chore(ci): bump the gh-actions-packages group with 2 updates

[dependabot]

Bumps the gh-actions-packages group with 2 updates: github/codeql-action and actions/upload-artifact.

Updates github/codeql-action from 4.30.9 to 4.31.0

Release notes

Sourced from github/codeql-action's releases.

v4.31.0

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.0 - 24 Oct 2025

• Bump minimum CodeQL bundle version to 2.17.6. #3223
• When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.0 - 24 Oct 2025

• Bump minimum CodeQL bundle version to 2.17.6. #3223
• When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

4.30.9 - 17 Oct 2025

• Update default CodeQL bundle version to 2.23.3. #3205
• Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204

4.30.8 - 10 Oct 2025

No user facing changes.

4.30.7 - 06 Oct 2025

• [v4+ only] The CodeQL Action now runs on Node.js v24. #3169

3.30.6 - 02 Oct 2025

• Update default CodeQL bundle version to 2.23.2. #3168

3.30.5 - 26 Sep 2025

• We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #3160

3.30.4 - 25 Sep 2025

• We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #3099 and #3100
• We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #3107
• You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #3130
• Update default CodeQL bundle version to 2.23.1. #3118

3.30.3 - 10 Sep 2025

No user facing changes.

3.30.2 - 09 Sep 2025

• Fixed a bug which could cause language autodetection to fail. #3084
• Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #3064

... (truncated)

Commits

• 4e94bd1 Merge pull request #3235 from github/update-v4.31.0-1d36546c1
• 8f11182 Update changelog for v4.31.0
• 1d36546 Merge pull request #3234 from github/mbg/changelog/post-processing
• 08ada26 Add changelog entry for post-processing change
• b843cbe Merge pull request #3233 from github/mbg/getOptionalEnvVar
• 1ecd563 Use getOptionalEnvVar in writePostProcessedFiles
• e576807 Merge pull request #3223 from github/henrymercer/bump-minimum
• ad35676 Add getOptionalEnvVar function
• d75645b Merge pull request #3222 from github/mbg/upload-lib/post-process
• 710606c Check that outputPath is non-empty
• Additional commits viewable in compare view

Updates actions/upload-artifact from 4.6.2 to 5.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

• Update README.md by @​GhadimiR in actions/upload-artifact#681
• Update README.md by @​nebuk89 in actions/upload-artifact#712
• Readme: spell out the first use of GHES by @​danwkennedy in actions/upload-artifact#727
• Update GHES guidance to include reference to Node 20 version by @​patrikpolyak in actions/upload-artifact#725
• Bump @actions/artifact to v4.0.0
• Prepare v5.0.0 by @​danwkennedy in actions/upload-artifact#734

New Contributors

• @​GhadimiR made their first contribution in actions/upload-artifact#681
• @​nebuk89 made their first contribution in actions/upload-artifact#712
• @​danwkennedy made their first contribution in actions/upload-artifact#727
• @​patrikpolyak made their first contribution in actions/upload-artifact#725

Full Changelog: actions/upload-artifact@v4...v5.0.0

Commits

• 330a01c Merge pull request #734 from actions/danwkennedy/prepare-5.0.0
• 03f2824 Update github.dep.yml
• 905a1ec Prepare v5.0.0
• 2d9f9cd Merge pull request #725 from patrikpolyak/patch-1
• 9687587 Merge branch 'main' into patch-1
• 2848b2c Merge pull request #727 from danwkennedy/patch-1
• 9b51177 Spell out the first use of GHES
• cd231ca Update GHES guidance to include reference to Node 20 version
• de65e23 Merge pull request #712 from actions/nebuk89-patch-1
• 8747d8c Update README.md
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[datadog-official]

🎯 Code Coverage
• Patch Coverage: 100.00%
• Total Coverage: 59.66% (-0.03%)

View detailed report

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 357adfc | Docs | Was this helpful? Give us feedback!}

[pr-commenter]

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	dependabot/github_actions/gh-actions-packages-522a0045d5
git_commit_date	1761587776	1761594787
git_commit_sha	b733cda	357adfc
release_version	1.55.0-SNAPSHOT~b733cdaf4e	1.55.0-SNAPSHOT~357adfca2a

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1761596626	1761596626
ci_job_id	1200722398	1200722398
ci_pipeline_id	80425732	80425732
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-0-yeauwvqp 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-0-yeauwvqp 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 53 metrics, 12 unstable metrics.

