Skip to content

chore(ci): bump github/codeql-action from 4.31.8 to 4.31.9 in the gh-actions-packages group #10266

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
PerfectSlayer merged 1 commit into from
Dec 23, 2025
Merged

chore(ci): bump github/codeql-action from 4.31.8 to 4.31.9 in the gh-actions-packages group #10266

PerfectSlayer merged 1 commit into from
Dec 23, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 22, 2025

Bumps the gh-actions-packages group with 1 update: github/codeql-action.

Updates github/codeql-action from 4.31.8 to 4.31.9

Release notes

Sourced from github/codeql-action's releases.

v4.31.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.9 - 16 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.9 - 16 Dec 2025

No user facing changes.

4.31.8 - 11 Dec 2025

  • Update default CodeQL bundle version to 2.23.8. #3354

4.31.7 - 05 Dec 2025

  • Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

  • Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

  • CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
  • Update default CodeQL bundle version to 2.23.5. #3288

4.31.2 - 30 Oct 2025

No user facing changes.

4.31.1 - 30 Oct 2025

  • The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

4.31.0 - 24 Oct 2025

  • Bump minimum CodeQL bundle version to 2.17.6. #3223
  • When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

... (truncated)

Commits
  • 5d4e8d1 Merge pull request #3371 from github/update-v4.31.9-998798e34
  • 1dc115f Update changelog for v4.31.9
  • 998798e Merge pull request #3352 from github/nickrolfe/jar-min-ff-cleanup
  • 5eb7519 Merge pull request #3358 from github/henrymercer/database-upload-telemetry
  • d29eddb Extract version number to constant
  • e962687 Merge branch 'main' into henrymercer/database-upload-telemetry
  • 19c7f96 Rename isOverlayBase
  • ae5de9a Use getErrorMessage in log too
  • 0cb8633 Prefer performance.now()
  • c07cc0d Merge pull request #3351 from github/henrymercer/ghec-dr-determine-tools-vers...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(ci): bump github/codeql-action in the gh-actions-packages group
149bdc4 
Bumps the gh-actions-packages group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 4.31.8 to 4.31.9
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@1b168cd...5d4e8d1)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gh-actions-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added comp: tooling Build & Tooling tag: dependencies Dependencies related changes tag: no release notes Changes to exclude from release notes labels Dec 22, 2025
@dependabot dependabot bot requested a review from a team as a code owner December 22, 2025 17:25
@dependabot dependabot bot requested review from sarahchen6 and removed request for a team December 22, 2025 17:25
@dependabot dependabot bot added tag: no release notes Changes to exclude from release notes tag: dependencies Dependencies related changes comp: tooling Build & Tooling labels Dec 22, 2025
@pr-commenter
Copy link

pr-commenter bot commented Dec 22, 2025

Benchmarks

⚠️ Warning: Baseline build not found for merge-base commit. Comparing against the latest commit on master instead.

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master dependabot/github_actions/gh-actions-packages-34cf0c888b
git_commit_date 1766393242 1766424343
git_commit_sha a69554e 149bdc4
release_version 1.58.0-SNAPSHOT~a69554eb6e 1.58.0-SNAPSHOT~149bdc4817
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1766426181 1766426181
ci_job_id 1314108861 1314108861
ci_pipeline_id 88083714 88083714
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-o2heqq1y 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-o2heqq1y 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 1 performance regressions! Performance is the same for 58 metrics, 6 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:startup:petclinic:tracing:Remote Config worse
[+15.900µs; +67.566µs] or [+2.603%; +11.059%]		 652.662µs 610.930µs
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.58.0-SNAPSHOT~149bdc4817, baseline=1.58.0-SNAPSHOT~a69554eb6e

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.085 s) : 0, 1084622
Total [baseline] (8.727 s) : 0, 8726546
Agent [candidate] (1.084 s) : 0, 1083624
Total [candidate] (8.74 s) : 0, 8739767
section iast
Agent [baseline] (1.223 s) : 0, 1222934
Total [baseline] (9.295 s) : 0, 9294738
Agent [candidate] (1.233 s) : 0, 1232745
Total [candidate] (9.297 s) : 0, 9296744
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.085 s -
Agent iast 1.223 s 138.312 ms (12.8%)
Total tracing 8.727 s -
Total iast 9.295 s 568.192 ms (6.5%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.084 s -
Agent iast 1.233 s 149.121 ms (13.8%)
Total tracing 8.74 s -
Total iast 9.297 s 556.977 ms (6.4%) 
gantt
    title insecure-bank - break down per module: candidate=1.58.0-SNAPSHOT~149bdc4817, baseline=1.58.0-SNAPSHOT~a69554eb6e

