms) : 16886, 17225
.   : milestone, 17055,
appsec (19.613 ms) : 19415, 19811
.   : milestone, 19613,
code_origins (17.659 ms) : 17485, 17833
.   : milestone, 17659,
iast (17.521 ms) : 17345, 17697
.   : milestone, 17521,
profiling (18.377 ms) : 18192, 18561
.   : milestone, 18377,
tracing (17.624 ms) : 17447, 17801
.   : milestone, 17624,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 19.118 ms [18.921 ms, 19.315 ms] -
appsec 18.317 ms [18.131 ms, 18.502 ms] -801.433 µs (-4.2%)
code_origins 17.609 ms [17.435 ms, 17.783 ms] -1.509 ms (-7.9%)
iast 17.729 ms [17.552 ms, 17.906 ms] -1.389 ms (-7.3%)
profiling 18.355 ms [18.169 ms, 18.541 ms] -763.18 µs (-4.0%)
tracing 18.503 ms [18.317 ms, 18.688 ms] -615.563 µs (-3.2%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 17.055 ms [16.886 ms, 17.225 ms] -
appsec 19.613 ms [19.415 ms, 19.811 ms] 2.558 ms (15.0%)
code_origins 17.659 ms [17.485 ms, 17.833 ms] 603.72 µs (3.5%)
iast 17.521 ms [17.345 ms, 17.697 ms] 465.951 µs (2.7%)
profiling 18.377 ms [18.192 ms, 18.561 ms] 1.321 ms (7.7%)
tracing 17.624 ms [17.447 ms, 17.801 ms] 568.811 µs (3.3%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.57.0-SNAPSHOT~b36e3fe520, baseline=1.57.0-SNAPSHOT~3101a85cf1
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.195 ms) : 1183, 1207
.   : milestone, 1195,
iast (3.21 ms) : 3170, 3251
.   : milestone, 3210,
iast_FULL (5.893 ms) : 5834, 5952
.   : milestone, 5893,
iast_GLOBAL (3.581 ms) : 3532, 3630
.   : milestone, 3581,
profiling (1.907 ms) : 1891, 1923
.   : milestone, 1907,
tracing (1.782 ms) : 1767, 1797
.   : milestone, 1782,
section candidate
no_agent (1.192 ms) : 1181, 1204
.   : milestone, 1192,
iast (3.177 ms) : 3139, 3214
.   : milestone, 3177,
iast_FULL (5.798 ms) : 5739, 5857
.   : milestone, 5798,
iast_GLOBAL (3.53 ms) : 3472, 3588
.   : milestone, 3530,
profiling (1.929 ms) : 1912, 1946
.   : milestone, 1929,
tracing (1.77 ms) : 1756, 1784
.   : milestone, 1770,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.195 ms [1.183 ms, 1.207 ms] -
iast 3.21 ms [3.17 ms, 3.251 ms] 2.016 ms (168.7%)
iast_FULL 5.893 ms [5.834 ms, 5.952 ms] 4.698 ms (393.2%)
iast_GLOBAL 3.581 ms [3.532 ms, 3.63 ms] 2.386 ms (199.7%)
profiling 1.907 ms [1.891 ms, 1.923 ms] 712.379 µs (59.6%)
tracing 1.782 ms [1.767 ms, 1.797 ms] 587.285 µs (49.2%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.192 ms [1.181 ms, 1.204 ms] -
iast 3.177 ms [3.139 ms, 3.214 ms] 1.984 ms (166.4%)
iast_FULL 5.798 ms [5.739 ms, 5.857 ms] 4.606 ms (386.2%)
iast_GLOBAL 3.53 ms [3.472 ms, 3.588 ms] 2.337 ms (196.0%)
profiling 1.929 ms [1.912 ms, 1.946 ms] 736.615 µs (61.8%)
tracing 1.77 ms [1.756 ms, 1.784 ms] 577.378 µs (48.4%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master dependabot/github_actions/gh-actions-packages-bb8a6fe874
git_commit_date 1765826150 1765872817
git_commit_sha 3101a85 b36e3fe
release_version 1.57.0-SNAPSHOT~3101a85cf1 1.57.0-SNAPSHOT~b36e3fe520
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1765874899 1765874899
ci_job_id 1297875450 1297875450
ci_pipeline_id 86964888 86964888
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-8m2nruc5 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-8m2nruc5 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.57.0-SNAPSHOT~b36e3fe520, baseline=1.57.0-SNAPSHOT~3101a85cf1
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.967 s) : 14967000, 14967000
.   : milestone, 14967000,
appsec (14.908 s) : 14908000, 14908000
.   : milestone, 14908000,
iast (17.886 s) : 17886000, 17886000
.   : milestone, 17886000,
iast_GLOBAL (17.726 s) : 17726000, 17726000
.   : milestone, 17726000,
