Skip to content

chore(ci): bump the gh-actions-packages group with 3 updates#10728

Merged
gh-worker-dd-mergequeue-cf854d[bot] merged 1 commit into
masterfrom
dependabot/github_actions/gh-actions-packages-e3c7f8e8b5
Mar 3, 2026
Merged

chore(ci): bump the gh-actions-packages group with 3 updates#10728
gh-worker-dd-mergequeue-cf854d[bot] merged 1 commit into
masterfrom
dependabot/github_actions/gh-actions-packages-e3c7f8e8b5

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 3, 2026

Bumps the gh-actions-packages group with 3 updates: github/codeql-action, aquasecurity/trivy-action and actions/upload-artifact.

Updates github/codeql-action from 4.32.4 to 4.32.5

Release notes

Sourced from github/codeql-action's releases.

v4.32.5

  • Repositories owned by an organization can now set up the github-codeql-disable-overlay custom repository property to disable improved incremental analysis for CodeQL. First, create a custom repository property with the name github-codeql-disable-overlay and the type "True/false" in the organization's settings. Then in the repository's settings, set this property to true to disable improved incremental analysis. For more information, see Managing custom properties for repositories in your organization. This feature is not yet available on GitHub Enterprise Server. #3507
  • Added an experimental change so that when improved incremental analysis fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. #3487
  • The minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. #3515
  • Reduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. #3516
  • Added an experimental change which lowers the minimum disk space requirement for improved incremental analysis, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. #3498
  • Added an experimental change which allows the start-proxy action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. #3512
  • The previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. #3503, #3504
Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.32.5 - 02 Mar 2026

  • Repositories owned by an organization can now set up the github-codeql-disable-overlay custom repository property to disable improved incremental analysis for CodeQL. First, create a custom repository property with the name github-codeql-disable-overlay and the type "True/false" in the organization's settings. Then in the repository's settings, set this property to true to disable improved incremental analysis. For more information, see Managing custom properties for repositories in your organization. This feature is not yet available on GitHub Enterprise Server. #3507
  • Added an experimental change so that when improved incremental analysis fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. #3487
  • The minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. #3515
  • Reduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. #3516
  • Added an experimental change which lowers the minimum disk space requirement for improved incremental analysis, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. #3498
  • Added an experimental change which allows the start-proxy action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. #3512
  • The previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. #3503, #3504

4.32.4 - 20 Feb 2026

  • Update default CodeQL bundle version to 2.24.2. #3493
  • Added an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when private package registries are configured. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. #3473
  • When the CodeQL Action is run with debugging enabled in Default Setup and private package registries are configured, the "Setup proxy for registries" step will output additional diagnostic information that can be used for troubleshooting. #3486
  • Added a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. #3485
  • Added a setting which enables GitHub-managed workflows, such as Default Setup, to use a nightly CodeQL CLI release instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. #3484

4.32.3 - 13 Feb 2026

  • Added experimental support for testing connections to private package registries. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. #3466

4.32.2 - 05 Feb 2026

  • Update default CodeQL bundle version to 2.24.1. #3460

4.32.1 - 02 Feb 2026

  • A warning is now shown in Default Setup workflow logs if a private package registry is configured using a GitHub Personal Access Token (PAT), but no username is configured. #3422
  • Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. #3421

4.32.0 - 26 Jan 2026

  • Update default CodeQL bundle version to 2.24.0. #3425

4.31.11 - 23 Jan 2026

  • When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409
  • Improved error handling throughout the CodeQL Action. #3415
  • Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318
  • The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403

... (truncated)

Commits
  • c793b71 Merge pull request #3523 from github/update-v4.32.5-ca42bf226
  • 06cd615 Soften language re overlay failures
  • f5516c6 Improve changelog
  • 97519e1 Update release date
  • 05259a1 Add more changelog notes
  • 01ee2f7 Add changelog notes
  • c72d9a4 Update changelog for v4.32.5
  • ca42bf2 Merge pull request #3522 from github/henrymercer/update-supported-versions-table
  • 6704d80 Merge pull request #3520 from github/dependabot/npm_and_yarn/fast-xml-parser-...
  • 76348c0 Merge pull request #3521 from github/dependabot/npm_and_yarn/minimatch-3.1.5
  • Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.34.1 to 0.34.2