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.188 ms) : 0, 1188
crashtracking [candidate] (1.185 ms) : 0, 1185
BytebuddyAgent [baseline] (652.556 ms) : 0, 652556
BytebuddyAgent [candidate] (651.429 ms) : 0, 651429
GlobalTracer [baseline] (282.301 ms) : 0, 282301
GlobalTracer [candidate] (282.497 ms) : 0, 282497
AppSec [baseline] (32.576 ms) : 0, 32576
AppSec [candidate] (32.666 ms) : 0, 32666
Debugger [baseline] (67.135 ms) : 0, 67135
Debugger [candidate] (67.096 ms) : 0, 67096
Remote Config [baseline] (613.683 µs) : 0, 614
Remote Config [candidate] (614.152 µs) : 0, 614
Telemetry [baseline] (8.937 ms) : 0, 8937
Telemetry [candidate] (8.943 ms) : 0, 8943
Flare Poller [baseline] (3.704 ms) : 0, 3704
Flare Poller [candidate] (3.699 ms) : 0, 3699
section iast
crashtracking [baseline] (1.193 ms) : 0, 1193
crashtracking [candidate] (1.193 ms) : 0, 1193
BytebuddyAgent [baseline] (791.774 ms) : 0, 791774
BytebuddyAgent [candidate] (799.178 ms) : 0, 799178
GlobalTracer [baseline] (255.337 ms) : 0, 255337
GlobalTracer [candidate] (257.252 ms) : 0, 257252
IAST [baseline] (26.917 ms) : 0, 26917
IAST [candidate] (27.35 ms) : 0, 27350
AppSec [baseline] (34.351 ms) : 0, 34351
AppSec [candidate] (34.114 ms) : 0, 34114
Debugger [baseline] (65.324 ms) : 0, 65324
Debugger [candidate] (65.293 ms) : 0, 65293
Remote Config [baseline] (582.209 µs) : 0, 582
Remote Config [candidate] (581.992 µs) : 0, 582
Telemetry [baseline] (8.429 ms) : 0, 8429
Telemetry [candidate] (8.516 ms) : 0, 8516
Flare Poller [baseline] (3.463 ms) : 0, 3463
Flare Poller [candidate] (3.524 ms) : 0, 3524
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.58.0-SNAPSHOT~149bdc4817, baseline=1.58.0-SNAPSHOT~a69554eb6e

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.09 s) : 0, 1089517
Total [baseline] (10.753 s) : 0, 10752682
Agent [candidate] (1.099 s) : 0, 1098719
Total [candidate] (10.819 s) : 0, 10819348
section appsec
Agent [baseline] (1.271 s) : 0, 1271387
Total [baseline] (10.882 s) : 0, 10881768
Agent [candidate] (1.268 s) : 0, 1268162
Total [candidate] (10.875 s) : 0, 10874632
section iast
Agent [baseline] (1.241 s) : 0, 1240674
Total [baseline] (11.235 s) : 0, 11235177
Agent [candidate] (1.231 s) : 0, 1230842
Total [candidate] (11.199 s) : 0, 11198536
section profiling
Agent [baseline] (1.216 s) : 0, 1215929
Total [baseline] (11.04 s) : 0, 11040461
Agent [candidate] (1.208 s) : 0, 1207748
Total [candidate] (10.913 s) : 0, 10912516
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.09 s -
Agent appsec 1.271 s 181.871 ms (16.7%)
Agent iast 1.241 s 151.157 ms (13.9%)
Agent profiling 1.216 s 126.412 ms (11.6%)
Total tracing 10.753 s -
Total appsec 10.882 s 129.087 ms (1.2%)
Total iast 11.235 s 482.495 ms (4.5%)
Total profiling 11.04 s 287.779 ms (2.7%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.099 s -
Agent appsec 1.268 s 169.443 ms (15.4%)
Agent iast 1.231 s 132.123 ms (12.0%)
Agent profiling 1.208 s 109.029 ms (9.9%)
Total tracing 10.819 s -
Total appsec 10.875 s 55.284 ms (0.5%)
Total iast 11.199 s 379.188 ms (3.5%)
Total profiling 10.913 s 93.168 ms (0.9%) 
gantt
    title petclinic - break down per module: candidate=1.58.0-SNAPSHOT~149bdc4817, baseline=1.58.0-SNAPSHOT~a69554eb6e

