chore(ci): bump the gh-actions-packages group with 3 updates

[dependabot[bot]]

Bumps the gh-actions-packages group with 3 updates: actions/cache, github/codeql-action and actions/upload-artifact.

Updates actions/cache from 4.3.0 to 5.0.1

Release notes

Sourced from actions/cache's releases.

v5.0.1

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

---

v5.0.1

What's Changed

• fix: update @​actions/cache for Node.js 24 punycode deprecation by @​salmanmkc in actions/cache#1685
• prepare release v5.0.1 by @​salmanmkc in actions/cache#1686

v5.0.0

What's Changed

• Upgrade to use node24 by @​salmanmkc in actions/cache#1630
• Prepare v5.0.0 release by @​salmanmkc in actions/cache#1684

Full Changelog: https://github.com/actions/cache/compare/v5...v5.0.1

v5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

---

What's Changed

• Upgrade to use node24 by @​salmanmkc in actions/cache#1630
• Prepare v5.0.0 release by @​salmanmkc in actions/cache#1684

Full Changelog: https://github.com/actions/cache/compare/v4.3.0...v5.0.0

Changelog

Sourced from actions/cache's changelog.

Releases

Changelog

5.0.1

• Update @azure/storage-blob to ^12.29.1 via @actions/[email protected] #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

4.3.0

• Bump @actions/cache to v4.1.0

4.2.4

• Bump @actions/cache to v4.0.5

4.2.3

• Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

• Bump @actions/cache to v4.0.2

4.2.1

• Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

4.1.2

... (truncated)

Commits

• 9255dc7 Merge pull request #1686 from actions/cache-v5.0.1-release
• 8ff5423 chore: release v5.0.1
• 9233019 Merge pull request #1685 from salmanmkc/node24-storage-blob-fix
• b975f2b fix: add peer property to package-lock.json for dependencies
• d0a0e18 fix: update license files for @​actions/cache, fast-xml-parser, and strnum
• 74de208 fix: update @​actions/cache to ^5.0.1 for Node.js 24 punycode fix
• ac7f115 peer
• b0f846b fix: update @​actions/cache with storage-blob fix for Node.js 24 punycode depr...
• a783357 Merge pull request #1684 from actions/prepare-cache-v5-release
• 3bb0d78 docs: highlight v5 runner requirement in releases
• Additional commits viewable in compare view

Updates github/codeql-action from 4.31.7 to 4.31.8

Release notes

Sourced from github/codeql-action's releases.

v4.31.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.8 - 11 Dec 2025

• Update default CodeQL bundle version to 2.23.8. #3354

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.8 - 11 Dec 2025

• Update default CodeQL bundle version to 2.23.8. #3354

4.31.7 - 05 Dec 2025

• Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

• Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

• CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
• Update default CodeQL bundle version to 2.23.5. #3288

4.31.2 - 30 Oct 2025

No user facing changes.

4.31.1 - 30 Oct 2025

• The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

4.31.0 - 24 Oct 2025

• Bump minimum CodeQL bundle version to 2.17.6. #3223
• When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

4.30.9 - 17 Oct 2025

• Update default CodeQL bundle version to 2.23.3. #3205
• Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204

... (truncated)

Commits

• 1b168cd Merge pull request #3355 from github/update-v4.31.8-1b0b941e1
• 120f277 Update changelog for v4.31.8
• 1b0b941 Merge pull request #3354 from github/update-bundle/codeql-bundle-v2.23.8
• db812c1 Add changelog note
• 2930dba Update default bundle to codeql-bundle-v2.23.8
• c43362b Merge pull request #3340 from github/kaspersv/check-for-overlayBaseSpecifier
• 002a7f2 Overlay: log overlayBaseSpecifier at debug log-level
• 5b7e7fc Update src/codeql.ts
• 149d184 Merge pull request #3345 from github/mergeback/v4.31.7-to-main-cf1bb45a
• 97c2630 Rebuild
• Additional commits viewable in compare view