profiling (15.026 s) : 15026000, 15026000
.   : milestone, 15026000,
tracing (14.621 s) : 14621000, 14621000
.   : milestone, 14621000,
section candidate
no_agent (15.101 s) : 15101000, 15101000
.   : milestone, 15101000,
appsec (14.703 s) : 14703000, 14703000
.   : milestone, 14703000,
iast (18.494 s) : 18494000, 18494000
.   : milestone, 18494000,
iast_GLOBAL (17.71 s) : 17710000, 17710000
.   : milestone, 17710000,
profiling (14.414 s) : 14414000, 14414000
.   : milestone, 14414000,
tracing (14.65 s) : 14650000, 14650000
.   : milestone, 14650000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.967 s [14.967 s, 14.967 s] -
appsec 14.908 s [14.908 s, 14.908 s] -59.0 ms (-0.4%)
iast 17.886 s [17.886 s, 17.886 s] 2.919 s (19.5%)
iast_GLOBAL 17.726 s [17.726 s, 17.726 s] 2.759 s (18.4%)
profiling 15.026 s [15.026 s, 15.026 s] 59.0 ms (0.4%)
tracing 14.621 s [14.621 s, 14.621 s] -346.0 ms (-2.3%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.101 s [15.101 s, 15.101 s] -
appsec 14.703 s [14.703 s, 14.703 s] -398.0 ms (-2.6%)
iast 18.494 s [18.494 s, 18.494 s] 3.393 s (22.5%)
iast_GLOBAL 17.71 s [17.71 s, 17.71 s] 2.609 s (17.3%)
profiling 14.414 s [14.414 s, 14.414 s] -687.0 ms (-4.5%)
tracing 14.65 s [14.65 s, 14.65 s] -451.0 ms (-3.0%)
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.57.0-SNAPSHOT~b36e3fe520, baseline=1.57.0-SNAPSHOT~3101a85cf1
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.471 ms) : 1460, 1483
.   : milestone, 1471,
appsec (2.516 ms) : 2461, 2570
.   : milestone, 2516,
iast (2.21 ms) : 2146, 2274
.   : milestone, 2210,
iast_GLOBAL (2.262 ms) : 2197, 2327
.   : milestone, 2262,
profiling (2.086 ms) : 2032, 2140
.   : milestone, 2086,
tracing (2.028 ms) : 1978, 2079
.   : milestone, 2028,
section candidate
no_agent (1.472 ms) : 1460, 1483
.   : milestone, 1472,
appsec (3.655 ms) : 3441, 3869
.   : milestone, 3655,
iast (2.222 ms) : 2157, 2287
.   : milestone, 2222,
iast_GLOBAL (2.257 ms) : 2192, 2322
.   : milestone, 2257,
profiling (2.097 ms) : 2042, 2151
.   : milestone, 2097,
tracing (2.049 ms) : 1998, 2100
.   : milestone, 2049,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.471 ms [1.46 ms, 1.483 ms] -
appsec 2.516 ms [2.461 ms, 2.57 ms] 1.045 ms (71.0%)
iast 2.21 ms [2.146 ms, 2.274 ms] 738.744 µs (50.2%)
iast_GLOBAL 2.262 ms [2.197 ms, 2.327 ms] 790.472 µs (53.7%)
profiling 2.086 ms [2.032 ms, 2.14 ms] 614.813 µs (41.8%)
tracing 2.028 ms [1.978 ms, 2.079 ms] 556.933 µs (37.9%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.472 ms [1.46 ms, 1.483 ms] -
appsec 3.655 ms [3.441 ms, 3.869 ms] 2.183 ms (148.3%)
iast 2.222 ms [2.157 ms, 2.287 ms] 750.442 µs (51.0%)
iast_GLOBAL 2.257 ms [2.192 ms, 2.322 ms] 785.155 µs (53.4%)
profiling 2.097 ms [2.042 ms, 2.151 ms] 625.077 µs (42.5%)
tracing 2.049 ms [1.998 ms, 2.1 ms] 577.14 µs (39.2%)

@AlexeyKuznetsov-DD AlexeyKuznetsov-DD added the tag: do not merge Do not merge changes label Dec 15, 2025
@PerfectSlayer
Copy link
Contributor

PerfectSlayer commented Dec 18, 2025

@dependabot rebase

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 18, 2025

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PerfectSlayer PerfectSlayer PerfectSlayer approved these changes

@amarziali amarziali Awaiting requested review from amarziali amarziali is a code owner automatically assigned from DataDog/apm-lang-platform-java

Assignees

No one assigned

Labels

comp: tooling Build & Tooling tag: dependencies Dependencies related changes tag: do not merge Do not merge changes tag: no release notes Changes to exclude from release notes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@PerfectSlayer @amarziali @AlexeyKuznetsov-DD