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.187 ms) : 0, 1187
crashtracking [candidate] (1.2 ms) : 0, 1200
BytebuddyAgent [baseline] (654.969 ms) : 0, 654969
BytebuddyAgent [candidate] (659.932 ms) : 0, 659932
GlobalTracer [baseline] (283.288 ms) : 0, 283288
GlobalTracer [candidate] (285.752 ms) : 0, 285752
AppSec [baseline] (32.892 ms) : 0, 32892
AppSec [candidate] (33.02 ms) : 0, 33020
Debugger [baseline] (68.326 ms) : 0, 68326
Debugger [candidate] (69.261 ms) : 0, 69261
Remote Config [baseline] (610.93 µs) : 0, 611
Remote Config [candidate] (652.662 µs) : 0, 653
Telemetry [baseline] (8.942 ms) : 0, 8942
Telemetry [candidate] (9.193 ms) : 0, 9193
Flare Poller [baseline] (3.679 ms) : 0, 3679
Flare Poller [candidate] (3.856 ms) : 0, 3856
section appsec
crashtracking [baseline] (1.185 ms) : 0, 1185
crashtracking [candidate] (1.2 ms) : 0, 1200
BytebuddyAgent [baseline] (696.848 ms) : 0, 696848
BytebuddyAgent [candidate] (693.475 ms) : 0, 693475
GlobalTracer [baseline] (259.239 ms) : 0, 259239
GlobalTracer [candidate] (258.245 ms) : 0, 258245
IAST [baseline] (24.939 ms) : 0, 24939
IAST [candidate] (24.785 ms) : 0, 24785
AppSec [baseline] (173.898 ms) : 0, 173898
AppSec [candidate] (174.321 ms) : 0, 174321
Debugger [baseline] (66.073 ms) : 0, 66073
Debugger [candidate] (66.802 ms) : 0, 66802
Remote Config [baseline] (767.432 µs) : 0, 767
Remote Config [candidate] (795.341 µs) : 0, 795
Telemetry [baseline] (9.351 ms) : 0, 9351
Telemetry [candidate] (9.46 ms) : 0, 9460
Flare Poller [baseline] (3.612 ms) : 0, 3612
Flare Poller [candidate] (3.608 ms) : 0, 3608
section iast
crashtracking [baseline] (1.206 ms) : 0, 1206
crashtracking [candidate] (1.179 ms) : 0, 1179
BytebuddyAgent [baseline] (804.625 ms) : 0, 804625
BytebuddyAgent [candidate] (796.82 ms) : 0, 796820
GlobalTracer [baseline] (258.666 ms) : 0, 258666
GlobalTracer [candidate] (256.856 ms) : 0, 256856
IAST [baseline] (27.496 ms) : 0, 27496
IAST [candidate] (27.266 ms) : 0, 27266
AppSec [baseline] (34.529 ms) : 0, 34529
AppSec [candidate] (34.36 ms) : 0, 34360
Debugger [baseline] (65.834 ms) : 0, 65834
Debugger [candidate] (66.347 ms) : 0, 66347
Remote Config [baseline] (600.811 µs) : 0, 601
Remote Config [candidate] (568.639 µs) : 0, 569
Telemetry [baseline] (8.499 ms) : 0, 8499
Telemetry [candidate] (8.531 ms) : 0, 8531
Flare Poller [baseline] (3.519 ms) : 0, 3519
Flare Poller [candidate] (3.523 ms) : 0, 3523
section profiling
crashtracking [baseline] (1.223 ms) : 0, 1223
crashtracking [candidate] (1.248 ms) : 0, 1248
BytebuddyAgent [baseline] (709.197 ms) : 0, 709197
BytebuddyAgent [candidate] (705.352 ms) : 0, 705352
GlobalTracer [baseline] (222.402 ms) : 0, 222402
GlobalTracer [candidate] (220.732 ms) : 0, 220732
AppSec [baseline] (32.738 ms) : 0, 32738
AppSec [candidate] (32.039 ms) : 0, 32039
Debugger [baseline] (68.578 ms) : 0, 68578
Debugger [candidate] (68.414 ms) : 0, 68414
Remote Config [baseline] (651.855 µs) : 0, 652
Remote Config [candidate] (642.459 µs) : 0, 642
Telemetry [baseline] (8.817 ms) : 0, 8817
Telemetry [candidate] (8.835 ms) : 0, 8835
