chore(ci): bump github/codeql-action from 4.32.6 to 4.33.0 in the gh-actions-packages group

[dependabot]

Bumps the gh-actions-packages group with 1 update: github/codeql-action.

Updates github/codeql-action from 4.32.6 to 4.33.0

Release notes

Sourced from github/codeql-action's releases.

v4.33.0

• Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. #3562

  To opt out of this change:

  • Repositories owned by an organization: Create a custom repository property with the name github-codeql-file-coverage-on-prs and the type "True/false", then set this property to true in the repository's settings. For more information, see Managing custom properties for repositories in your organization. Alternatively, if you are using an advanced setup workflow, you can set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
  • User-owned repositories using default setup: Switch to an advanced setup workflow and set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
  • User-owned repositories using advanced setup: Set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

• Fixed a bug which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. #3557

• The CodeQL Action now loads custom repository properties on GitHub Enterprise Server, enabling the customization of features such as github-codeql-disable-overlay that was previously only available on GitHub.com. #3559

• Once private package registries can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. #3563

• Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". #3564

• A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. #3570

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.33.0 - 16 Mar 2026

• Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. #3562

  To opt out of this change:

  • Repositories owned by an organization: Create a custom repository property with the name github-codeql-file-coverage-on-prs and the type "True/false", then set this property to true in the repository's settings. For more information, see Managing custom properties for repositories in your organization. Alternatively, if you are using an advanced setup workflow, you can set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
  • User-owned repositories using default setup: Switch to an advanced setup workflow and set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
  • User-owned repositories using advanced setup: Set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

• Fixed a bug which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. #3557

• The CodeQL Action now loads custom repository properties on GitHub Enterprise Server, enabling the customization of features such as github-codeql-disable-overlay that was previously only available on GitHub.com. #3559

• Once private package registries can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. #3563

• Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". #3564

• A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. #3570

4.32.6 - 05 Mar 2026

• Update default CodeQL bundle version to 2.24.3. #3548

4.32.5 - 02 Mar 2026

• Repositories owned by an organization can now set up the github-codeql-disable-overlay custom repository property to disable improved incremental analysis for CodeQL. First, create a custom repository property with the name github-codeql-disable-overlay and the type "True/false" in the organization's settings. Then in the repository's settings, set this property to true to disable improved incremental analysis. For more information, see Managing custom properties for repositories in your organization. This feature is not yet available on GitHub Enterprise Server. #3507
• Added an experimental change so that when improved incremental analysis fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. #3487
• The minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. #3515
• Reduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. #3516
• Added an experimental change which lowers the minimum disk space requirement for improved incremental analysis, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. #3498
• Added an experimental change which allows the start-proxy action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. #3512
• The previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. #3503, #3504

4.32.4 - 20 Feb 2026

• Update default CodeQL bundle version to 2.24.2. #3493
• Added an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when private package registries are configured. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. #3473
• When the CodeQL Action is run with debugging enabled in Default Setup and private package registries are configured, the "Setup proxy for registries" step will output additional diagnostic information that can be used for troubleshooting. #3486
• Added a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. #3485
• Added a setting which enables GitHub-managed workflows, such as Default Setup, to use a nightly CodeQL CLI release instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. #3484

4.32.3 - 13 Feb 2026

• Added experimental support for testing connections to private package registries. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. #3466

4.32.2 - 05 Feb 2026

... (truncated)

Commits

• b1bff81 Merge pull request #3574 from github/update-v4.32.7-7dd76e6bf
• e682234 Add changelog entry for #3570
• 95be291 Bump minor version
• 59bcb60 Update changelog for v4.32.7
• 7dd76e6 Merge pull request #3572 from github/mbg/pr-checks/eslint
• e3200e3 Merge pull request #3563 from github/mbg/private-registry/oidc
• 4c356c7 Merge pull request #3570 from github/mbg/repo-props/warn-on-unexpected-props
• b4937c1 Only emit one message with accumulated property names
• 136b8ab Remove cache-dependency-path options as well
• a5aba59 Remove package-lock.json that's no longer needed
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[PerfectSlayer]

/merge

[gh-worker-devflow-routing-ef8351]

View all feedbacks in Devflow UI.