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.34.2

What's Changed

New Contributors

Full Changelog: aquasecurity/trivy-action@0.34.1...0.34.2

Commits
  • 97e0b38 chore: bump Trivy version to v0.69.2 in test workflow and README (#515)
  • 4c61e63 chore: bump default Trivy version to v0.69.2 (#513)
  • 1bd0625 Merge pull request #508 from nikpivkin/feat/pass-yaml-ignore-file
  • bce3086 remove unused init-cache target
  • 5a9fbb1 supress progress bar when download db
  • 1615450 update trivyignores input description
  • df85774 add comment about fd3
  • 56c8dae remove unused variable
  • 6476b93 feat: support for YAML ignore file
  • See full diff in compare view

Updates actions/upload-artifact from 6.0.0 to 7.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(ci): bump the gh-actions-packages group with 3 updates
f5e5646 
Bumps the gh-actions-packages group with 3 updates: [github/codeql-action](https://github.com/github/codeql-action), [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact).


Updates `github/codeql-action` from 4.32.4 to 4.32.5
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@89a39a4...c793b71)

Updates `aquasecurity/trivy-action` from 0.34.1 to 0.34.2
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@e368e32...97e0b38)

Updates `actions/upload-artifact` from 6.0.0 to 7.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@b7c566a...bbbca2d)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.32.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gh-actions-packages
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.34.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gh-actions-packages
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gh-actions-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added comp: tooling Build & Tooling tag: dependencies Dependencies related changes tag: no release notes Changes to exclude from release notes labels Mar 3, 2026
@dependabot dependabot Bot requested a review from a team as a code owner March 3, 2026 17:28
@dependabot dependabot Bot requested review from bric3 and removed request for a team March 3, 2026 17:28
@dependabot dependabot Bot added tag: no release notes Changes to exclude from release notes tag: dependencies Dependencies related changes comp: tooling Build & Tooling labels Mar 3, 2026
@pr-commenter
Copy link
Copy Markdown

pr-commenter Bot commented Mar 3, 2026

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master dependabot/github_actions/gh-actions-packages-e3c7f8e8b5
git_commit_date 1772556429 1772558928
git_commit_sha 9b93366 f5e5646
release_version 1.61.0-SNAPSHOT~9b93366972 1.61.0-SNAPSHOT~f5e56462b7
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1772560591 1772560591
ci_job_id 1472122486 1472122486
ci_pipeline_id 100096842 100096842
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-ls54hw2g 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-ls54hw2g 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 67 metrics, 4 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.61.0-SNAPSHOT~f5e56462b7, baseline=1.61.0-SNAPSHOT~9b93366972

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.07 s) : 0, 1069620
Total [baseline] (11.223 s) : 0, 11222897
Agent [candidate] (1.066 s) : 0, 1066018
Total [candidate] (11.077 s) : 0, 11076931
section appsec
Agent [baseline] (1.245 s) : 0, 1245400
Total [baseline] (11.137 s) : 0, 11136585
Agent [candidate] (1.245 s) : 0, 1245144
Total [candidate] (11.139 s) : 0, 11139112
section iast
Agent [baseline] (1.235 s) : 0, 1235164
Total [baseline] (11.402 s) : 0, 11402331
Agent [candidate] (1.224 s) : 0, 1223865
Total [candidate] (11.34 s) : 0, 11339526
section profiling
Agent [baseline] (1.189 s) : 0, 1189402
Total [baseline] (11.05 s) : 0, 11049988
Agent [candidate] (1.185 s) : 0, 1185420
Total [candidate] (11.106 s) : 0, 11106361
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.07 s -
Agent appsec 1.245 s 175.78 ms (16.4%)
Agent iast 1.235 s 165.544 ms (15.5%)
Agent profiling 1.189 s 119.782 ms (11.2%)
Total tracing 11.223 s -
Total appsec 11.137 s -86.312 ms (-0.8%)
Total iast 11.402 s 179.434 ms (1.6%)
Total profiling 11.05 s -172.909 ms (-1.5%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.066 s -
Agent appsec 1.245 s 179.126 ms (16.8%)
Agent iast 1.224 s 157.847 ms (14.8%)
Agent profiling 1.185 s 119.402 ms (11.2%)
Total tracing 11.077 s -
Total appsec 11.139 s 62.181 ms (0.6%)
Total iast 11.34 s 262.595 ms (2.4%)
Total profiling 11.106 s 29.43 ms (0.3%) 
gantt
    title petclinic - break down per module: candidate=1.61.0-SNAPSHOT~f5e56462b7, baseline=1.61.0-SNAPSHOT~9b93366972