Flare Poller [baseline] (3.712 ms) : 0, 3712
Flare Poller [candidate] (3.753 ms) : 0, 3753
ProfilingAgent [baseline] (98.22 ms) : 0, 98220
ProfilingAgent [candidate] (96.816 ms) : 0, 96816
Profiling [baseline] (98.823 ms) : 0, 98823
Profiling [candidate] (97.391 ms) : 0, 97391
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master dependabot/github_actions/gh-actions-packages-34cf0c888b
git_commit_date 1766393242 1766424343
git_commit_sha a69554e 149bdc4
release_version 1.58.0-SNAPSHOT~a69554eb6e 1.58.0-SNAPSHOT~149bdc4817
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1766426674 1766426674
ci_job_id 1314108862 1314108862
ci_pipeline_id 88083714 88083714
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-sste3m5r 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-sste3m5r 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 19 metrics, 16 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:insecure-bank:iast_GLOBAL:high_load better
[-225.558µs; -112.755µs] or [-7.968%; -3.983%]		 same
[-418.677µs; +12.367µs] or [-5.304%; +0.157%]		 unstable
[-89.270op/s; +199.520op/s] or [-6.953%; +15.540%]		 2.662ms 7.691ms 1339.031op/s 2.831ms 7.894ms 1283.906op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.58.0-SNAPSHOT~149bdc4817, baseline=1.58.0-SNAPSHOT~a69554eb6e
    dateFormat X
    axisFormat %s
section baseline
no_agent (18.223 ms) : 18035, 18411
.   : milestone, 18223,
appsec (18.507 ms) : 18321, 18694
.   : milestone, 18507,
code_origins (17.799 ms) : 17620, 17979
.   : milestone, 17799,
iast (17.952 ms) : 17769, 18134
.   : milestone, 17952,
profiling (18.607 ms) : 18420, 18793
.   : milestone, 18607,
tracing (17.822 ms) : 17646, 17999
.   : milestone, 17822,
section candidate
no_agent (19.175 ms) : 18975, 19375
.   : milestone, 19175,
appsec (18.474 ms) : 18286, 18663
.   : milestone, 18474,
code_origins (17.843 ms) : 17664, 18022
.   : milestone, 17843,
iast (17.564 ms) : 17394, 17733
.   : milestone, 17564,
profiling (18.67 ms) : 18482, 18857
.   : milestone, 18670,
tracing (17.699 ms) : 17522, 17877
.   : milestone, 17699,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 18.223 ms [18.035 ms, 18.411 ms] -
appsec 18.507 ms [18.321 ms, 18.694 ms] 284.624 µs (1.6%)
code_origins 17.799 ms [17.62 ms, 17.979 ms] -423.635 µs (-2.3%)
iast 17.952 ms [17.769 ms, 18.134 ms] -271.11 µs (-1.5%)
profiling 18.607 ms [18.42 ms, 18.793 ms] 383.821 µs (2.1%)
tracing 17.822 ms [17.646 ms, 17.999 ms] -400.697 µs (-2.2%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 19.175 ms [18.975 ms, 19.375 ms] -
appsec 18.474 ms [18.286 ms, 18.663 ms] -700.746 µs (-3.7%)
code_origins 17.843 ms [17.664 ms, 18.022 ms] -1.333 ms (-6.9%)
iast 17.564 ms [17.394 ms, 17.733 ms] -1.611 ms (-8.4%)
profiling 18.67 ms [18.482 ms, 18.857 ms] -505.668 µs (-2.6%)
tracing 17.699 ms [17.522 ms, 17.877 ms] -1.476 ms (-7.7%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.58.0-SNAPSHOT~149bdc4817, baseline=1.58.0-SNAPSHOT~a69554eb6e
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.169 ms) : 1158, 1180
.   : milestone, 1169,
iast (3.068 ms) : 3030, 3105
.   : milestone, 3068,
