Skip to content

chore(ci): bump the gh-actions-packages group with 2 updates #10447

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
PerfectSlayer merged 1 commit into from
Jan 27, 2026
Merged

chore(ci): bump the gh-actions-packages group with 2 updates #10447

PerfectSlayer merged 1 commit into from
Jan 27, 2026

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 26, 2026

Bumps the gh-actions-packages group with 2 updates: actions/checkout and github/codeql-action.

Updates actions/checkout from 6.0.1 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits
  • de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
  • 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
  • See full diff in compare view

Updates github/codeql-action from 4.31.10 to 4.32.0

Release notes

Sourced from github/codeql-action's releases.

v4.32.0

  • Update default CodeQL bundle version to 2.24.0. #3425

v4.31.11

  • When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409
  • Improved error handling throughout the CodeQL Action. #3415
  • Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318
  • The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403
Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

  • Update default CodeQL bundle version to 2.24.0. #3425

4.31.11 - 23 Jan 2026

  • When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409
  • Improved error handling throughout the CodeQL Action. #3415
  • Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318
  • The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403

4.31.10 - 12 Jan 2026

  • Update default CodeQL bundle version to 2.23.9. #3393

4.31.9 - 16 Dec 2025

No user facing changes.

4.31.8 - 11 Dec 2025

  • Update default CodeQL bundle version to 2.23.8. #3354

4.31.7 - 05 Dec 2025

  • Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

  • Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

  • CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
  • Update default CodeQL bundle version to 2.23.5. #3288

4.31.2 - 30 Oct 2025

... (truncated)

Commits
  • b20883b Merge pull request #3428 from github/update-v4.32.0-e3b8227a2
  • c9aa45d Update changelog for v4.32.0
  • e3b8227 Merge pull request #3427 from github/henrymercer/bump-for-new-minor-series
  • 8a01181 Compare minor version number
  • 80e1425 Bump minor version for CLI v2.24.0
  • b748848 Bump the Action minor version number on new CodeQL minor version series
  • 5e767ef Merge pull request #3425 from github/update-bundle/codeql-bundle-v2.24.0
  • 9752869 Add changelog note
  • c62c214 Update default bundle to codeql-bundle-v2.24.0
  • 25a224b Merge pull request #3423 from github/mbg/ci/yq-windows
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(ci): bump the gh-actions-packages group with 2 updates
eee05a1 
Bumps the gh-actions-packages group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/checkout` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@8e8c483...de0fac2)

Updates `github/codeql-action` from 4.31.10 to 4.32.0
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@cdefb33...b20883b)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gh-actions-packages
- dependency-name: github/codeql-action
  dependency-version: 4.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-actions-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added comp: tooling Build & Tooling tag: dependencies Dependencies related changes tag: no release notes Changes to exclude from release notes labels Jan 26, 2026
@dependabot dependabot bot requested a review from a team as a code owner January 26, 2026 19:12
@dependabot dependabot bot requested review from bric3 and removed request for a team January 26, 2026 19:12
@dependabot dependabot bot added tag: no release notes Changes to exclude from release notes tag: dependencies Dependencies related changes comp: tooling Build & Tooling labels Jan 26, 2026
@pr-commenter
Copy link

pr-commenter bot commented Jan 26, 2026

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master dependabot/github_actions/gh-actions-packages-6c0465b99e
git_commit_date 1769453707 1769454764
git_commit_sha a34cb64 eee05a1
release_version 1.59.0-SNAPSHOT~a34cb643aa 1.59.0-SNAPSHOT~eee05a12fa
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1769456631 1769456631
ci_job_id 1377959088 1377959088
ci_pipeline_id 92897135 92897135
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-xodzu5ai 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-xodzu5ai 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 64 metrics, 7 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.59.0-SNAPSHOT~eee05a12fa, baseline=1.59.0-SNAPSHOT~a34cb643aa