2026-03-17 18:33:26 UTC ℹ️ Start processing command /merge

---

2026-03-17 18:33:40 UTC 🚨 Merge Queue: pull request can't be queued

error adding merge request

Details

child workflow execution error (type: devflow.Devflow_MergePullRequest, workflowID: dccdef31-17aa-4724-92f2-d80473152518_47, runID: 019cfd13-01c4-7ce0-ab10-8906107eaba5, initiatedEventID: 47, startedEventID: 48): child workflow execution error (type: mergequeue.MergeQueue_QueueMergeRequest, workflowID: 019cfd13-01c4-7ce0-ab10-8906107eaba5_22, runID: 019cfd13-1f0a-7211-9f10-8a2b0d5f6952, initiatedEventID: 22, startedEventID: 23): child workflow execution error (type: mergequeue_private.MergeQueue_CheckAndQueueMergeRequest, workflowID: 019cfd13-1f0a-7211-9f10-8a2b0d5f6952_8, runID: 019cfd13-1fb0-782f-af75-e6e0460f4842, initiatedEventID: 8, startedEventID: 9): child workflow execution error (type: mergequeue_private.MergeQueue_AddOrUpdateMergeRequestInDB, workflowID: 019cfd13-1fb0-782f-af75-e6e0460f4842_65, runID: 019cfd13-3242-7d28-897c-196df7d4d1ec, initiatedEventID: 65, startedEventID: 66): activity error (type: mergequeue_private.MergeQueue_AddMergeRequestInDB, scheduledEventID: 8, startedEventID: 9, identity: 1@mergequeue-worker-6f5df7d8dc-lkl59@): error adding merge request (type: ErrorMergeRequestAlreadyExist, retryable: false): mergerequest exists already

[PerfectSlayer]

/merge

[gh-worker-devflow-routing-ef8351]

View all feedbacks in Devflow UI.

2026-03-17 18:33:32 UTC ℹ️ Start processing command /merge

---

2026-03-17 18:33:40 UTC ℹ️ MergeQueue: waiting for PR to be ready

This pull request is not mergeable according to GitHub. Common reasons include pending required checks, missing approvals, or merge conflicts — but it could also be blocked by other repository rules or settings.
It will be added to the queue as soon as checks pass and/or get approvals. View in MergeQueue UI.
Note: if you pushed new commits since the last approval, you may need additional approval.
You can remove it from the waiting list with /remove command.

---

2026-03-17 21:10:07 UTC ℹ️ MergeQueue: merge request added to the queue

The expected merge time in master is approximately 3h (p90).

---

2026-03-17 22:07:47 UTC ℹ️ MergeQueue: This merge request was merged

[pr-commenter]

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	dependabot/github_actions/gh-actions-packages-08da7132b3
git_commit_date	1773770946	1773771683
git_commit_sha	79fbbef	d5d662e
release_version	1.61.0-SNAPSHOT~79fbbef465	1.61.0-SNAPSHOT~d5d662e907

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1773773431	1773773431
ci_job_id	1514637677	1514637677
ci_pipeline_id	103081724	103081724
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-2-ryo7usln 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-2-ryo7usln 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 60 metrics, 11 unstable metrics.

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.61.0-SNAPSHOT~d5d662e907, baseline=1.61.0-SNAPSHOT~79fbbef465

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.065 s) : 0, 1065252
Total [baseline] (11.163 s) : 0, 11163169
Agent [candidate] (1.079 s) : 0, 1078642
Total [candidate] (11.161 s) : 0, 11161131
section appsec
Agent [baseline] (1.253 s) : 0, 1252957
Total [baseline] (11.181 s) : 0, 11181017
Agent [candidate] (1.246 s) : 0, 1245762
Total [candidate] (11.182 s) : 0, 11182370
section iast
Agent [baseline] (1.23 s) : 0, 1229712
Total [baseline] (11.318 s) : 0, 11318329
Agent [candidate] (1.234 s) : 0, 1234487
Total [candidate] (11.412 s) : 0, 11411738
section profiling
Agent [baseline] (1.194 s) : 0, 1194240
Total [baseline] (11.119 s) : 0, 11119060
Agent [candidate] (1.184 s) : 0, 1184070
Total [candidate] (11.212 s) : 0, 11211761