iast_FULL (5.49 ms) : 5437, 5544
.   : milestone, 5490,
iast_GLOBAL (3.569 ms) : 3517, 3622
.   : milestone, 3569,
profiling (2.082 ms) : 2063, 2100
.   : milestone, 2082,
tracing (1.764 ms) : 1751, 1778
.   : milestone, 1764,
section candidate
no_agent (1.199 ms) : 1187, 1211
.   : milestone, 1199,
iast (3.16 ms) : 3114, 3205
.   : milestone, 3160,
iast_FULL (5.527 ms) : 5473, 5580
.   : milestone, 5527,
iast_GLOBAL (3.421 ms) : 3368, 3474
.   : milestone, 3421,
profiling (2.077 ms) : 2057, 2096
.   : milestone, 2077,
tracing (1.746 ms) : 1731, 1760
.   : milestone, 1746,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.169 ms [1.158 ms, 1.18 ms] -
iast 3.068 ms [3.03 ms, 3.105 ms] 1.899 ms (162.4%)
iast_FULL 5.49 ms [5.437 ms, 5.544 ms] 4.321 ms (369.6%)
iast_GLOBAL 3.569 ms [3.517 ms, 3.622 ms] 2.4 ms (205.3%)
profiling 2.082 ms [2.063 ms, 2.1 ms] 912.714 µs (78.1%)
tracing 1.764 ms [1.751 ms, 1.778 ms] 595.189 µs (50.9%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.199 ms [1.187 ms, 1.211 ms] -
iast 3.16 ms [3.114 ms, 3.205 ms] 1.96 ms (163.5%)
iast_FULL 5.527 ms [5.473 ms, 5.58 ms] 4.327 ms (360.8%)
iast_GLOBAL 3.421 ms [3.368 ms, 3.474 ms] 2.222 ms (185.2%)
profiling 2.077 ms [2.057 ms, 2.096 ms] 877.195 µs (73.1%)
tracing 1.746 ms [1.731 ms, 1.76 ms] 546.253 µs (45.5%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master dependabot/github_actions/gh-actions-packages-34cf0c888b
git_commit_date 1766393242 1766424343
git_commit_sha a69554e 149bdc4
release_version 1.58.0-SNAPSHOT~a69554eb6e 1.58.0-SNAPSHOT~149bdc4817
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1766426390 1766426390
ci_job_id 1314108863 1314108863
ci_pipeline_id 88083714 88083714
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-88fzgzm2 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-88fzgzm2 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 1 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:dacapo:tomcat:profiling better
[-441.916µs; -209.842µs] or [-18.460%; -8.766%]		 2.068ms 2.394ms
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.58.0-SNAPSHOT~149bdc4817, baseline=1.58.0-SNAPSHOT~a69554eb6e
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.474 ms) : 1462, 1486
.   : milestone, 1474,
appsec (3.739 ms) : 3519, 3959
.   : milestone, 3739,
iast (2.206 ms) : 2142, 2270
.   : milestone, 2206,
iast_GLOBAL (2.258 ms) : 2193, 2323
.   : milestone, 2258,
profiling (2.394 ms) : 2251, 2537
.   : milestone, 2394,
tracing (2.032 ms) : 1982, 2083
.   : milestone, 2032,
section candidate
no_agent (1.471 ms) : 1459, 1482
.   : milestone, 1471,
appsec (3.626 ms) : 3410, 3842
.   : milestone, 3626,
iast (2.212 ms) : 2147, 2277
.   : milestone, 2212,
iast_GLOBAL (2.263 ms) : 2198, 2328
.   : milestone, 2263,
profiling (2.068 ms) : 2015, 2121
.   : milestone, 2068,
tracing (2.053 ms) : 2001, 2104
.   : milestone, 2053,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.474 ms [1.462 ms, 1.486 ms] -
appsec 3.739 ms [3.519 ms, 3.959 ms] 2.265 ms (153.6%)
iast 2.206 ms [2.142 ms, 2.27 ms] 732.108 µs (49.7%)