Updates actions/upload-artifact from 5.0.0 to 6.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Upload Artifact Node 24 support by @​salmanmkc in actions/upload-artifact#719
• fix: update @​actions/artifact for Node.js 24 punycode deprecation by @​salmanmkc in actions/upload-artifact#744
• prepare release v6.0.0 for Node.js 24 support by @​salmanmkc in actions/upload-artifact#745

Full Changelog: https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0

Commits

• b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
• e516bc8 docs: correct description of Node.js 24 support in README
• ddc45ed docs: update README to correct action name for Node.js 24 support
• 615b319 chore: release v6.0.0 for Node.js 24 support
• 017748b Merge pull request #744 from actions/fix-storage-blob
• 38d4c79 chore: rebuild dist
• 7d27270 chore: add missing license cache files for @​actions/core, @​actions/io, and mi...
• 5f643d3 chore: update license files for @​actions/artifact@​5.0.1 dependencies
• 1df1684 chore: update package-lock.json with @​actions/artifact@​5.0.1
• b5b1a91 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[pr-commenter[bot]]

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	dependabot/github_actions/gh-actions-packages-bb8a6fe874
git_commit_date	1765826150	1765872817
git_commit_sha	3101a85cf1	b36e3fe520
release_version	1.57.0-SNAPSHOT~3101a85cf1	1.57.0-SNAPSHOT~b36e3fe520

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1765874694	1765874694
ci_job_id	1297875448	1297875448
ci_pipeline_id	86964888	86964888
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-0-tr34c6k5 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-0-tr34c6k5 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 56 metrics, 9 unstable metrics.

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.57.0-SNAPSHOT~b36e3fe520, baseline=1.57.0-SNAPSHOT~3101a85cf1

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.085 s) : 0, 1085214
Total [baseline] (10.789 s) : 0, 10789492
Agent [candidate] (1.086 s) : 0, 1086367
Total [candidate] (10.803 s) : 0, 10803438
section appsec
Agent [baseline] (1.262 s) : 0, 1262299
Total [baseline] (10.981 s) : 0, 10981147
Agent [candidate] (1.271 s) : 0, 1271426
Total [candidate] (10.978 s) : 0, 10977854
section iast
Agent [baseline] (1.226 s) : 0, 1225753
Total [baseline] (11.241 s) : 0, 11240929
Agent [candidate] (1.228 s) : 0, 1228093
Total [candidate] (11.235 s) : 0, 11235067
section profiling
Agent [baseline] (1.204 s) : 0, 1203731
Total [baseline] (10.956 s) : 0, 10956175
Agent [candidate] (1.202 s) : 0, 1202113
Total [candidate] (10.925 s) : 0, 10924762

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.085 s	-
Agent	appsec	1.262 s	177.085 ms (16.3%)
Agent	iast	1.226 s	140.538 ms (13.0%)
Agent	profiling	1.204 s	118.517 ms (10.9%)
Total	tracing	10.789 s	-
Total	appsec	10.981 s	191.655 ms (1.8%)
Total	iast	11.241 s	451.437 ms (4.2%)
Total	profiling	10.956 s	166.683 ms (1.5%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.086 s	-
Agent	appsec	1.271 s	185.059 ms (17.0%)
Agent	iast	1.228 s	141.726 ms (13.0%)
Agent	profiling	1.202 s	115.746 ms (10.7%)
Total	tracing	10.803 s	-
Total	appsec	10.978 s	174.416 ms (1.6%)
Total	iast	11.235 s	431.629 ms (4.0%)
Total	profiling	10.925 s	121.324 ms (1.1%)

gantt
    title petclinic - break down per module: candidate=1.57.0-SNAPSHOT~b36e3fe520, baseline=1.57.0-SNAPSHOT~3101a85cf1