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.065 s	-
Agent	appsec	1.253 s	187.706 ms (17.6%)
Agent	iast	1.23 s	164.46 ms (15.4%)
Agent	profiling	1.194 s	128.988 ms (12.1%)
Total	tracing	11.163 s	-
Total	appsec	11.181 s	17.848 ms (0.2%)
Total	iast	11.318 s	155.159 ms (1.4%)
Total	profiling	11.119 s	-44.11 ms (-0.4%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.079 s	-
Agent	appsec	1.246 s	167.12 ms (15.5%)
Agent	iast	1.234 s	155.846 ms (14.4%)
Agent	profiling	1.184 s	105.428 ms (9.8%)
Total	tracing	11.161 s	-
Total	appsec	11.182 s	21.239 ms (0.2%)
Total	iast	11.412 s	250.607 ms (2.2%)
Total	profiling	11.212 s	50.63 ms (0.5%)

gantt
    title petclinic - break down per module: candidate=1.61.0-SNAPSHOT~d5d662e907, baseline=1.61.0-SNAPSHOT~79fbbef465

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.22 ms) : 0, 1220
crashtracking [candidate] (1.218 ms) : 0, 1218
BytebuddyAgent [baseline] (631.199 ms) : 0, 631199
BytebuddyAgent [candidate] (639.321 ms) : 0, 639321
AgentMeter [baseline] (29.264 ms) : 0, 29264
AgentMeter [candidate] (29.538 ms) : 0, 29538
GlobalTracer [baseline] (258.118 ms) : 0, 258118
GlobalTracer [candidate] (260.649 ms) : 0, 260649
AppSec [baseline] (31.827 ms) : 0, 31827
AppSec [candidate] (32.176 ms) : 0, 32176
Debugger [baseline] (60.608 ms) : 0, 60608
Debugger [candidate] (60.997 ms) : 0, 60997
Remote Config [baseline] (622.64 µs) : 0, 623
Remote Config [candidate] (601.978 µs) : 0, 602
Telemetry [baseline] (8.067 ms) : 0, 8067
Telemetry [candidate] (8.172 ms) : 0, 8172
Flare Poller [baseline] (8.099 ms) : 0, 8099
Flare Poller [candidate] (9.686 ms) : 0, 9686
section appsec
crashtracking [baseline] (1.212 ms) : 0, 1212
crashtracking [candidate] (1.21 ms) : 0, 1210
BytebuddyAgent [baseline] (661.454 ms) : 0, 661454
BytebuddyAgent [candidate] (657.55 ms) : 0, 657550
AgentMeter [baseline] (12.138 ms) : 0, 12138
AgentMeter [candidate] (12.021 ms) : 0, 12021
GlobalTracer [baseline] (259.694 ms) : 0, 259694
GlobalTracer [candidate] (257.565 ms) : 0, 257565
AppSec [baseline] (178.542 ms) : 0, 178542
AppSec [candidate] (178.102 ms) : 0, 178102
Debugger [baseline] (66.533 ms) : 0, 66533
Debugger [candidate] (66.319 ms) : 0, 66319
Remote Config [baseline] (611.841 µs) : 0, 612
Remote Config [candidate] (616.21 µs) : 0, 616
Telemetry [baseline] (8.283 ms) : 0, 8283
Telemetry [candidate] (8.29 ms) : 0, 8290
Flare Poller [baseline] (3.582 ms) : 0, 3582
Flare Poller [candidate] (3.631 ms) : 0, 3631
IAST [baseline] (24.366 ms) : 0, 24366
IAST [candidate] (24.171 ms) : 0, 24171
section iast
crashtracking [baseline] (1.197 ms) : 0, 1197
crashtracking [candidate] (1.193 ms) : 0, 1193
BytebuddyAgent [baseline] (797.572 ms) : 0, 797572
BytebuddyAgent [candidate] (800.383 ms) : 0, 800383
AgentMeter [baseline] (11.34 ms) : 0, 11340
AgentMeter [candidate] (11.615 ms) : 0, 11615
GlobalTracer [baseline] (247.846 ms) : 0, 247846
GlobalTracer [candidate] (248.131 ms) : 0, 248131
AppSec [baseline] (26.517 ms) : 0, 26517
AppSec [candidate] (27.621 ms) : 0, 27621
Debugger [baseline] (70.685 ms) : 0, 70685
Debugger [candidate] (70.482 ms) : 0, 70482
Remote Config [baseline] (533.074 µs) : 0, 533
Remote Config [candidate] (538.677 µs) : 0, 539
Telemetry [baseline] (9.222 ms) : 0, 9222
Telemetry [candidate] (9.288 ms) : 0, 9288
Flare Poller [baseline] (3.322 ms) : 0, 3322
Flare Poller [candidate] (3.369 ms) : 0, 3369
IAST [baseline] (25.341 ms) : 0, 25341
IAST [candidate] (25.549 ms) : 0, 25549
section profiling
ProfilingAgent [baseline] (95.073 ms) : 0, 95073
ProfilingAgent [candidate] (94.565 ms) : 0, 94565
crashtracking [baseline] (1.199 ms) : 0, 1199
crashtracking [candidate] (1.175 ms) : 0, 1175
BytebuddyAgent [baseline] (689.637 ms) : 0, 689637
BytebuddyAgent [candidate] (682.788 ms) : 0, 682788
AgentMeter [baseline] (8.747 ms) : 0, 8747
AgentMeter [candidate] (8.646 ms) : 0, 8646
GlobalTracer [baseline] (217.257 ms) : 0, 217257
GlobalTracer [candidate] (215.78 ms) : 0, 215780
AppSec [baseline] (32.599 ms) : 0, 32599
AppSec [candidate] (32.372 ms) : 0, 32372
Debugger [baseline] (65.616 ms) : 0, 65616
Debugger [candidate] (65.246 ms) : 0, 65246
Remote Config [baseline] (579.902 µs) : 0, 580
Remote Config [candidate] (576.671 µs) : 0, 577
Telemetry [baseline] (8.55 ms) : 0, 8550
Telemetry [candidate] (7.751 ms) : 0, 7751
Flare Poller [baseline] (3.493 ms) : 0, 3493
Flare Poller [candidate] (4.358 ms) : 0, 4358
Profiling [baseline] (95.654 ms) : 0, 95654
Profiling [candidate] (95.131 ms) : 0, 95131