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.214 ms) : 0, 1214
crashtracking [candidate] (1.187 ms) : 0, 1187
BytebuddyAgent [baseline] (636.624 ms) : 0, 636624
BytebuddyAgent [candidate] (631.213 ms) : 0, 631213
AgentMeter [baseline] (29.516 ms) : 0, 29516
AgentMeter [candidate] (29.231 ms) : 0, 29231
GlobalTracer [baseline] (259.781 ms) : 0, 259781
GlobalTracer [candidate] (258.464 ms) : 0, 258464
AppSec [baseline] (31.815 ms) : 0, 31815
AppSec [candidate] (31.657 ms) : 0, 31657
Debugger [baseline] (59.992 ms) : 0, 59992
Debugger [candidate] (59.621 ms) : 0, 59621
Remote Config [baseline] (597.934 µs) : 0, 598
Remote Config [candidate] (593.617 µs) : 0, 594
Telemetry [baseline] (8.837 ms) : 0, 8837
Telemetry [candidate] (8.673 ms) : 0, 8673
Flare Poller [baseline] (5.004 ms) : 0, 5004
Flare Poller [candidate] (9.384 ms) : 0, 9384
section appsec
crashtracking [baseline] (1.19 ms) : 0, 1190
crashtracking [candidate] (1.183 ms) : 0, 1183
BytebuddyAgent [baseline] (657.785 ms) : 0, 657785
BytebuddyAgent [candidate] (657.417 ms) : 0, 657417
AgentMeter [baseline] (12.023 ms) : 0, 12023
AgentMeter [candidate] (12.007 ms) : 0, 12007
GlobalTracer [baseline] (257.938 ms) : 0, 257938
GlobalTracer [candidate] (258.152 ms) : 0, 258152
IAST [baseline] (23.966 ms) : 0, 23966
IAST [candidate] (23.928 ms) : 0, 23928
AppSec [baseline] (177.511 ms) : 0, 177511
AppSec [candidate] (177.613 ms) : 0, 177613
Debugger [baseline] (65.535 ms) : 0, 65535
Debugger [candidate] (65.301 ms) : 0, 65301
Remote Config [baseline] (572.368 µs) : 0, 572
Remote Config [candidate] (576.188 µs) : 0, 576
Telemetry [baseline] (9.009 ms) : 0, 9009
Telemetry [candidate] (9.107 ms) : 0, 9107
Flare Poller [baseline] (3.593 ms) : 0, 3593
Flare Poller [candidate] (3.619 ms) : 0, 3619
section iast
crashtracking [baseline] (1.202 ms) : 0, 1202
crashtracking [candidate] (1.193 ms) : 0, 1193
BytebuddyAgent [baseline] (802.171 ms) : 0, 802171
BytebuddyAgent [candidate] (794.025 ms) : 0, 794025
AgentMeter [baseline] (11.569 ms) : 0, 11569
AgentMeter [candidate] (11.267 ms) : 0, 11267
GlobalTracer [baseline] (248.388 ms) : 0, 248388
GlobalTracer [candidate] (246.574 ms) : 0, 246574
IAST [baseline] (25.359 ms) : 0, 25359
IAST [candidate] (25.133 ms) : 0, 25133
AppSec [baseline] (26.517 ms) : 0, 26517
AppSec [candidate] (26.228 ms) : 0, 26228
Debugger [baseline] (63.601 ms) : 0, 63601
Debugger [candidate] (63.363 ms) : 0, 63363
Remote Config [baseline] (526.565 µs) : 0, 527
Remote Config [candidate] (518.376 µs) : 0, 518
Telemetry [baseline] (14.838 ms) : 0, 14838
Telemetry [candidate] (14.764 ms) : 0, 14764
Flare Poller [baseline] (4.887 ms) : 0, 4887
Flare Poller [candidate] (4.883 ms) : 0, 4883
section profiling
crashtracking [baseline] (1.171 ms) : 0, 1171
crashtracking [candidate] (1.17 ms) : 0, 1170
BytebuddyAgent [baseline] (687.267 ms) : 0, 687267
BytebuddyAgent [candidate] (683.338 ms) : 0, 683338
AgentMeter [baseline] (8.65 ms) : 0, 8650
AgentMeter [candidate] (8.651 ms) : 0, 8651
GlobalTracer [baseline] (216.845 ms) : 0, 216845
GlobalTracer [candidate] (216.801 ms) : 0, 216801
AppSec [baseline] (31.999 ms) : 0, 31999
AppSec [candidate] (32.016 ms) : 0, 32016
Debugger [baseline] (63.062 ms) : 0, 63062
Debugger [candidate] (64.103 ms) : 0, 64103
Remote Config [baseline] (580.393 µs) : 0, 580
Remote Config [candidate] (577.796 µs) : 0, 578
Telemetry [baseline] (10.604 ms) : 0, 10604
Telemetry [candidate] (9.822 ms) : 0, 9822
Flare Poller [baseline] (3.545 ms) : 0, 3545
Flare Poller [candidate] (3.564 ms) : 0, 3564
ProfilingAgent [baseline] (94.473 ms) : 0, 94473
ProfilingAgent [candidate] (94.516 ms) : 0, 94516
Profiling [baseline] (95.04 ms) : 0, 95040
Profiling [candidate] (95.082 ms) : 0, 95082
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.61.0-SNAPSHOT~f5e56462b7, baseline=1.61.0-SNAPSHOT~9b93366972