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.55.0-SNAPSHOT~357adfca2a, baseline=1.55.0-SNAPSHOT~b733cdaf4e

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.034 s) : 0, 1033687
Total [baseline] (8.686 s) : 0, 8685776
Agent [candidate] (1.028 s) : 0, 1028172
Total [candidate] (8.64 s) : 0, 8640320
section iast
Agent [baseline] (1.159 s) : 0, 1158832
Total [baseline] (9.362 s) : 0, 9362018
Agent [candidate] (1.161 s) : 0, 1160795
Total [candidate] (9.388 s) : 0, 9388370

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.034 s	-
Agent	iast	1.159 s	125.145 ms (12.1%)
Total	tracing	8.686 s	-
Total	iast	9.362 s	676.243 ms (7.8%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.028 s	-
Agent	iast	1.161 s	132.623 ms (12.9%)
Total	tracing	8.64 s	-
Total	iast	9.388 s	748.051 ms (8.7%)

gantt
    title insecure-bank - break down per module: candidate=1.55.0-SNAPSHOT~357adfca2a, baseline=1.55.0-SNAPSHOT~b733cdaf4e

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.454 ms) : 0, 1454
crashtracking [candidate] (1.463 ms) : 0, 1463
BytebuddyAgent [baseline] (705.009 ms) : 0, 705009
BytebuddyAgent [candidate] (700.679 ms) : 0, 700679
GlobalTracer [baseline] (245.332 ms) : 0, 245332
GlobalTracer [candidate] (244.536 ms) : 0, 244536
AppSec [baseline] (32.517 ms) : 0, 32517
AppSec [candidate] (32.364 ms) : 0, 32364
Debugger [baseline] (6.45 ms) : 0, 6450
Debugger [candidate] (6.355 ms) : 0, 6355
Remote Config [baseline] (682.711 µs) : 0, 683
Remote Config [candidate] (666.178 µs) : 0, 666
Telemetry [baseline] (16.058 ms) : 0, 16058
Telemetry [candidate] (15.306 ms) : 0, 15306
Flare Poller [baseline] (5.073 ms) : 0, 5073
Flare Poller [candidate] (5.651 ms) : 0, 5651
section iast
crashtracking [baseline] (1.454 ms) : 0, 1454
crashtracking [candidate] (1.455 ms) : 0, 1455
BytebuddyAgent [baseline] (822.293 ms) : 0, 822293
BytebuddyAgent [candidate] (823.194 ms) : 0, 823194
GlobalTracer [baseline] (233.175 ms) : 0, 233175
GlobalTracer [candidate] (233.641 ms) : 0, 233641
AppSec [baseline] (28.777 ms) : 0, 28777
AppSec [candidate] (30.644 ms) : 0, 30644
Debugger [baseline] (6.162 ms) : 0, 6162
Debugger [candidate] (6.155 ms) : 0, 6155
Remote Config [baseline] (598.437 µs) : 0, 598
Remote Config [candidate] (608.163 µs) : 0, 608
Telemetry [baseline] (8.494 ms) : 0, 8494
Telemetry [candidate] (8.551 ms) : 0, 8551
Flare Poller [baseline] (4.118 ms) : 0, 4118
Flare Poller [candidate] (4.162 ms) : 0, 4162
IAST [baseline] (32.549 ms) : 0, 32549
IAST [candidate] (31.086 ms) : 0, 31086

Loading

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.55.0-SNAPSHOT~357adfca2a, baseline=1.55.0-SNAPSHOT~b733cdaf4e

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.036 s) : 0, 1035904
Total [baseline] (10.811 s) : 0, 10811357
Agent [candidate] (1.035 s) : 0, 1034825
Total [candidate] (10.819 s) : 0, 10819312
section appsec
Agent [baseline] (1.204 s) : 0, 1204191
Total [baseline] (10.955 s) : 0, 10954768
Agent [candidate] (1.216 s) : 0, 1215988
Total [candidate] (11.083 s) : 0, 11082915
section iast
Agent [baseline] (1.158 s) : 0, 1158347
Total [baseline] (11.122 s) : 0, 11122056
Agent [candidate] (1.162 s) : 0, 1162204
Total [candidate] (11.118 s) : 0, 11118425
section profiling
Agent [baseline] (1.172 s) : 0, 1172091
Total [baseline] (10.957 s) : 0, 10956632
Agent [candidate] (1.189 s) : 0, 1188614
Total [candidate] (10.954 s) : 0, 10954275