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.185 ms) : 0, 1185
crashtracking [candidate] (1.177 ms) : 0, 1177
BytebuddyAgent [baseline] (651.09 ms) : 0, 651090
BytebuddyAgent [candidate] (651.198 ms) : 0, 651198
GlobalTracer [baseline] (283.261 ms) : 0, 283261
GlobalTracer [candidate] (284.178 ms) : 0, 284178
AppSec [baseline] (32.556 ms) : 0, 32556
AppSec [candidate] (32.56 ms) : 0, 32560
Debugger [baseline] (68.182 ms) : 0, 68182
Debugger [candidate] (68.573 ms) : 0, 68573
Remote Config [baseline] (612.184 µs) : 0, 612
Remote Config [candidate] (608.884 µs) : 0, 609
Telemetry [baseline] (9.08 ms) : 0, 9080
Telemetry [candidate] (8.918 ms) : 0, 8918
Flare Poller [baseline] (3.712 ms) : 0, 3712
Flare Poller [candidate] (3.678 ms) : 0, 3678
section appsec
crashtracking [baseline] (1.177 ms) : 0, 1177
crashtracking [candidate] (1.184 ms) : 0, 1184
BytebuddyAgent [baseline] (688.081 ms) : 0, 688081
BytebuddyAgent [candidate] (693.454 ms) : 0, 693454
GlobalTracer [baseline] (257.907 ms) : 0, 257907
GlobalTracer [candidate] (260.441 ms) : 0, 260441
AppSec [baseline] (172.965 ms) : 0, 172965
AppSec [candidate] (173.413 ms) : 0, 173413
Debugger [baseline] (68.422 ms) : 0, 68422
Debugger [candidate] (68.751 ms) : 0, 68751
Remote Config [baseline] (701.862 µs) : 0, 702
Remote Config [candidate] (698.383 µs) : 0, 698
Telemetry [baseline] (9.039 ms) : 0, 9039
Telemetry [candidate] (9.108 ms) : 0, 9108
Flare Poller [baseline] (3.899 ms) : 0, 3899
Flare Poller [candidate] (3.987 ms) : 0, 3987
IAST [baseline] (24.614 ms) : 0, 24614
IAST [candidate] (24.812 ms) : 0, 24812
section iast
crashtracking [baseline] (1.197 ms) : 0, 1197
crashtracking [candidate] (1.185 ms) : 0, 1185
BytebuddyAgent [baseline] (791.344 ms) : 0, 791344
BytebuddyAgent [candidate] (794.718 ms) : 0, 794718
GlobalTracer [baseline] (257.368 ms) : 0, 257368
GlobalTracer [candidate] (257.055 ms) : 0, 257055
AppSec [baseline] (34.562 ms) : 0, 34562
AppSec [candidate] (35.062 ms) : 0, 35062
Debugger [baseline] (66.07 ms) : 0, 66070
Debugger [candidate] (64.958 ms) : 0, 64958
Remote Config [baseline] (614.69 µs) : 0, 615
Remote Config [candidate] (584.383 µs) : 0, 584
Telemetry [baseline] (8.469 ms) : 0, 8469
Telemetry [candidate] (8.449 ms) : 0, 8449
Flare Poller [baseline] (3.491 ms) : 0, 3491
Flare Poller [candidate] (3.529 ms) : 0, 3529
IAST [baseline] (27.202 ms) : 0, 27202
IAST [candidate] (27.206 ms) : 0, 27206
section profiling
crashtracking [baseline] (1.208 ms) : 0, 1208
crashtracking [candidate] (1.209 ms) : 0, 1209
BytebuddyAgent [baseline] (701.287 ms) : 0, 701287
BytebuddyAgent [candidate] (700.772 ms) : 0, 700772
GlobalTracer [baseline] (221.306 ms) : 0, 221306
GlobalTracer [candidate] (220.876 ms) : 0, 220876
AppSec [baseline] (32.171 ms) : 0, 32171
AppSec [candidate] (32.028 ms) : 0, 32028
Debugger [baseline] (68.243 ms) : 0, 68243
Debugger [candidate] (67.841 ms) : 0, 67841
Remote Config [baseline] (643.539 µs) : 0, 644
Remote Config [candidate] (634.006 µs) : 0, 634
Telemetry [baseline] (8.942 ms) : 0, 8942
Telemetry [candidate] (8.735 ms) : 0, 8735
Flare Poller [baseline] (3.727 ms) : 0, 3727
Flare Poller [candidate] (3.771 ms) : 0, 3771
ProfilingAgent [baseline] (96.53 ms) : 0, 96530
ProfilingAgent [candidate] (96.665 ms) : 0, 96665
Profiling [baseline] (97.109 ms) : 0, 97109
Profiling [candidate] (97.236 ms) : 0, 97236

