build(deps): bump github/codeql-action/analyze from 4.36.2 to 4.36.3#635
build(deps): bump github/codeql-action/analyze from 4.36.2 to 4.36.3#635dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [github/codeql-action/analyze](https://github.com/github/codeql-action) from 4.36.2 to 4.36.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@8aad20d...54f647b) --- updated-dependencies: - dependency-name: github/codeql-action/analyze dependency-version: 4.36.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: abfa4c12e8
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| - run: ./gradlew -x test assembleReleaseJar | ||
| - name: Perform CodeQL Analysis | ||
| uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 | ||
| uses: github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 |
There was a problem hiding this comment.
Keep CodeQL init and analyze on the same version
In the codeql job, init is still pinned to v4.36.2 while this analyze step now runs v4.36.3. CodeQL persists the action version during init and analyze rejects a loaded config whose version differs from its own, so every matrix run reaches this step and fails with a version-mismatch configuration error before uploading SARIF. Bump the init action to the same v4.36.3 SHA as well.
Useful? React with 👍 / 👎.
CI Test ResultsRun: #28761066184 | Commit:
Status Overview
Legend: ✅ passed | ❌ failed | ⚪ skipped | 🚫 cancelled Failed Testsglibc-aarch64/debug / 17-j9Job: View logs No detailed failure information available. Check the job logs. Summary: Total: 32 | Passed: 31 | Failed: 1 Updated: 2026-07-06 01:13:23 UTC |
Benchmark Results (commit abfa4c1)Pipeline: https://gitlab.ddbuild.io/DataDog/apm-reliability/benchmarking-platform/-/pipelines/122815941 Commit:
|
| Benchmark | JDK | Latest | Dev | Δ (dev vs latest) | Issues L/D |
|---|---|---|---|---|---|
| akka-uct | 21 | ✅ 10403 ms (7 iters) | ✅ 10322 ms (7 iters) | ≈ -0.8% (±18.9%) | — / — |
| akka-uct | 25 | ✅ 8875 ms (8 iters) | ✅ 8893 ms (8 iters) | ≈ +0.2% (±21.5%) | — / — |
| finagle-chirper | 21 | ✅ 5996 ms (11 iters) | ✅ 5954 ms (11 iters) | ≈ -0.7% (±46.4%) | |
| finagle-chirper | 25 | ✅ 5458 ms (12 iters) | ✅ 5498 ms (12 iters) | ≈ +0.7% (±44.8%) | |
| fj-kmeans | 21 | ✅ 2826 ms (22 iters) | ✅ 2797 ms (22 iters) | ≈ -1% (±4.4%) | — / — |
| fj-kmeans | 25 | ✅ 2832 ms (22 iters) | ✅ 2834 ms (22 iters) | ≈ +0.1% (±4.6%) | — / — |
| future-genetic | 21 | ✅ 2144 ms (29 iters) | ✅ 2125 ms (29 iters) | ≈ -0.9% (±4.3%) | — / — |
| future-genetic | 25 | ✅ 1943 ms (32 iters) | ✅ 2159 ms (29 iters) | 🔴 +11.1% | — / — |
| naive-bayes | 21 | ✅ 1254 ms (45 iters) | ✅ 1232 ms (46 iters) | ≈ -1.8% (±56.4%) | — / — |
| naive-bayes | 25 | ✅ 1024 ms (56 iters) | ✅ 1020 ms (56 iters) | ≈ -0.4% (±55.8%) | — / — |
| reactors | 21 | ✅ 17999 ms (5 iters) | ✅ 16732 ms (5 iters) | ≈ -7% (±15.1%) | — / — |
| reactors | 25 | ✅ 17388 ms (5 iters) | ✅ 18518 ms (5 iters) | 🔴 +6.5% | — / — |
Internal counter details (ddprof)
ddprof internal counters, latest / dev (✅ = 0, · = unavailable):
| Benchmark | JDK | Dropped rec | Dropped jvmti | Dropped trace | Skipped WC | AGCT fail | Unwind fail |
|---|---|---|---|---|---|---|---|
| akka-uct | 21 | ✅ / ✅ | ✅ / ✅ | ✅ / ✅ | ✅ / ✅ | ✅ / ✅ | ✅ / ✅ |
| akka-uct | 25 | ✅ / ✅ | ✅ / ✅ | 3 / 3 | 2340 / 2319 | ✅ / ✅ | ✅ / ✅ |
| finagle-chirper | 21 | ✅ / ✅ | ✅ / ✅ | ✅ / ✅ | ✅ / ✅ | ✅ / ✅ | ✅ / ✅ |
| finagle-chirper | 25 | ✅ / ✅ | ✅ / ✅ | 1 / 5 | 8397 / 8437 | ✅ / ✅ | ✅ / ✅ |
| fj-kmeans | 21 | ✅ / ✅ | ✅ / ✅ | ✅ / ✅ | ✅ / ✅ | ✅ / ✅ | ✅ / ✅ |
| fj-kmeans | 25 | ✅ / ✅ | ✅ / ✅ | 13 / 3 | 1282 / 1293 | ✅ / ✅ | ✅ / ✅ |
| future-genetic | 21 | ✅ / ✅ | ✅ / ✅ | ✅ / ✅ | ✅ / ✅ | ✅ / ✅ | ✅ / ✅ |
| future-genetic | 25 | ✅ / ✅ | ✅ / ✅ | 5 / 1 | 2894 / 2951 | ✅ / ✅ | ✅ / ✅ |
| naive-bayes | 21 | ✅ / ✅ | ✅ / ✅ | ✅ / ✅ | ✅ / ✅ | ✅ / ✅ | ✅ / ✅ |
| naive-bayes | 25 | ✅ / ✅ | ✅ / ✅ | 5 / 7 | 3520 / 3494 | ✅ / ✅ | ✅ / ✅ |
| reactors | 21 | ✅ / ✅ | ✅ / ✅ | ✅ / 2 | ✅ / 1715 | ✅ / ✅ | ✅ / ✅ |
| reactors | 25 | ✅ / ✅ | ✅ / ✅ | 1 / ✅ | 1752 / 1889 | ✅ / ✅ | ✅ / ✅ |
Bumps github/codeql-action/analyze from 4.36.2 to 4.36.3.
Release notes
Sourced from github/codeql-action/analyze's releases.
Changelog
Sourced from github/codeql-action/analyze's changelog.
... (truncated)
Commits
54f647bMerge pull request #3984 from github/update-v4.36.3-1f34ec164e78819eTrigger checks2c9d3d6Update changelog for v4.36.31f34ec1Merge pull request #3983 from github/mbg/repo-props/ff-for-config-file-propd5f0145Log when repository property has a value but is ignoredf27f563Add test for when the FF is off0025d0fUse FFf7fa18fAdd FF for config file repo property628fc3fMerge pull request #3979 from github/henrymercer/overlay-db-cleanup-size-tele...9cfb67bAdd clarifying commentsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)