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.036 s	-
Agent	appsec	1.204 s	168.287 ms (16.2%)
Agent	iast	1.158 s	122.443 ms (11.8%)
Agent	profiling	1.172 s	136.188 ms (13.1%)
Total	tracing	10.811 s	-
Total	appsec	10.955 s	143.411 ms (1.3%)
Total	iast	11.122 s	310.699 ms (2.9%)
Total	profiling	10.957 s	145.274 ms (1.3%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.035 s	-
Agent	appsec	1.216 s	181.162 ms (17.5%)
Agent	iast	1.162 s	127.378 ms (12.3%)
Agent	profiling	1.189 s	153.789 ms (14.9%)
Total	tracing	10.819 s	-
Total	appsec	11.083 s	263.603 ms (2.4%)
Total	iast	11.118 s	299.114 ms (2.8%)
Total	profiling	10.954 s	134.963 ms (1.2%)

gantt
    title petclinic - break down per module: candidate=1.55.0-SNAPSHOT~357adfca2a, baseline=1.55.0-SNAPSHOT~b733cdaf4e

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.474 ms) : 0, 1474
crashtracking [candidate] (1.465 ms) : 0, 1465
BytebuddyAgent [baseline] (706.885 ms) : 0, 706885
BytebuddyAgent [candidate] (705.619 ms) : 0, 705619
GlobalTracer [baseline] (245.844 ms) : 0, 245844
GlobalTracer [candidate] (245.792 ms) : 0, 245792
AppSec [baseline] (32.615 ms) : 0, 32615
AppSec [candidate] (32.63 ms) : 0, 32630
Debugger [baseline] (6.469 ms) : 0, 6469
Debugger [candidate] (6.501 ms) : 0, 6501
Remote Config [baseline] (676.737 µs) : 0, 677
Remote Config [candidate] (685.097 µs) : 0, 685
Telemetry [baseline] (14.204 ms) : 0, 14204
Telemetry [candidate] (14.479 ms) : 0, 14479
Flare Poller [baseline] (6.539 ms) : 0, 6539
Flare Poller [candidate] (6.41 ms) : 0, 6410
section appsec
crashtracking [baseline] (1.474 ms) : 0, 1474
crashtracking [candidate] (1.479 ms) : 0, 1479
BytebuddyAgent [baseline] (726.361 ms) : 0, 726361
BytebuddyAgent [candidate] (734.986 ms) : 0, 734986
GlobalTracer [baseline] (236.684 ms) : 0, 236684
GlobalTracer [candidate] (238.271 ms) : 0, 238271
AppSec [baseline] (174.398 ms) : 0, 174398
AppSec [candidate] (175.524 ms) : 0, 175524
Debugger [baseline] (5.932 ms) : 0, 5932
Debugger [candidate] (5.985 ms) : 0, 5985
Remote Config [baseline] (642.119 µs) : 0, 642
Remote Config [candidate] (642.456 µs) : 0, 642
Telemetry [baseline] (8.495 ms) : 0, 8495
Telemetry [candidate] (8.484 ms) : 0, 8484
Flare Poller [baseline] (3.898 ms) : 0, 3898
Flare Poller [candidate] (3.935 ms) : 0, 3935
IAST [baseline] (25.142 ms) : 0, 25142
IAST [candidate] (25.304 ms) : 0, 25304
section iast
crashtracking [baseline] (1.474 ms) : 0, 1474
crashtracking [candidate] (1.466 ms) : 0, 1466
BytebuddyAgent [baseline] (821.63 ms) : 0, 821630
BytebuddyAgent [candidate] (824.673 ms) : 0, 824673
GlobalTracer [baseline] (233.29 ms) : 0, 233290
GlobalTracer [candidate] (234.296 ms) : 0, 234296
AppSec [baseline] (28.122 ms) : 0, 28122
AppSec [candidate] (27.962 ms) : 0, 27962
Debugger [baseline] (6.117 ms) : 0, 6117
Debugger [candidate] (6.121 ms) : 0, 6121
Remote Config [baseline] (598.691 µs) : 0, 599
Remote Config [candidate] (595.322 µs) : 0, 595
Telemetry [baseline] (8.342 ms) : 0, 8342
Telemetry [candidate] (8.438 ms) : 0, 8438
Flare Poller [baseline] (4.091 ms) : 0, 4091
Flare Poller [candidate] (4.084 ms) : 0, 4084
IAST [baseline] (33.393 ms) : 0, 33393
IAST [candidate] (33.312 ms) : 0, 33312
section profiling
crashtracking [baseline] (1.431 ms) : 0, 1431
crashtracking [candidate] (1.456 ms) : 0, 1456
BytebuddyAgent [baseline] (726.436 ms) : 0, 726436
BytebuddyAgent [candidate] (735.854 ms) : 0, 735854
GlobalTracer [baseline] (219.928 ms) : 0, 219928
GlobalTracer [candidate] (223.73 ms) : 0, 223730
AppSec [baseline] (32.323 ms) : 0, 32323
AppSec [candidate] (34.674 ms) : 0, 34674
Debugger [baseline] (13.019 ms) : 0, 13019
Debugger [candidate] (11.552 ms) : 0, 11552
Remote Config [baseline] (695.637 µs) : 0, 696
Remote Config [candidate] (1.443 ms) : 0, 1443
Telemetry [baseline] (9.754 ms) : 0, 9754
Telemetry [candidate] (9.205 ms) : 0, 9205
Flare Poller [baseline] (4.131 ms) : 0, 4131
Flare Poller [candidate] (4.14 ms) : 0, 4140
ProfilingAgent [baseline] (109.101 ms) : 0, 109101
ProfilingAgent [candidate] (110.538 ms) : 0, 110538
Profiling [baseline] (109.766 ms) : 0, 109766
Profiling [candidate] (111.199 ms) : 0, 111199