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.094 s) : 0, 1093969
Total [baseline] (10.787 s) : 0, 10786778
Agent [candidate] (1.101 s) : 0, 1100739
Total [candidate] (10.699 s) : 0, 10699377
section appsec
Agent [baseline] (1.273 s) : 0, 1273146
Total [baseline] (11.102 s) : 0, 11101524
Agent [candidate] (1.274 s) : 0, 1273786
Total [candidate] (11.2 s) : 0, 11200340
section iast
Agent [baseline] (1.243 s) : 0, 1242633
Total [baseline] (11.059 s) : 0, 11058627
Agent [candidate] (1.238 s) : 0, 1237564
Total [candidate] (11.019 s) : 0, 11018798
section profiling
Agent [baseline] (1.219 s) : 0, 1219322
Total [baseline] (10.982 s) : 0, 10981652
Agent [candidate] (1.211 s) : 0, 1211478
Total [candidate] (10.96 s) : 0, 10960349
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.094 s -
Agent appsec 1.273 s 179.177 ms (16.4%)
Agent iast 1.243 s 148.664 ms (13.6%)
Agent profiling 1.219 s 125.353 ms (11.5%)
Total tracing 10.787 s -
Total appsec 11.102 s 314.747 ms (2.9%)
Total iast 11.059 s 271.849 ms (2.5%)
Total profiling 10.982 s 194.875 ms (1.8%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.101 s -
Agent appsec 1.274 s 173.048 ms (15.7%)
Agent iast 1.238 s 136.826 ms (12.4%)
Agent profiling 1.211 s 110.74 ms (10.1%)
Total tracing 10.699 s -
Total appsec 11.2 s 500.963 ms (4.7%)
Total iast 11.019 s 319.421 ms (3.0%)
Total profiling 10.96 s 260.972 ms (2.4%) 
gantt
    title petclinic - break down per module: candidate=1.59.0-SNAPSHOT~eee05a12fa, baseline=1.59.0-SNAPSHOT~a34cb643aa

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.177 ms) : 0, 1177
crashtracking [candidate] (1.189 ms) : 0, 1189
BytebuddyAgent [baseline] (655.535 ms) : 0, 655535
BytebuddyAgent [candidate] (660.958 ms) : 0, 660958
AgentMeter [baseline] (29.061 ms) : 0, 29061
AgentMeter [candidate] (29.456 ms) : 0, 29456
GlobalTracer [baseline] (257.932 ms) : 0, 257932
GlobalTracer [candidate] (258.497 ms) : 0, 258497
AppSec [baseline] (33.025 ms) : 0, 33025
AppSec [candidate] (32.766 ms) : 0, 32766
Debugger [baseline] (67.582 ms) : 0, 67582
Debugger [candidate] (68.831 ms) : 0, 68831
Remote Config [baseline] (626.586 µs) : 0, 627
Remote Config [candidate] (615.33 µs) : 0, 615
Telemetry [baseline] (9.112 ms) : 0, 9112
Telemetry [candidate] (9.048 ms) : 0, 9048
Flare Poller [baseline] (4.45 ms) : 0, 4450
Flare Poller [candidate] (3.668 ms) : 0, 3668
section appsec
crashtracking [baseline] (1.172 ms) : 0, 1172
crashtracking [candidate] (1.185 ms) : 0, 1185
BytebuddyAgent [baseline] (694.329 ms) : 0, 694329
BytebuddyAgent [candidate] (694.692 ms) : 0, 694692
AgentMeter [baseline] (11.935 ms) : 0, 11935
AgentMeter [candidate] (11.996 ms) : 0, 11996