iast_GLOBAL 2.258 ms [2.193 ms, 2.323 ms] 784.072 µs (53.2%)
profiling 2.394 ms [2.251 ms, 2.537 ms] 919.84 µs (62.4%)
tracing 2.032 ms [1.982 ms, 2.083 ms] 558.438 µs (37.9%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.471 ms [1.459 ms, 1.482 ms] -
appsec 3.626 ms [3.41 ms, 3.842 ms] 2.155 ms (146.5%)
iast 2.212 ms [2.147 ms, 2.277 ms] 741.32 µs (50.4%)
iast_GLOBAL 2.263 ms [2.198 ms, 2.328 ms] 791.939 µs (53.8%)
profiling 2.068 ms [2.015 ms, 2.121 ms] 597.148 µs (40.6%)
tracing 2.053 ms [2.001 ms, 2.104 ms] 581.72 µs (39.6%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.58.0-SNAPSHOT~149bdc4817, baseline=1.58.0-SNAPSHOT~a69554eb6e
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.974 s) : 14974000, 14974000
.   : milestone, 14974000,
appsec (14.506 s) : 14506000, 14506000
.   : milestone, 14506000,
iast (17.91 s) : 17910000, 17910000
.   : milestone, 17910000,
iast_GLOBAL (17.815 s) : 17815000, 17815000
.   : milestone, 17815000,
profiling (15.624 s) : 15624000, 15624000
.   : milestone, 15624000,
tracing (14.603 s) : 14603000, 14603000
.   : milestone, 14603000,
section candidate
no_agent (15.275 s) : 15275000, 15275000
.   : milestone, 15275000,
appsec (14.681 s) : 14681000, 14681000
.   : milestone, 14681000,
iast (17.93 s) : 17930000, 17930000
.   : milestone, 17930000,
iast_GLOBAL (17.682 s) : 17682000, 17682000
.   : milestone, 17682000,
profiling (14.832 s) : 14832000, 14832000
.   : milestone, 14832000,
tracing (14.728 s) : 14728000, 14728000
.   : milestone, 14728000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.974 s [14.974 s, 14.974 s] -
appsec 14.506 s [14.506 s, 14.506 s] -468.0 ms (-3.1%)
iast 17.91 s [17.91 s, 17.91 s] 2.936 s (19.6%)
iast_GLOBAL 17.815 s [17.815 s, 17.815 s] 2.841 s (19.0%)
profiling 15.624 s [15.624 s, 15.624 s] 650.0 ms (4.3%)
tracing 14.603 s [14.603 s, 14.603 s] -371.0 ms (-2.5%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.275 s [15.275 s, 15.275 s] -
appsec 14.681 s [14.681 s, 14.681 s] -594.0 ms (-3.9%)
iast 17.93 s [17.93 s, 17.93 s] 2.655 s (17.4%)
iast_GLOBAL 17.682 s [17.682 s, 17.682 s] 2.407 s (15.8%)
profiling 14.832 s [14.832 s, 14.832 s] -443.0 ms (-2.9%)
tracing 14.728 s [14.728 s, 14.728 s] -547.0 ms (-3.6%)

@PerfectSlayer PerfectSlayer merged commit 83f64d5 into master Dec 23, 2025
566 checks passed
@PerfectSlayer PerfectSlayer deleted the dependabot/github_actions/gh-actions-packages-34cf0c888b branch December 23, 2025 08:41
@github-actions github-actions bot added this to the 1.58.0 milestone Dec 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PerfectSlayer PerfectSlayer PerfectSlayer approved these changes

@sarahchen6 sarahchen6 Awaiting requested review from sarahchen6 sarahchen6 is a code owner automatically assigned from DataDog/apm-lang-platform-java

Assignees

No one assigned

Labels

comp: tooling Build & Tooling tag: dependencies Dependencies related changes tag: no release notes Changes to exclude from release notes

Projects

None yet

Milestone

1.58.0

Development

Successfully merging this pull request may close these issues.

2 participants

@PerfectSlayer