Loading

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	dependabot/github_actions/gh-actions-packages-522a0045d5
git_commit_date	1761587776	1761594787
git_commit_sha	b733cda	357adfc
release_version	1.55.0-SNAPSHOT~b733cdaf4e	1.55.0-SNAPSHOT~357adfca2a

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1761596294	1761596294
ci_job_id	1200722399	1200722399
ci_pipeline_id	80425732	80425732
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-1-yy9ttk92 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-1-yy9ttk92 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 2 performance regressions! Performance is the same for 9 metrics, 12 unstable metrics.

scenario	Δ mean http_req_duration	Δ mean throughput	candidate mean http_req_duration	candidate mean throughput	baseline mean http_req_duration	baseline mean throughput
scenario:load:insecure-bank:no_agent:high_load	worse [+182.455µs; +301.596µs] or [+4.156%; +6.870%]	unstable [-171.771op/s; +64.708op/s] or [-16.431%; +6.190%]	4.632ms	991.875op/s	4.390ms	1045.406op/s
scenario:load:petclinic:no_agent:high_load	worse [+1.116ms; +1.744ms] or [+3.093%; +4.835%]	unstable [-11.727op/s; +4.958op/s] or [-9.047%; +3.825%]	37.500ms	126.241op/s	36.070ms	129.625op/s
scenario:load:petclinic:code_origins:high_load	better [-2.148ms; -1.346ms] or [-4.852%; -3.040%]	unstable [-3.258op/s; +11.858op/s] or [-3.082%; +11.218%]	42.522ms	110.000op/s	44.269ms	105.700op/s