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.056 s) : 0, 1056378
Total [baseline] (8.779 s) : 0, 8778860
Agent [candidate] (1.056 s) : 0, 1055745
Total [candidate] (8.823 s) : 0, 8823073
section iast
Agent [baseline] (1.224 s) : 0, 1223636
Total [baseline] (9.523 s) : 0, 9523304
Agent [candidate] (1.227 s) : 0, 1226633
Total [candidate] (9.516 s) : 0, 9516366
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.056 s -
Agent iast 1.224 s 167.258 ms (15.8%)
Total tracing 8.779 s -
Total iast 9.523 s 744.444 ms (8.5%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.056 s -
Agent iast 1.227 s 170.888 ms (16.2%)
Total tracing 8.823 s -
Total iast 9.516 s 693.293 ms (7.9%) 
gantt
    title insecure-bank - break down per module: candidate=1.61.0-SNAPSHOT~f5e56462b7, baseline=1.61.0-SNAPSHOT~9b93366972

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.185 ms) : 0, 1185
crashtracking [candidate] (1.181 ms) : 0, 1181
BytebuddyAgent [baseline] (628.285 ms) : 0, 628285
BytebuddyAgent [candidate] (626.923 ms) : 0, 626923
AgentMeter [baseline] (29.094 ms) : 0, 29094
AgentMeter [candidate] (29.029 ms) : 0, 29029
GlobalTracer [baseline] (256.386 ms) : 0, 256386
GlobalTracer [candidate] (256.614 ms) : 0, 256614
AppSec [baseline] (31.361 ms) : 0, 31361
AppSec [candidate] (31.269 ms) : 0, 31269
Debugger [baseline] (58.39 ms) : 0, 58390
Debugger [candidate] (58.282 ms) : 0, 58282
Remote Config [baseline] (584.495 µs) : 0, 584
Remote Config [candidate] (585.841 µs) : 0, 586
Telemetry [baseline] (8.69 ms) : 0, 8690
Telemetry [candidate] (8.642 ms) : 0, 8642
Flare Poller [baseline] (6.369 ms) : 0, 6369
Flare Poller [candidate] (7.208 ms) : 0, 7208
section iast
crashtracking [baseline] (1.181 ms) : 0, 1181
crashtracking [candidate] (1.189 ms) : 0, 1189
BytebuddyAgent [baseline] (794.667 ms) : 0, 794667
BytebuddyAgent [candidate] (796.411 ms) : 0, 796411
AgentMeter [baseline] (11.285 ms) : 0, 11285
AgentMeter [candidate] (11.35 ms) : 0, 11350
GlobalTracer [baseline] (246.714 ms) : 0, 246714
GlobalTracer [candidate] (247.438 ms) : 0, 247438
AppSec [baseline] (26.36 ms) : 0, 26360
AppSec [candidate] (26.332 ms) : 0, 26332
Debugger [baseline] (62.071 ms) : 0, 62071
Debugger [candidate] (62.57 ms) : 0, 62570
Remote Config [baseline] (523.206 µs) : 0, 523
Remote Config [candidate] (524.183 µs) : 0, 524
Telemetry [baseline] (14.747 ms) : 0, 14747
Telemetry [candidate] (14.779 ms) : 0, 14779
Flare Poller [baseline] (4.909 ms) : 0, 4909
Flare Poller [candidate] (4.841 ms) : 0, 4841
IAST [baseline] (25.169 ms) : 0, 25169
IAST [candidate] (25.148 ms) : 0, 25148
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master dependabot/github_actions/gh-actions-packages-e3c7f8e8b5
git_commit_date 1772556429 1772558928
git_commit_sha 9b93366 f5e5646
release_version 1.61.0-SNAPSHOT~9b93366972 1.61.0-SNAPSHOT~f5e56462b7
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1772561155 1772561155
ci_job_id 1472122487 1472122487
ci_pipeline_id 100096842 100096842
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-tfphxpvd 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-tfphxpvd 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 20 metrics, 15 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:petclinic:tracing:high_load better
[-1445.579µs; -545.030µs] or [-7.798%; -2.940%]		 unsure
[-1.816ms; -0.527ms] or [-6.011%; -1.743%]		 unstable
[-13.036op/s; +40.161op/s] or [-5.277%; +16.258%]		 17.542ms 29.046ms 260.594op/s 18.537ms 30.218ms 247.031op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.61.0-SNAPSHOT~f5e56462b7, baseline=1.61.0-SNAPSHOT~9b93366972