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.57.0-SNAPSHOT~b36e3fe520, baseline=1.57.0-SNAPSHOT~3101a85cf1

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.086 s) : 0, 1086097
Total [baseline] (8.741 s) : 0, 8740891
Agent [candidate] (1.081 s) : 0, 1081250
Total [candidate] (8.713 s) : 0, 8713139
section iast
Agent [baseline] (1.229 s) : 0, 1228730
Total [baseline] (9.373 s) : 0, 9373291
Agent [candidate] (1.225 s) : 0, 1225131
Total [candidate] (9.387 s) : 0, 9387464

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.086 s	-
Agent	iast	1.229 s	142.634 ms (13.1%)
Total	tracing	8.741 s	-
Total	iast	9.373 s	632.401 ms (7.2%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.081 s	-
Agent	iast	1.225 s	143.881 ms (13.3%)
Total	tracing	8.713 s	-
Total	iast	9.387 s	674.324 ms (7.7%)

gantt
    title insecure-bank - break down per module: candidate=1.57.0-SNAPSHOT~b36e3fe520, baseline=1.57.0-SNAPSHOT~3101a85cf1

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.196 ms) : 0, 1196
crashtracking [candidate] (1.173 ms) : 0, 1173
BytebuddyAgent [baseline] (651.837 ms) : 0, 651837
BytebuddyAgent [candidate] (649.381 ms) : 0, 649381
GlobalTracer [baseline] (283.644 ms) : 0, 283644
GlobalTracer [candidate] (282.572 ms) : 0, 282572
AppSec [baseline] (32.487 ms) : 0, 32487
AppSec [candidate] (32.201 ms) : 0, 32201
Debugger [baseline] (67.736 ms) : 0, 67736
Debugger [candidate] (67.226 ms) : 0, 67226
Remote Config [baseline] (631.926 µs) : 0, 632
Remote Config [candidate] (617.25 µs) : 0, 617
Telemetry [baseline] (9.227 ms) : 0, 9227
Telemetry [candidate] (9.046 ms) : 0, 9046
Flare Poller [baseline] (3.792 ms) : 0, 3792
Flare Poller [candidate] (3.703 ms) : 0, 3703
section iast
crashtracking [baseline] (1.188 ms) : 0, 1188
crashtracking [candidate] (1.19 ms) : 0, 1190
BytebuddyAgent [baseline] (794.702 ms) : 0, 794702
BytebuddyAgent [candidate] (793.381 ms) : 0, 793381
GlobalTracer [baseline] (257.324 ms) : 0, 257324
GlobalTracer [candidate] (256.395 ms) : 0, 256395
AppSec [baseline] (33.684 ms) : 0, 33684
AppSec [candidate] (32.696 ms) : 0, 32696
Debugger [baseline] (66.537 ms) : 0, 66537
Debugger [candidate] (66.86 ms) : 0, 66860
Remote Config [baseline] (604.755 µs) : 0, 605
Remote Config [candidate] (536.594 µs) : 0, 537
Telemetry [baseline] (8.411 ms) : 0, 8411
Telemetry [candidate] (8.333 ms) : 0, 8333
Flare Poller [baseline] (3.548 ms) : 0, 3548
Flare Poller [candidate] (3.468 ms) : 0, 3468
IAST [baseline] (27.283 ms) : 0, 27283
IAST [candidate] (26.953 ms) : 0, 26953