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.55.0-SNAPSHOT~357adfca2a, baseline=1.55.0-SNAPSHOT~b733cdaf4e
    dateFormat X
    axisFormat %s
section baseline
no_agent (4.39 ms) : 4334, 4446
.   : milestone, 4390,
iast (10.255 ms) : 10079, 10430
.   : milestone, 10255,
iast_FULL (13.851 ms) : 13574, 14127
.   : milestone, 13851,
iast_GLOBAL (10.678 ms) : 10483, 10873
.   : milestone, 10678,
profiling (8.958 ms) : 8820, 9097
.   : milestone, 8958,
tracing (7.904 ms) : 7782, 8027
.   : milestone, 7904,
section candidate
no_agent (4.632 ms) : 4577, 4687
.   : milestone, 4632,
iast (10.227 ms) : 10053, 10402
.   : milestone, 10227,
iast_FULL (13.6 ms) : 13333, 13866
.   : milestone, 13600,
iast_GLOBAL (10.706 ms) : 10518, 10893
.   : milestone, 10706,
profiling (8.834 ms) : 8686, 8982
.   : milestone, 8834,
tracing (7.999 ms) : 7883, 8114
.   : milestone, 7999,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	4.39 ms [4.334 ms, 4.446 ms]	-
iast	10.255 ms [10.079 ms, 10.43 ms]	5.865 ms (133.6%)
iast_FULL	13.851 ms [13.574 ms, 14.127 ms]	9.461 ms (215.5%)
iast_GLOBAL	10.678 ms [10.483 ms, 10.873 ms]	6.288 ms (143.2%)
profiling	8.958 ms [8.82 ms, 9.097 ms]	4.568 ms (104.1%)
tracing	7.904 ms [7.782 ms, 8.027 ms]	3.515 ms (80.1%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	4.632 ms [4.577 ms, 4.687 ms]	-
iast	10.227 ms [10.053 ms, 10.402 ms]	5.595 ms (120.8%)
iast_FULL	13.6 ms [13.333 ms, 13.866 ms]	8.968 ms (193.6%)
iast_GLOBAL	10.706 ms [10.518 ms, 10.893 ms]	6.074 ms (131.1%)
profiling	8.834 ms [8.686 ms, 8.982 ms]	4.202 ms (90.7%)
tracing	7.999 ms [7.883 ms, 8.114 ms]	3.367 ms (72.7%)

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.55.0-SNAPSHOT~357adfca2a, baseline=1.55.0-SNAPSHOT~b733cdaf4e
    dateFormat X
    axisFormat %s
section baseline
no_agent (36.07 ms) : 35778, 36361
.   : milestone, 36070,
appsec (47.844 ms) : 47419, 48270
.   : milestone, 47844,
code_origins (44.269 ms) : 43874, 44664
.   : milestone, 44269,
iast (44.637 ms) : 44236, 45038
.   : milestone, 44637,
profiling (48.987 ms) : 48548, 49426
.   : milestone, 48987,
tracing (44.444 ms) : 44062, 44827
.   : milestone, 44444,
section candidate
no_agent (37.5 ms) : 37207, 37792
.   : milestone, 37500,
appsec (47.904 ms) : 47478, 48329
.   : milestone, 47904,
code_origins (42.522 ms) : 42173, 42871
.   : milestone, 42522,
iast (44.185 ms) : 43805, 44566
.   : milestone, 44185,
profiling (48.662 ms) : 48197, 49128
.   : milestone, 48662,
tracing (43.499 ms) : 43134, 43864
.   : milestone, 43499,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	36.07 ms [35.778 ms, 36.361 ms]	-
appsec	47.844 ms [47.419 ms, 48.27 ms]	11.774 ms (32.6%)
code_origins	44.269 ms [43.874 ms, 44.664 ms]	8.2 ms (22.7%)
iast	44.637 ms [44.236 ms, 45.038 ms]	8.567 ms (23.8%)
profiling	48.987 ms [48.548 ms, 49.426 ms]	12.917 ms (35.8%)
tracing	44.444 ms [44.062 ms, 44.827 ms]	8.375 ms (23.2%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	37.5 ms [37.207 ms, 37.792 ms]	-
appsec	47.904 ms [47.478 ms, 48.329 ms]	10.404 ms (27.7%)
code_origins	42.522 ms [42.173 ms, 42.871 ms]	5.023 ms (13.4%)
iast	44.185 ms [43.805 ms, 44.566 ms]	6.686 ms (17.8%)
profiling	48.662 ms [48.197 ms, 49.128 ms]	11.163 ms (29.8%)
tracing	43.499 ms [43.134 ms, 43.864 ms]	6.0 ms (16.0%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	dependabot/github_actions/gh-actions-packages-522a0045d5
git_commit_date	1761587776	1761594787
git_commit_sha	b733cda	357adfc
release_version	1.55.0-SNAPSHOT~b733cdaf4e	1.55.0-SNAPSHOT~357adfca2a