    dateFormat X
    axisFormat %s
section baseline
no_agent (18.167 ms) : 17983, 18352
.   : milestone, 18167,
appsec (18.528 ms) : 18335, 18720
.   : milestone, 18528,
code_origins (17.796 ms) : 17620, 17971
.   : milestone, 17796,
iast (17.738 ms) : 17562, 17914
.   : milestone, 17738,
profiling (18.991 ms) : 18796, 19185
.   : milestone, 18991,
tracing (18.895 ms) : 18705, 19085
.   : milestone, 18895,
section candidate
no_agent (19.09 ms) : 18895, 19284
.   : milestone, 19090,
appsec (18.78 ms) : 18588, 18972
.   : milestone, 18780,
code_origins (17.672 ms) : 17497, 17846
.   : milestone, 17672,
iast (17.89 ms) : 17709, 18070
.   : milestone, 17890,
profiling (18.686 ms) : 18499, 18872
.   : milestone, 18686,
tracing (17.905 ms) : 17724, 18086
.   : milestone, 17905,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 18.167 ms [17.983 ms, 18.352 ms] -
appsec 18.528 ms [18.335 ms, 18.72 ms] 360.146 µs (2.0%)
code_origins 17.796 ms [17.62 ms, 17.971 ms] -371.646 µs (-2.0%)
iast 17.738 ms [17.562 ms, 17.914 ms] -429.719 µs (-2.4%)
profiling 18.991 ms [18.796 ms, 19.185 ms] 823.065 µs (4.5%)
tracing 18.895 ms [18.705 ms, 19.085 ms] 727.381 µs (4.0%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 19.09 ms [18.895 ms, 19.284 ms] -
appsec 18.78 ms [18.588 ms, 18.972 ms] -309.246 µs (-1.6%)
code_origins 17.672 ms [17.497 ms, 17.846 ms] -1.418 ms (-7.4%)
iast 17.89 ms [17.709 ms, 18.07 ms] -1.2 ms (-6.3%)
profiling 18.686 ms [18.499 ms, 18.872 ms] -403.861 µs (-2.1%)
tracing 17.905 ms [17.724 ms, 18.086 ms] -1.184 ms (-6.2%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.61.0-SNAPSHOT~f5e56462b7, baseline=1.61.0-SNAPSHOT~9b93366972
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.178 ms) : 1167, 1190
.   : milestone, 1178,
iast (3.295 ms) : 3251, 3339
.   : milestone, 3295,
iast_FULL (5.766 ms) : 5708, 5824
.   : milestone, 5766,
iast_GLOBAL (3.581 ms) : 3519, 3643
.   : milestone, 3581,
profiling (2.009 ms) : 1992, 2026
.   : milestone, 2009,
tracing (1.826 ms) : 1809, 1842
.   : milestone, 1826,
section candidate
no_agent (1.181 ms) : 1169, 1193
.   : milestone, 1181,
iast (3.317 ms) : 3274, 3361
.   : milestone, 3317,
iast_FULL (5.895 ms) : 5835, 5955
.   : milestone, 5895,
iast_GLOBAL (3.68 ms) : 3616, 3743
.   : milestone, 3680,
profiling (2.14 ms) : 2120, 2161
.   : milestone, 2140,
tracing (1.824 ms) : 1810, 1839
.   : milestone, 1824,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.178 ms [1.167 ms, 1.19 ms] -
iast 3.295 ms [3.251 ms, 3.339 ms] 2.117 ms (179.6%)
iast_FULL 5.766 ms [5.708 ms, 5.824 ms] 4.588 ms (389.3%)
iast_GLOBAL 3.581 ms [3.519 ms, 3.643 ms] 2.403 ms (203.9%)
profiling 2.009 ms [1.992 ms, 2.026 ms] 830.514 µs (70.5%)
tracing 1.826 ms [1.809 ms, 1.842 ms] 647.147 µs (54.9%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.181 ms [1.169 ms, 1.193 ms] -
iast 3.317 ms [3.274 ms, 3.361 ms] 2.137 ms (180.9%)
iast_FULL 5.895 ms [5.835 ms, 5.955 ms] 4.714 ms (399.2%)
iast_GLOBAL 3.68 ms [3.616 ms, 3.743 ms] 2.499 ms (211.6%)
profiling 2.14 ms [2.12 ms, 2.161 ms] 959.521 µs (81.2%)
tracing 1.824 ms [1.81 ms, 1.839 ms] 643.472 µs (54.5%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master dependabot/github_actions/gh-actions-packages-e3c7f8e8b5
git_commit_date 1772556429 1772558928
git_commit_sha 9b93366 f5e5646
release_version 1.61.0-SNAPSHOT~9b93366972 1.61.0-SNAPSHOT~f5e56462b7
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1772560788 1772560788
ci_job_id 1472122488 1472122488
ci_pipeline_id 100096842 100096842