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	dependabot/github_actions/gh-actions-packages-bb8a6fe874
git_commit_date	1765826150	1765872817
git_commit_sha	3101a85cf1	b36e3fe520
release_version	1.57.0-SNAPSHOT~3101a85cf1	1.57.0-SNAPSHOT~b36e3fe520

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1765875187	1765875187
ci_job_id	1297875449	1297875449
ci_pipeline_id	86964888	86964888
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-0-knff3uxn 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-0-knff3uxn 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 2 performance improvements and 1 performance regressions! Performance is the same for 16 metrics, 17 unstable metrics.

scenario	Δ mean agg_http_req_duration_p50	Δ mean agg_http_req_duration_p95	Δ mean throughput	candidate mean agg_http_req_duration_p50	candidate mean agg_http_req_duration_p95	candidate mean throughput	baseline mean agg_http_req_duration_p50	baseline mean agg_http_req_duration_p95	baseline mean throughput
scenario:load:petclinic:no_agent:high_load	better [-2.729ms; -1.253ms] or [-14.638%; -6.724%]	unstable [-4.973ms; -1.784ms] or [-16.052%; -5.758%]	unstable [+0.150op/s; +58.600op/s] or [+0.061%; +24.001%]	16.651ms	27.603ms	273.531op/s	18.642ms	30.981ms	244.156op/s
scenario:load:petclinic:tracing:high_load	better [-1.395ms; -0.655ms] or [-7.660%; -3.597%]	unsure [-1661.636µs; -253.976µs] or [-5.638%; -0.862%]	unstable [-0.665op/s; +42.677op/s] or [-0.264%; +16.923%]	17.179ms	28.512ms	273.194op/s	18.204ms	29.470ms	252.188op/s
scenario:load:petclinic:appsec:high_load	worse [+0.796ms; +1.704ms] or [+4.420%; +9.466%]	unsure [+0.101ms; +2.409ms] or [+0.343%; +8.185%]	unstable [-42.418op/s; +8.918op/s] or [-16.651%; +3.501%]	19.249ms	30.681ms	238.000op/s	17.999ms	29.426ms	254.750op/s

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.57.0-SNAPSHOT~b36e3fe520, baseline=1.57.0-SNAPSHOT~3101a85cf1
    dateFormat X
    axisFormat %s
section baseline
no_agent (19.118 ms) : 18921, 19315
.   : milestone, 19118,
appsec (18.317 ms) : 18131, 18502
.   : milestone, 18317,
code_origins (17.609 ms) : 17435, 17783
.   : milestone, 17609,
iast (17.729 ms) : 17552, 17906
.   : milestone, 17729,
profiling (18.355 ms) : 18169, 18541
.   : milestone, 18355,
tracing (18.503 ms) : 18317, 18688
.   : milestone, 18503,
section candidate
no_agent (17.055 ms) : 16886, 17225
.   : milestone, 17055,
appsec (19.613 ms) : 19415, 19811
.   : milestone, 19613,
code_origins (17.659 ms) : 17485, 17833
.   : milestone, 17659,
iast (17.521 ms) : 17345, 17697
.   : milestone, 17521,
profiling (18.377 ms) : 18192, 18561
.   : milestone, 18377,
tracing (17.624 ms) : 17447, 17801
.   : milestone, 17624,

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	19.118 ms [18.921 ms, 19.315 ms]	-
appsec	18.317 ms [18.131 ms, 18.502 ms]	-801.433 µs (-4.2%)
code_origins	17.609 ms [17.435 ms, 17.783 ms]	-1.509 ms (-7.9%)
iast	17.729 ms [17.552 ms, 17.906 ms]	-1.389 ms (-7.3%)
profiling	18.355 ms [18.169 ms, 18.541 ms]	-763.18 µs (-4.0%)
tracing	18.503 ms [18.317 ms, 18.688 ms]	-615.563 µs (-3.2%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	17.055 ms [16.886 ms, 17.225 ms]	-
appsec	19.613 ms [19.415 ms, 19.811 ms]	2.558 ms (15.0%)
code_origins	17.659 ms [17.485 ms, 17.833 ms]	603.72 µs (3.5%)
iast	17.521 ms [17.345 ms, 17.697 ms]	465.951 µs (2.7%)
profiling	18.377 ms [18.192 ms, 18.561 ms]	1.321 ms (7.7%)
tracing	17.624 ms [17.447 ms, 17.801 ms]	568.811 µs (3.3%)