GlobalTracer [baseline] (251.074 ms) : 0, 251074
GlobalTracer [candidate] (251.158 ms) : 0, 251158
IAST [baseline] (24.628 ms) : 0, 24628
IAST [candidate] (24.453 ms) : 0, 24453
AppSec [baseline] (173.238 ms) : 0, 173238
AppSec [candidate] (172.907 ms) : 0, 172907
Debugger [baseline] (67.675 ms) : 0, 67675
Debugger [candidate] (68.227 ms) : 0, 68227
Remote Config [baseline] (710.297 µs) : 0, 710
Remote Config [candidate] (718.595 µs) : 0, 719
Telemetry [baseline] (9.353 ms) : 0, 9353
Telemetry [candidate] (9.376 ms) : 0, 9376
Flare Poller [baseline] (3.571 ms) : 0, 3571
Flare Poller [candidate] (3.587 ms) : 0, 3587
section iast
crashtracking [baseline] (1.203 ms) : 0, 1203
crashtracking [candidate] (1.185 ms) : 0, 1185
BytebuddyAgent [baseline] (804.202 ms) : 0, 804202
BytebuddyAgent [candidate] (799.512 ms) : 0, 799512
AgentMeter [baseline] (11.424 ms) : 0, 11424
AgentMeter [candidate] (11.329 ms) : 0, 11329
GlobalTracer [baseline] (249.828 ms) : 0, 249828
GlobalTracer [candidate] (249.061 ms) : 0, 249061
IAST [baseline] (27.144 ms) : 0, 27144
IAST [candidate] (26.911 ms) : 0, 26911
AppSec [baseline] (32.658 ms) : 0, 32658
AppSec [candidate] (34.765 ms) : 0, 34765
Debugger [baseline] (67.879 ms) : 0, 67879
Debugger [candidate] (66.599 ms) : 0, 66599
Remote Config [baseline] (535.437 µs) : 0, 535
Remote Config [candidate] (544.931 µs) : 0, 545
Telemetry [baseline] (8.576 ms) : 0, 8576
Telemetry [candidate] (8.628 ms) : 0, 8628
Flare Poller [baseline] (3.492 ms) : 0, 3492
Flare Poller [candidate] (3.481 ms) : 0, 3481
section profiling
crashtracking [baseline] (1.22 ms) : 0, 1220
crashtracking [candidate] (1.214 ms) : 0, 1214
BytebuddyAgent [baseline] (710.922 ms) : 0, 710922
BytebuddyAgent [candidate] (705.713 ms) : 0, 705713
AgentMeter [baseline] (8.943 ms) : 0, 8943
AgentMeter [candidate] (8.812 ms) : 0, 8812
GlobalTracer [baseline] (217.264 ms) : 0, 217264
GlobalTracer [candidate] (216.116 ms) : 0, 216116
AppSec [baseline] (32.617 ms) : 0, 32617
AppSec [candidate] (32.178 ms) : 0, 32178
Debugger [baseline] (67.965 ms) : 0, 67965
Debugger [candidate] (67.21 ms) : 0, 67210
Remote Config [baseline] (604.661 µs) : 0, 605
Remote Config [candidate] (596.558 µs) : 0, 597
Telemetry [baseline] (8.832 ms) : 0, 8832
Telemetry [candidate] (8.782 ms) : 0, 8782
Flare Poller [baseline] (9.193 ms) : 0, 9193
Flare Poller [candidate] (9.87 ms) : 0, 9870
ProfilingAgent [baseline] (91.523 ms) : 0, 91523
ProfilingAgent [candidate] (91.164 ms) : 0, 91164
Profiling [baseline] (92.114 ms) : 0, 92114
Profiling [candidate] (91.753 ms) : 0, 91753
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.59.0-SNAPSHOT~eee05a12fa, baseline=1.59.0-SNAPSHOT~a34cb643aa