Loading

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.61.0-SNAPSHOT~d5d662e907, baseline=1.61.0-SNAPSHOT~79fbbef465

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.062 s) : 0, 1062344
Total [baseline] (8.876 s) : 0, 8876276
Agent [candidate] (1.059 s) : 0, 1058895
Total [candidate] (8.819 s) : 0, 8819454
section iast
Agent [baseline] (1.226 s) : 0, 1226477
Total [baseline] (9.56 s) : 0, 9559883
Agent [candidate] (1.232 s) : 0, 1231956
Total [candidate] (9.564 s) : 0, 9563681

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.062 s	-
Agent	iast	1.226 s	164.133 ms (15.5%)
Total	tracing	8.876 s	-
Total	iast	9.56 s	683.608 ms (7.7%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.059 s	-
Agent	iast	1.232 s	173.061 ms (16.3%)
Total	tracing	8.819 s	-
Total	iast	9.564 s	744.227 ms (8.4%)

gantt
    title insecure-bank - break down per module: candidate=1.61.0-SNAPSHOT~d5d662e907, baseline=1.61.0-SNAPSHOT~79fbbef465

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.203 ms) : 0, 1203
crashtracking [candidate] (1.205 ms) : 0, 1205
BytebuddyAgent [baseline] (630.348 ms) : 0, 630348
BytebuddyAgent [candidate] (628.308 ms) : 0, 628308
AgentMeter [baseline] (29.094 ms) : 0, 29094
AgentMeter [candidate] (29.065 ms) : 0, 29065
GlobalTracer [baseline] (257.359 ms) : 0, 257359
GlobalTracer [candidate] (257.248 ms) : 0, 257248
AppSec [baseline] (31.682 ms) : 0, 31682
AppSec [candidate] (31.681 ms) : 0, 31681
Debugger [baseline] (59.696 ms) : 0, 59696
Debugger [candidate] (59.405 ms) : 0, 59405
Remote Config [baseline] (601.808 µs) : 0, 602
Remote Config [candidate] (608.938 µs) : 0, 609
Telemetry [baseline] (8.114 ms) : 0, 8114
Telemetry [candidate] (8.087 ms) : 0, 8087
Flare Poller [baseline] (8.147 ms) : 0, 8147
Flare Poller [candidate] (7.293 ms) : 0, 7293
section iast
crashtracking [baseline] (1.216 ms) : 0, 1216
crashtracking [candidate] (1.203 ms) : 0, 1203
BytebuddyAgent [baseline] (795.575 ms) : 0, 795575
BytebuddyAgent [candidate] (799.691 ms) : 0, 799691
AgentMeter [baseline] (11.348 ms) : 0, 11348
AgentMeter [candidate] (11.347 ms) : 0, 11347
GlobalTracer [baseline] (247.414 ms) : 0, 247414
GlobalTracer [candidate] (248.525 ms) : 0, 248525
IAST [baseline] (25.366 ms) : 0, 25366
IAST [candidate] (25.359 ms) : 0, 25359
AppSec [baseline] (26.476 ms) : 0, 26476
AppSec [candidate] (27.472 ms) : 0, 27472
Debugger [baseline] (68.553 ms) : 0, 68553
Debugger [candidate] (68.517 ms) : 0, 68517
Remote Config [baseline] (524.866 µs) : 0, 525
Remote Config [candidate] (518.295 µs) : 0, 518
Telemetry [baseline] (10.237 ms) : 0, 10237
Telemetry [candidate] (9.662 ms) : 0, 9662
Flare Poller [baseline] (3.621 ms) : 0, 3621
Flare Poller [candidate] (3.452 ms) : 0, 3452

Loading

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	dependabot/github_actions/gh-actions-packages-08da7132b3