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.57.0-SNAPSHOT~b36e3fe520, baseline=1.57.0-SNAPSHOT~3101a85cf1
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.195 ms) : 1183, 1207
.   : milestone, 1195,
iast (3.21 ms) : 3170, 3251
.   : milestone, 3210,
iast_FULL (5.893 ms) : 5834, 5952
.   : milestone, 5893,
iast_GLOBAL (3.581 ms) : 3532, 3630
.   : milestone, 3581,
profiling (1.907 ms) : 1891, 1923
.   : milestone, 1907,
tracing (1.782 ms) : 1767, 1797
.   : milestone, 1782,
section candidate
no_agent (1.192 ms) : 1181, 1204
.   : milestone, 1192,
iast (3.177 ms) : 3139, 3214
.   : milestone, 3177,
iast_FULL (5.798 ms) : 5739, 5857
.   : milestone, 5798,
iast_GLOBAL (3.53 ms) : 3472, 3588
.   : milestone, 3530,
profiling (1.929 ms) : 1912, 1946
.   : milestone, 1929,
tracing (1.77 ms) : 1756, 1784
.   : milestone, 1770,

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.195 ms [1.183 ms, 1.207 ms]	-
iast	3.21 ms [3.17 ms, 3.251 ms]	2.016 ms (168.7%)
iast_FULL	5.893 ms [5.834 ms, 5.952 ms]	4.698 ms (393.2%)
iast_GLOBAL	3.581 ms [3.532 ms, 3.63 ms]	2.386 ms (199.7%)
profiling	1.907 ms [1.891 ms, 1.923 ms]	712.379 µs (59.6%)
tracing	1.782 ms [1.767 ms, 1.797 ms]	587.285 µs (49.2%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.192 ms [1.181 ms, 1.204 ms]	-
iast	3.177 ms [3.139 ms, 3.214 ms]	1.984 ms (166.4%)
iast_FULL	5.798 ms [5.739 ms, 5.857 ms]	4.606 ms (386.2%)
iast_GLOBAL	3.53 ms [3.472 ms, 3.588 ms]	2.337 ms (196.0%)
profiling	1.929 ms [1.912 ms, 1.946 ms]	736.615 µs (61.8%)
tracing	1.77 ms [1.756 ms, 1.784 ms]	577.378 µs (48.4%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	dependabot/github_actions/gh-actions-packages-bb8a6fe874
git_commit_date	1765826150	1765872817
git_commit_sha	3101a85cf1	b36e3fe520
release_version	1.57.0-SNAPSHOT~3101a85cf1	1.57.0-SNAPSHOT~b36e3fe520

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1765874899	1765874899
ci_job_id	1297875450	1297875450
ci_pipeline_id	86964888	86964888
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-1-8m2nruc5 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-1-8m2nruc5 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.57.0-SNAPSHOT~b36e3fe520, baseline=1.57.0-SNAPSHOT~3101a85cf1
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.967 s) : 14967000, 14967000
.   : milestone, 14967000,
appsec (14.908 s) : 14908000, 14908000
.   : milestone, 14908000,
iast (17.886 s) : 17886000, 17886000
.   : milestone, 17886000,
iast_GLOBAL (17.726 s) : 17726000, 17726000
.   : milestone, 17726000,
profiling (15.026 s) : 15026000, 15026000
.   : milestone, 15026000,
tracing (14.621 s) : 14621000, 14621000
.   : milestone, 14621000,
section candidate
no_agent (15.101 s) : 15101000, 15101000
.   : milestone, 15101000,
appsec (14.703 s) : 14703000, 14703000
.   : milestone, 14703000,
iast (18.494 s) : 18494000, 18494000
.   : milestone, 18494000,
iast_GLOBAL (17.71 s) : 17710000, 17710000
.   : milestone, 17710000,
profiling (14.414 s) : 14414000, 14414000
.   : milestone, 14414000,
tracing (14.65 s) : 14650000, 14650000
.   : milestone, 14650000,