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.101 s) : 0, 1100535
Total [baseline] (8.807 s) : 0, 8807331
Agent [candidate] (1.091 s) : 0, 1090575
Total [candidate] (8.75 s) : 0, 8750240
section iast
Agent [baseline] (1.241 s) : 0, 1240577
Total [baseline] (9.317 s) : 0, 9316632
Agent [candidate] (1.241 s) : 0, 1241008
Total [candidate] (9.325 s) : 0, 9324941
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.101 s -
Agent iast 1.241 s 140.043 ms (12.7%)
Total tracing 8.807 s -
Total iast 9.317 s 509.302 ms (5.8%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.091 s -
Agent iast 1.241 s 150.433 ms (13.8%)
Total tracing 8.75 s -
Total iast 9.325 s 574.701 ms (6.6%) 
gantt
    title insecure-bank - break down per module: candidate=1.59.0-SNAPSHOT~eee05a12fa, baseline=1.59.0-SNAPSHOT~a34cb643aa

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.192 ms) : 0, 1192
crashtracking [candidate] (1.174 ms) : 0, 1174
BytebuddyAgent [baseline] (660.911 ms) : 0, 660911
BytebuddyAgent [candidate] (654.499 ms) : 0, 654499
AgentMeter [baseline] (29.378 ms) : 0, 29378
AgentMeter [candidate] (29.085 ms) : 0, 29085
GlobalTracer [baseline] (259.248 ms) : 0, 259248
GlobalTracer [candidate] (257.434 ms) : 0, 257434
AppSec [baseline] (33.252 ms) : 0, 33252
AppSec [candidate] (32.883 ms) : 0, 32883
Debugger [baseline] (67.669 ms) : 0, 67669
Debugger [candidate] (66.176 ms) : 0, 66176
Remote Config [baseline] (608.545 µs) : 0, 609
Remote Config [candidate] (613.699 µs) : 0, 614
Telemetry [baseline] (8.986 ms) : 0, 8986
Telemetry [candidate] (8.845 ms) : 0, 8845
Flare Poller [baseline] (3.63 ms) : 0, 3630
Flare Poller [candidate] (4.398 ms) : 0, 4398
section iast
crashtracking [baseline] (1.193 ms) : 0, 1193
crashtracking [candidate] (1.197 ms) : 0, 1197
BytebuddyAgent [baseline] (802.931 ms) : 0, 802931
BytebuddyAgent [candidate] (803.706 ms) : 0, 803706
AgentMeter [baseline] (11.371 ms) : 0, 11371
AgentMeter [candidate] (11.58 ms) : 0, 11580
GlobalTracer [baseline] (249.749 ms) : 0, 249749
GlobalTracer [candidate] (250.071 ms) : 0, 250071
IAST [baseline] (27.15 ms) : 0, 27150
IAST [candidate] (27.141 ms) : 0, 27141
AppSec [baseline] (34.555 ms) : 0, 34555
AppSec [candidate] (35.063 ms) : 0, 35063
Debugger [baseline] (65.836 ms) : 0, 65836
Debugger [candidate] (64.178 ms) : 0, 64178
Remote Config [baseline] (532.661 µs) : 0, 533
Remote Config [candidate] (541.112 µs) : 0, 541
Telemetry [baseline] (8.412 ms) : 0, 8412
Telemetry [candidate] (8.602 ms) : 0, 8602
Flare Poller [baseline] (3.425 ms) : 0, 3425
Flare Poller [candidate] (3.422 ms) : 0, 3422
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master dependabot/github_actions/gh-actions-packages-6c0465b99e
git_commit_date 1769453707 1769454764
git_commit_sha a34cb64 eee05a1
release_version 1.59.0-SNAPSHOT~a34cb643aa 1.59.0-SNAPSHOT~eee05a12fa
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1769457032 1769457032
ci_job_id 1377959089 1377959089
ci_pipeline_id 92897135 92897135
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-fitmefr4 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-fitmefr4 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 18 metrics, 17 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:insecure-bank:iast:high_load better
[-134.815µs; -68.592µs] or [-5.358%; -2.726%]		 unstable
[-784.395µs; +550.004µs] or [-10.486%; +7.353%]		 unstable
[-89.003op/s; +226.253op/s] or [-6.355%; +16.154%]		 2.415ms 7.363ms 1469.250op/s 2.516ms 7.480ms 1400.625op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.59.0-SNAPSHOT~eee05a12fa, baseline=1.59.0-SNAPSHOT~a34cb643aa
    dateFormat X
    axisFormat %s
section baseline
no_agent (17.259 ms) : 17090, 17429
.   : milestone, 17259,
appsec (19.286 ms) : 19087, 19486
.   : milestone, 19286,
code_origins (17.497 ms) : 17321, 17673
.   : milestone, 17497,