git_commit_date	1773770946	1773771683
git_commit_sha	79fbbef	d5d662e
release_version	1.61.0-SNAPSHOT~79fbbef465	1.61.0-SNAPSHOT~d5d662e907

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1773773902	1773773902
ci_job_id	1514637680	1514637680
ci_pipeline_id	103081724	103081724
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-3-xqqlli8w 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-3-xqqlli8w 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 20 metrics, 15 unstable metrics.

scenario	Δ mean agg_http_req_duration_p50	Δ mean agg_http_req_duration_p95	Δ mean throughput	candidate mean agg_http_req_duration_p50	candidate mean agg_http_req_duration_p95	candidate mean throughput	baseline mean agg_http_req_duration_p50	baseline mean agg_http_req_duration_p95	baseline mean throughput
scenario:load:insecure-bank:iast_FULL:high_load	better [-378.554µs; -140.141µs] or [-7.098%; -2.628%]	unsure [-939.022µs; -194.935µs] or [-7.354%; -1.527%]	unstable [-33.268op/s; +111.268op/s] or [-4.341%; +14.518%]	5.074ms	12.202ms	805.406op/s	5.333ms	12.769ms	766.406op/s

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.61.0-SNAPSHOT~d5d662e907, baseline=1.61.0-SNAPSHOT~79fbbef465
    dateFormat X
    axisFormat %s
section baseline
no_agent (17.376 ms) : 17203, 17548
.   : milestone, 17376,
appsec (18.512 ms) : 18322, 18703
.   : milestone, 18512,
code_origins (17.691 ms) : 17519, 17863
.   : milestone, 17691,
iast (17.877 ms) : 17701, 18053
.   : milestone, 17877,
profiling (18.658 ms) : 18474, 18843
.   : milestone, 18658,
tracing (18.078 ms) : 17896, 18259
.   : milestone, 18078,
section candidate
no_agent (17.222 ms) : 17051, 17393
.   : milestone, 17222,
appsec (18.647 ms) : 18457, 18836
.   : milestone, 18647,
code_origins (18.061 ms) : 17881, 18240
.   : milestone, 18061,
iast (17.944 ms) : 17766, 18121
.   : milestone, 17944,
profiling (18.5 ms) : 18315, 18684
.   : milestone, 18500,
tracing (17.857 ms) : 17681, 18033
.   : milestone, 17857,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	17.376 ms [17.203 ms, 17.548 ms]	-
appsec	18.512 ms [18.322 ms, 18.703 ms]	1.137 ms (6.5%)
code_origins	17.691 ms [17.519 ms, 17.863 ms]	315.624 µs (1.8%)
iast	17.877 ms [17.701 ms, 18.053 ms]	501.459 µs (2.9%)
profiling	18.658 ms [18.474 ms, 18.843 ms]	1.283 ms (7.4%)
tracing	18.078 ms [17.896 ms, 18.259 ms]	702.291 µs (4.0%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	17.222 ms [17.051 ms, 17.393 ms]	-
appsec	18.647 ms [18.457 ms, 18.836 ms]	1.424 ms (8.3%)
code_origins	18.061 ms [17.881 ms, 18.24 ms]	838.515 µs (4.9%)
iast	17.944 ms [17.766 ms, 18.121 ms]	721.435 µs (4.2%)
profiling	18.5 ms [18.315 ms, 18.684 ms]	1.277 ms (7.4%)
tracing	17.857 ms [17.681 ms, 18.033 ms]	634.572 µs (3.7%)