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1761596715	1761596715
ci_job_id	1200722400	1200722400
ci_pipeline_id	80425732	80425732
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-0-ux54ax5c 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-0-ux54ax5c 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.55.0-SNAPSHOT~357adfca2a, baseline=1.55.0-SNAPSHOT~b733cdaf4e
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.478 ms) : 1467, 1490
.   : milestone, 1478,
appsec (3.703 ms) : 3487, 3920
.   : milestone, 3703,
iast (2.208 ms) : 2145, 2272
.   : milestone, 2208,
iast_GLOBAL (2.255 ms) : 2191, 2319
.   : milestone, 2255,
profiling (2.058 ms) : 2006, 2110
.   : milestone, 2058,
tracing (2.029 ms) : 1979, 2079
.   : milestone, 2029,
section candidate
no_agent (1.474 ms) : 1463, 1486
.   : milestone, 1474,
appsec (3.737 ms) : 3517, 3956
.   : milestone, 3737,
iast (2.212 ms) : 2149, 2276
.   : milestone, 2212,
iast_GLOBAL (2.249 ms) : 2186, 2313
.   : milestone, 2249,
profiling (2.056 ms) : 2004, 2108
.   : milestone, 2056,
tracing (2.036 ms) : 1986, 2086
.   : milestone, 2036,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.478 ms [1.467 ms, 1.49 ms]	-
appsec	3.703 ms [3.487 ms, 3.92 ms]	2.225 ms (150.5%)
iast	2.208 ms [2.145 ms, 2.272 ms]	729.835 µs (49.4%)
iast_GLOBAL	2.255 ms [2.191 ms, 2.319 ms]	776.368 µs (52.5%)
profiling	2.058 ms [2.006 ms, 2.11 ms]	579.454 µs (39.2%)
tracing	2.029 ms [1.979 ms, 2.079 ms]	550.71 µs (37.2%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.474 ms [1.463 ms, 1.486 ms]	-
appsec	3.737 ms [3.517 ms, 3.956 ms]	2.262 ms (153.5%)
iast	2.212 ms [2.149 ms, 2.276 ms]	737.97 µs (50.1%)
iast_GLOBAL	2.249 ms [2.186 ms, 2.313 ms]	775.022 µs (52.6%)
profiling	2.056 ms [2.004 ms, 2.108 ms]	581.714 µs (39.5%)
tracing	2.036 ms [1.986 ms, 2.086 ms]	561.372 µs (38.1%)

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.55.0-SNAPSHOT~357adfca2a, baseline=1.55.0-SNAPSHOT~b733cdaf4e
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.594 s) : 15594000, 15594000
.   : milestone, 15594000,
appsec (14.989 s) : 14989000, 14989000
.   : milestone, 14989000,
iast (18.513 s) : 18513000, 18513000
.   : milestone, 18513000,
iast_GLOBAL (18.298 s) : 18298000, 18298000
.   : milestone, 18298000,
profiling (16.018 s) : 16018000, 16018000
.   : milestone, 16018000,
tracing (14.925 s) : 14925000, 14925000
.   : milestone, 14925000,
section candidate
no_agent (15.076 s) : 15076000, 15076000
.   : milestone, 15076000,
appsec (14.869 s) : 14869000, 14869000
.   : milestone, 14869000,
iast (18.458 s) : 18458000, 18458000
.   : milestone, 18458000,
iast_GLOBAL (18.205 s) : 18205000, 18205000
.   : milestone, 18205000,
profiling (15.319 s) : 15319000, 15319000
.   : milestone, 15319000,
tracing (15.168 s) : 15168000, 15168000
.   : milestone, 15168000,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.594 s [15.594 s, 15.594 s]	-
appsec	14.989 s [14.989 s, 14.989 s]	-605.0 ms (-3.9%)
iast	18.513 s [18.513 s, 18.513 s]	2.919 s (18.7%)
iast_GLOBAL	18.298 s [18.298 s, 18.298 s]	2.704 s (17.3%)
profiling	16.018 s [16.018 s, 16.018 s]	424.0 ms (2.7%)
tracing	14.925 s [14.925 s, 14.925 s]	-669.0 ms (-4.3%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.076 s [15.076 s, 15.076 s]	-
appsec	14.869 s [14.869 s, 14.869 s]	-207.0 ms (-1.4%)
iast	18.458 s [18.458 s, 18.458 s]	3.382 s (22.4%)
iast_GLOBAL	18.205 s [18.205 s, 18.205 s]	3.129 s (20.8%)
profiling	15.319 s [15.319 s, 15.319 s]	243.0 ms (1.6%)
tracing	15.168 s [15.168 s, 15.168 s]	92.0 ms (0.6%)