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-2-dflludq0 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-2-dflludq0 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 0 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:dacapo:tomcat:appsec better
[-1.396ms; -1.053ms] or [-37.238%; -28.109%]		 2.523ms 3.748ms
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.61.0-SNAPSHOT~f5e56462b7, baseline=1.61.0-SNAPSHOT~9b93366972
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.476 ms) : 1465, 1488
.   : milestone, 1476,
appsec (3.748 ms) : 3530, 3966
.   : milestone, 3748,
iast (2.265 ms) : 2195, 2334
.   : milestone, 2265,
iast_GLOBAL (2.304 ms) : 2234, 2373
.   : milestone, 2304,
profiling (2.111 ms) : 2055, 2167
.   : milestone, 2111,
tracing (2.097 ms) : 2042, 2151
.   : milestone, 2097,
section candidate
no_agent (1.48 ms) : 1468, 1491
.   : milestone, 1480,
appsec (2.523 ms) : 2468, 2578
.   : milestone, 2523,
iast (2.267 ms) : 2197, 2336
.   : milestone, 2267,
iast_GLOBAL (2.304 ms) : 2235, 2374
.   : milestone, 2304,
profiling (2.11 ms) : 2053, 2167
.   : milestone, 2110,
tracing (2.096 ms) : 2041, 2151
.   : milestone, 2096,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.476 ms [1.465 ms, 1.488 ms] -
appsec 3.748 ms [3.53 ms, 3.966 ms] 2.272 ms (153.9%)
iast 2.265 ms [2.195 ms, 2.334 ms] 788.641 µs (53.4%)
iast_GLOBAL 2.304 ms [2.234 ms, 2.373 ms] 827.333 µs (56.0%)
profiling 2.111 ms [2.055 ms, 2.167 ms] 634.839 µs (43.0%)
tracing 2.097 ms [2.042 ms, 2.151 ms] 620.452 µs (42.0%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.48 ms [1.468 ms, 1.491 ms] -
appsec 2.523 ms [2.468 ms, 2.578 ms] 1.043 ms (70.5%)
iast 2.267 ms [2.197 ms, 2.336 ms] 786.96 µs (53.2%)
iast_GLOBAL 2.304 ms [2.235 ms, 2.374 ms] 824.61 µs (55.7%)
profiling 2.11 ms [2.053 ms, 2.167 ms] 630.026 µs (42.6%)
tracing 2.096 ms [2.041 ms, 2.151 ms] 616.151 µs (41.6%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.61.0-SNAPSHOT~f5e56462b7, baseline=1.61.0-SNAPSHOT~9b93366972
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.055 s) : 15055000, 15055000
.   : milestone, 15055000,
appsec (14.909 s) : 14909000, 14909000
.   : milestone, 14909000,
iast (18.014 s) : 18014000, 18014000
.   : milestone, 18014000,
iast_GLOBAL (17.653 s) : 17653000, 17653000
.   : milestone, 17653000,
profiling (15.176 s) : 15176000, 15176000
.   : milestone, 15176000,
tracing (14.999 s) : 14999000, 14999000
.   : milestone, 14999000,
section candidate
no_agent (15.53 s) : 15530000, 15530000
.   : milestone, 15530000,
appsec (14.776 s) : 14776000, 14776000
.   : milestone, 14776000,
iast (18.066 s) : 18066000, 18066000
.   : milestone, 18066000,
iast_GLOBAL (17.636 s) : 17636000, 17636000
.   : milestone, 17636000,
profiling (14.996 s) : 14996000, 14996000
.   : milestone, 14996000,
tracing (15.134 s) : 15134000, 15134000
.   : milestone, 15134000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.055 s [15.055 s, 15.055 s] -
appsec 14.909 s [14.909 s, 14.909 s] -146.0 ms (-1.0%)
iast 18.014 s [18.014 s, 18.014 s] 2.959 s (19.7%)
iast_GLOBAL 17.653 s [17.653 s, 17.653 s] 2.598 s (17.3%)
profiling 15.176 s [15.176 s, 15.176 s] 121.0 ms (0.8%)
tracing 14.999 s [14.999 s, 14.999 s] -56.0 ms (-0.4%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.53 s [15.53 s, 15.53 s] -
appsec 14.776 s [14.776 s, 14.776 s] -754.0 ms (-4.9%)
iast 18.066 s [18.066 s, 18.066 s] 2.536 s (16.3%)
iast_GLOBAL 17.636 s [17.636 s, 17.636 s] 2.106 s (13.6%)
profiling 14.996 s [14.996 s, 14.996 s] -534.0 ms (-3.4%)
tracing 15.134 s [15.134 s, 15.134 s] -396.0 ms (-2.5%)