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.61.0-SNAPSHOT~d5d662e907, baseline=1.61.0-SNAPSHOT~79fbbef465
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.195 ms) : 1184, 1207
.   : milestone, 1195,
iast (3.14 ms) : 3103, 3178
.   : milestone, 3140,
iast_FULL (6.037 ms) : 5975, 6100
.   : milestone, 6037,
iast_GLOBAL (3.644 ms) : 3578, 3710
.   : milestone, 3644,
profiling (2.139 ms) : 2120, 2158
.   : milestone, 2139,
tracing (1.794 ms) : 1779, 1809
.   : milestone, 1794,
section candidate
no_agent (1.193 ms) : 1181, 1205
.   : milestone, 1193,
iast (3.209 ms) : 3165, 3252
.   : milestone, 3209,
iast_FULL (5.739 ms) : 5682, 5796
.   : milestone, 5739,
iast_GLOBAL (3.557 ms) : 3506, 3609
.   : milestone, 3557,
profiling (2.206 ms) : 2184, 2228
.   : milestone, 2206,
tracing (1.863 ms) : 1845, 1881
.   : milestone, 1863,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.195 ms [1.184 ms, 1.207 ms]	-
iast	3.14 ms [3.103 ms, 3.178 ms]	1.945 ms (162.7%)
iast_FULL	6.037 ms [5.975 ms, 6.1 ms]	4.842 ms (405.1%)
iast_GLOBAL	3.644 ms [3.578 ms, 3.71 ms]	2.449 ms (204.8%)
profiling	2.139 ms [2.12 ms, 2.158 ms]	943.933 µs (79.0%)
tracing	1.794 ms [1.779 ms, 1.809 ms]	598.746 µs (50.1%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.193 ms [1.181 ms, 1.205 ms]	-
iast	3.209 ms [3.165 ms, 3.252 ms]	2.015 ms (168.9%)
iast_FULL	5.739 ms [5.682 ms, 5.796 ms]	4.546 ms (381.0%)
iast_GLOBAL	3.557 ms [3.506 ms, 3.609 ms]	2.364 ms (198.1%)
profiling	2.206 ms [2.184 ms, 2.228 ms]	1.013 ms (84.9%)
tracing	1.863 ms [1.845 ms, 1.881 ms]	669.547 µs (56.1%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	dependabot/github_actions/gh-actions-packages-08da7132b3
git_commit_date	1773770946	1773771683
git_commit_sha	79fbbef	d5d662e
release_version	1.61.0-SNAPSHOT~79fbbef465	1.61.0-SNAPSHOT~d5d662e907