iast (17.515 ms) : 17343, 17688
.   : milestone, 17515,
profiling (18.56 ms) : 18377, 18743
.   : milestone, 18560,
tracing (17.467 ms) : 17293, 17641
.   : milestone, 17467,
section candidate
no_agent (18.019 ms) : 17837, 18201
.   : milestone, 18019,
appsec (18.743 ms) : 18552, 18934
.   : milestone, 18743,
code_origins (17.564 ms) : 17389, 17740
.   : milestone, 17564,
iast (17.814 ms) : 17637, 17990
.   : milestone, 17814,
profiling (18.212 ms) : 18034, 18390
.   : milestone, 18212,
tracing (17.528 ms) : 17354, 17703
.   : milestone, 17528,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 17.259 ms [17.09 ms, 17.429 ms] -
appsec 19.286 ms [19.087 ms, 19.486 ms] 2.027 ms (11.7%)
code_origins 17.497 ms [17.321 ms, 17.673 ms] 237.624 µs (1.4%)
iast 17.515 ms [17.343 ms, 17.688 ms] 256.126 µs (1.5%)
profiling 18.56 ms [18.377 ms, 18.743 ms] 1.301 ms (7.5%)
tracing 17.467 ms [17.293 ms, 17.641 ms] 207.848 µs (1.2%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 18.019 ms [17.837 ms, 18.201 ms] -
appsec 18.743 ms [18.552 ms, 18.934 ms] 724.312 µs (4.0%)
code_origins 17.564 ms [17.389 ms, 17.74 ms] -454.205 µs (-2.5%)
iast 17.814 ms [17.637 ms, 17.99 ms] -204.966 µs (-1.1%)
profiling 18.212 ms [18.034 ms, 18.39 ms] 193.273 µs (1.1%)
tracing 17.528 ms [17.354 ms, 17.703 ms] -490.13 µs (-2.7%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.59.0-SNAPSHOT~eee05a12fa, baseline=1.59.0-SNAPSHOT~a34cb643aa
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.178 ms) : 1166, 1189
.   : milestone, 1178,
iast (3.272 ms) : 3224, 3319
.   : milestone, 3272,
iast_FULL (5.694 ms) : 5637, 5751
.   : milestone, 5694,
iast_GLOBAL (3.615 ms) : 3556, 3674
.   : milestone, 3615,
profiling (1.989 ms) : 1972, 2007
.   : milestone, 1989,
tracing (1.865 ms) : 1847, 1882
.   : milestone, 1865,
section candidate
no_agent (1.193 ms) : 1181, 1205
.   : milestone, 1193,
iast (3.113 ms) : 3071, 3156
.   : milestone, 3113,
iast_FULL (5.742 ms) : 5685, 5799
.   : milestone, 5742,
iast_GLOBAL (3.608 ms) : 3552, 3663
.   : milestone, 3608,
profiling (2.034 ms) : 2016, 2052
.   : milestone, 2034,
tracing (1.769 ms) : 1755, 1783
.   : milestone, 1769,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.178 ms [1.166 ms, 1.189 ms] -
iast 3.272 ms [3.224 ms, 3.319 ms] 2.094 ms (177.8%)
iast_FULL 5.694 ms [5.637 ms, 5.751 ms] 4.516 ms (383.5%)
iast_GLOBAL 3.615 ms [3.556 ms, 3.674 ms] 2.437 ms (207.0%)
profiling 1.989 ms [1.972 ms, 2.007 ms] 811.338 µs (68.9%)
tracing 1.865 ms [1.847 ms, 1.882 ms] 687.053 µs (58.3%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.193 ms [1.181 ms, 1.205 ms] -
iast 3.113 ms [3.071 ms, 3.156 ms] 1.92 ms (160.9%)
iast_FULL 5.742 ms [5.685 ms, 5.799 ms] 4.549 ms (381.2%)
iast_GLOBAL 3.608 ms [3.552 ms, 3.663 ms] 2.415 ms (202.4%)
profiling 2.034 ms [2.016 ms, 2.052 ms] 841.206 µs (70.5%)
tracing 1.769 ms [1.755 ms, 1.783 ms] 575.96 µs (48.3%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master dependabot/github_actions/gh-actions-packages-6c0465b99e
git_commit_date 1769453707 1769454764
git_commit_sha a34cb64 eee05a1
release_version 1.59.0-SNAPSHOT~a34cb643aa 1.59.0-SNAPSHOT~eee05a12fa
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1769456843 1769456843
ci_job_id 1377959091 1377959091
ci_pipeline_id 92897135 92897135
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-2-bwpxmw4y 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-2-bwpxmw4y 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.59.0-SNAPSHOT~eee05a12fa, baseline=1.59.0-SNAPSHOT~a34cb643aa
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.471 ms) : 1460, 1483
.   : milestone, 1471,
appsec (3.766 ms) : 3543, 3990
.   : milestone, 3766,
iast (2.243 ms) : 2174, 2312
.   : milestone, 2243,
iast_GLOBAL (2.285 ms) : 2216, 2354
.   : milestone, 2285,