@AlexeyKuznetsov-DD
Copy link
Copy Markdown
Contributor

AlexeyKuznetsov-DD commented Mar 3, 2026

/merge -f --reason "GitHub actions only"

@gh-worker-devflow-routing-ef8351
Copy link
Copy Markdown

gh-worker-devflow-routing-ef8351 Bot commented Mar 3, 2026
edited
Loading

View all feedbacks in Devflow UI.

2026-03-03 23:44:15 UTC ℹ️ Start processing command /merge -f --reason "GitHub actions only"

2026-03-03 23:44:19 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in master is approximately 0s (p90).

2026-03-03 23:44:29 UTC ℹ️ MergeQueue: This merge request was merged

Warning

This change was merged without running any pre merge CI checks

Reason: GitHub actions only

@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot merged commit cf6146b into master Mar 3, 2026
573 of 579 checks passed
@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot deleted the dependabot/github_actions/gh-actions-packages-e3c7f8e8b5 branch March 3, 2026 23:44
@github-actions github-actions Bot added this to the 1.61.0 milestone Mar 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AlexeyKuznetsov-DD AlexeyKuznetsov-DD AlexeyKuznetsov-DD approved these changes

@bric3 bric3 Awaiting requested review from bric3 bric3 is a code owner automatically assigned from DataDog/apm-lang-platform-java

Assignees

No one assigned

Labels

comp: tooling Build & Tooling tag: dependencies Dependencies related changes tag: no release notes Changes to exclude from release notes

Projects

None yet

Milestone

1.61.0

Development

Successfully merging this pull request may close these issues.

1 participant

@AlexeyKuznetsov-DD