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1773773619	1773773619
ci_job_id	1514637682	1514637682
ci_pipeline_id	103081724	103081724
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-4-or681m2b 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-4-or681m2b 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.61.0-SNAPSHOT~d5d662e907, baseline=1.61.0-SNAPSHOT~79fbbef465
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.486 s) : 15486000, 15486000
.   : milestone, 15486000,
appsec (15.006 s) : 15006000, 15006000
.   : milestone, 15006000,
iast (18.295 s) : 18295000, 18295000
.   : milestone, 18295000,
iast_GLOBAL (17.643 s) : 17643000, 17643000
.   : milestone, 17643000,
profiling (14.791 s) : 14791000, 14791000
.   : milestone, 14791000,
tracing (15.025 s) : 15025000, 15025000
.   : milestone, 15025000,
section candidate
no_agent (15.362 s) : 15362000, 15362000
.   : milestone, 15362000,
appsec (14.457 s) : 14457000, 14457000
.   : milestone, 14457000,
iast (18.226 s) : 18226000, 18226000
.   : milestone, 18226000,
iast_GLOBAL (18.422 s) : 18422000, 18422000
.   : milestone, 18422000,
profiling (15.32 s) : 15320000, 15320000
.   : milestone, 15320000,
tracing (14.961 s) : 14961000, 14961000
.   : milestone, 14961000,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.486 s [15.486 s, 15.486 s]	-
appsec	15.006 s [15.006 s, 15.006 s]	-480.0 ms (-3.1%)
iast	18.295 s [18.295 s, 18.295 s]	2.809 s (18.1%)
iast_GLOBAL	17.643 s [17.643 s, 17.643 s]	2.157 s (13.9%)
profiling	14.791 s [14.791 s, 14.791 s]	-695.0 ms (-4.5%)
tracing	15.025 s [15.025 s, 15.025 s]	-461.0 ms (-3.0%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.362 s [15.362 s, 15.362 s]	-
appsec	14.457 s [14.457 s, 14.457 s]	-905.0 ms (-5.9%)
iast	18.226 s [18.226 s, 18.226 s]	2.864 s (18.6%)
iast_GLOBAL	18.422 s [18.422 s, 18.422 s]	3.06 s (19.9%)
profiling	15.32 s [15.32 s, 15.32 s]	-42.0 ms (-0.3%)
tracing	14.961 s [14.961 s, 14.961 s]	-401.0 ms (-2.6%)

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.61.0-SNAPSHOT~d5d662e907, baseline=1.61.0-SNAPSHOT~79fbbef465
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.474 ms) : 1462, 1485
.   : milestone, 1474,
appsec (3.785 ms) : 3565, 4005
.   : milestone, 3785,
iast (2.243 ms) : 2174, 2311
.   : milestone, 2243,
iast_GLOBAL (2.288 ms) : 2219, 2357
.   : milestone, 2288,
profiling (2.074 ms) : 2019, 2128
.   : milestone, 2074,
tracing (2.065 ms) : 2012, 2119
.   : milestone, 2065,
section candidate
no_agent (1.473 ms) : 1462, 1485
.   : milestone, 1473,
appsec (3.757 ms) : 3538, 3977
.   : milestone, 3757,
iast (2.246 ms) : 2177, 2315
.   : milestone, 2246,
iast_GLOBAL (2.288 ms) : 2219, 2357
.   : milestone, 2288,
profiling (2.106 ms) : 2049, 2163
.   : milestone, 2106,
tracing (2.044 ms) : 1991, 2097
.   : milestone, 2044,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.474 ms [1.462 ms, 1.485 ms]	-
appsec	3.785 ms [3.565 ms, 4.005 ms]	2.311 ms (156.8%)
iast	2.243 ms [2.174 ms, 2.311 ms]	769.107 µs (52.2%)
iast_GLOBAL	2.288 ms [2.219 ms, 2.357 ms]	814.123 µs (55.2%)
profiling	2.074 ms [2.019 ms, 2.128 ms]	599.77 µs (40.7%)
tracing	2.065 ms [2.012 ms, 2.119 ms]	591.615 µs (40.1%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.473 ms [1.462 ms, 1.485 ms]	-
appsec	3.757 ms [3.538 ms, 3.977 ms]	2.284 ms (155.0%)
iast	2.246 ms [2.177 ms, 2.315 ms]	772.792 µs (52.5%)
iast_GLOBAL	2.288 ms [2.219 ms, 2.357 ms]	814.523 µs (55.3%)
profiling	2.106 ms [2.049 ms, 2.163 ms]	632.531 µs (42.9%)
tracing	2.044 ms [1.991 ms, 2.097 ms]	571.026 µs (38.8%)

[PerfectSlayer]

Need to be rebased once #10875 is merged