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.967 s [14.967 s, 14.967 s]	-
appsec	14.908 s [14.908 s, 14.908 s]	-59.0 ms (-0.4%)
iast	17.886 s [17.886 s, 17.886 s]	2.919 s (19.5%)
iast_GLOBAL	17.726 s [17.726 s, 17.726 s]	2.759 s (18.4%)
profiling	15.026 s [15.026 s, 15.026 s]	59.0 ms (0.4%)
tracing	14.621 s [14.621 s, 14.621 s]	-346.0 ms (-2.3%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.101 s [15.101 s, 15.101 s]	-
appsec	14.703 s [14.703 s, 14.703 s]	-398.0 ms (-2.6%)
iast	18.494 s [18.494 s, 18.494 s]	3.393 s (22.5%)
iast_GLOBAL	17.71 s [17.71 s, 17.71 s]	2.609 s (17.3%)
profiling	14.414 s [14.414 s, 14.414 s]	-687.0 ms (-4.5%)
tracing	14.65 s [14.65 s, 14.65 s]	-451.0 ms (-3.0%)

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.57.0-SNAPSHOT~b36e3fe520, baseline=1.57.0-SNAPSHOT~3101a85cf1
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.471 ms) : 1460, 1483
.   : milestone, 1471,
appsec (2.516 ms) : 2461, 2570
.   : milestone, 2516,
iast (2.21 ms) : 2146, 2274
.   : milestone, 2210,
iast_GLOBAL (2.262 ms) : 2197, 2327
.   : milestone, 2262,
profiling (2.086 ms) : 2032, 2140
.   : milestone, 2086,
tracing (2.028 ms) : 1978, 2079
.   : milestone, 2028,
section candidate
no_agent (1.472 ms) : 1460, 1483
.   : milestone, 1472,
appsec (3.655 ms) : 3441, 3869
.   : milestone, 3655,
iast (2.222 ms) : 2157, 2287
.   : milestone, 2222,
iast_GLOBAL (2.257 ms) : 2192, 2322
.   : milestone, 2257,
profiling (2.097 ms) : 2042, 2151
.   : milestone, 2097,
tracing (2.049 ms) : 1998, 2100
.   : milestone, 2049,

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.471 ms [1.46 ms, 1.483 ms]	-
appsec	2.516 ms [2.461 ms, 2.57 ms]	1.045 ms (71.0%)
iast	2.21 ms [2.146 ms, 2.274 ms]	738.744 µs (50.2%)
iast_GLOBAL	2.262 ms [2.197 ms, 2.327 ms]	790.472 µs (53.7%)
profiling	2.086 ms [2.032 ms, 2.14 ms]	614.813 µs (41.8%)
tracing	2.028 ms [1.978 ms, 2.079 ms]	556.933 µs (37.9%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.472 ms [1.46 ms, 1.483 ms]	-
appsec	3.655 ms [3.441 ms, 3.869 ms]	2.183 ms (148.3%)
iast	2.222 ms [2.157 ms, 2.287 ms]	750.442 µs (51.0%)
iast_GLOBAL	2.257 ms [2.192 ms, 2.322 ms]	785.155 µs (53.4%)
profiling	2.097 ms [2.042 ms, 2.151 ms]	625.077 µs (42.5%)
tracing	2.049 ms [1.998 ms, 2.1 ms]	577.14 µs (39.2%)

[PerfectSlayer]

@dependabot rebase

[dependabot[bot]]

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.