profiling (2.075 ms) : 2020, 2131
.   : milestone, 2075,
tracing (2.073 ms) : 2018, 2128
.   : milestone, 2073,
section candidate
no_agent (1.469 ms) : 1457, 1480
.   : milestone, 1469,
appsec (3.762 ms) : 3541, 3984
.   : milestone, 3762,
iast (2.248 ms) : 2179, 2318
.   : milestone, 2248,
iast_GLOBAL (2.284 ms) : 2215, 2353
.   : milestone, 2284,
profiling (2.098 ms) : 2042, 2154
.   : milestone, 2098,
tracing (2.051 ms) : 1997, 2105
.   : milestone, 2051,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.471 ms [1.46 ms, 1.483 ms] -
appsec 3.766 ms [3.543 ms, 3.99 ms] 2.295 ms (156.0%)
iast 2.243 ms [2.174 ms, 2.312 ms] 771.461 µs (52.4%)
iast_GLOBAL 2.285 ms [2.216 ms, 2.354 ms] 813.753 µs (55.3%)
profiling 2.075 ms [2.02 ms, 2.131 ms] 603.943 µs (41.0%)
tracing 2.073 ms [2.018 ms, 2.128 ms] 601.318 µs (40.9%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.469 ms [1.457 ms, 1.48 ms] -
appsec 3.762 ms [3.541 ms, 3.984 ms] 2.293 ms (156.1%)
iast 2.248 ms [2.179 ms, 2.318 ms] 779.512 µs (53.1%)
iast_GLOBAL 2.284 ms [2.215 ms, 2.353 ms] 814.844 µs (55.5%)
profiling 2.098 ms [2.042 ms, 2.154 ms] 629.205 µs (42.8%)
tracing 2.051 ms [1.997 ms, 2.105 ms] 581.593 µs (39.6%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.59.0-SNAPSHOT~eee05a12fa, baseline=1.59.0-SNAPSHOT~a34cb643aa
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.335 s) : 15335000, 15335000
.   : milestone, 15335000,
appsec (14.744 s) : 14744000, 14744000
.   : milestone, 14744000,
iast (18.68 s) : 18680000, 18680000
.   : milestone, 18680000,
iast_GLOBAL (17.894 s) : 17894000, 17894000
.   : milestone, 17894000,
profiling (15.089 s) : 15089000, 15089000
.   : milestone, 15089000,
tracing (14.969 s) : 14969000, 14969000
.   : milestone, 14969000,
section candidate
no_agent (15.695 s) : 15695000, 15695000
.   : milestone, 15695000,
appsec (14.724 s) : 14724000, 14724000
.   : milestone, 14724000,
iast (17.991 s) : 17991000, 17991000
.   : milestone, 17991000,
iast_GLOBAL (17.743 s) : 17743000, 17743000
.   : milestone, 17743000,
profiling (14.886 s) : 14886000, 14886000
.   : milestone, 14886000,
tracing (14.719 s) : 14719000, 14719000
.   : milestone, 14719000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.335 s [15.335 s, 15.335 s] -
appsec 14.744 s [14.744 s, 14.744 s] -591.0 ms (-3.9%)
iast 18.68 s [18.68 s, 18.68 s] 3.345 s (21.8%)
iast_GLOBAL 17.894 s [17.894 s, 17.894 s] 2.559 s (16.7%)
profiling 15.089 s [15.089 s, 15.089 s] -246.0 ms (-1.6%)
tracing 14.969 s [14.969 s, 14.969 s] -366.0 ms (-2.4%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.695 s [15.695 s, 15.695 s] -
appsec 14.724 s [14.724 s, 14.724 s] -971.0 ms (-6.2%)
iast 17.991 s [17.991 s, 17.991 s] 2.296 s (14.6%)
iast_GLOBAL 17.743 s [17.743 s, 17.743 s] 2.048 s (13.0%)
profiling 14.886 s [14.886 s, 14.886 s] -809.0 ms (-5.2%)
tracing 14.719 s [14.719 s, 14.719 s] -976.0 ms (-6.2%)

@PerfectSlayer PerfectSlayer enabled auto-merge (squash) January 27, 2026 09:43
@PerfectSlayer PerfectSlayer merged commit b11fcdf into master Jan 27, 2026
610 of 1072 checks passed
@PerfectSlayer PerfectSlayer deleted the dependabot/github_actions/gh-actions-packages-6c0465b99e branch January 27, 2026 15:42
@github-actions github-actions bot added this to the 1.59.0 milestone Jan 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PerfectSlayer PerfectSlayer PerfectSlayer approved these changes

@bric3 bric3 Awaiting requested review from bric3 bric3 is a code owner automatically assigned from DataDog/apm-lang-platform-java

Assignees

No one assigned

Labels

comp: tooling Build & Tooling tag: dependencies Dependencies related changes tag: no release notes Changes to exclude from release notes

Projects

None yet

Milestone

1.59.0

Development

Successfully merging this pull request may close these issues.

1 participant

@PerfectSlayer