From ab7a4fa83d531436333e5291544ac1c7fb1af10e Mon Sep 17 00:00:00 2001 From: github-action-benchmark Date: Tue, 27 Jan 2026 17:30:11 +0000 Subject: [PATCH] add Benchmark (go) benchmark result for 0d58c4961980536c6e33638919ebac52d58bc757 --- dev/bench/data.js | 98 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 97 insertions(+), 1 deletion(-) diff --git a/dev/bench/data.js b/dev/bench/data.js index 45b2986068600136c29c1498111266fb658e34be..b27044d7d4ebb4a16a6f07b22a66435dbe25ab45 100644 --- a/dev/bench/data.js +++ b/dev/bench/data.js @@ -1,5 +1,5 @@ window.BENCHMARK_DATA = { - "lastUpdate": 1769533513719, + "lastUpdate": 1769535011655, "repoUrl": "https://github.com/git-bug/git-bug", "entries": { "Benchmark": [ @@ -16614,6 +16614,102 @@ window.BENCHMARK_DATA = { "extra": "2 times\n4 procs" } ] + }, + { + "commit": { + "author": { + "email": "49699333+dependabot[bot]@users.noreply.github.com", + "name": "dependabot[bot]", + "username": "dependabot[bot]" + }, + "committer": { + "email": "noreply@github.com", + "name": "GitHub", + "username": "web-flow" + }, + "distinct": true, + "id": "0d58c4961980536c6e33638919ebac52d58bc757", + "message": "build(deps): bump the npm_and_yarn group across 1 directory with 5 updates (#1510)\n\nBumps the npm_and_yarn group with 5 updates in the /webui directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` |\n|\n[mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast)\n| `13.2.0` | `13.2.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` |\n`1.3.3` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.14.1` |\n|\n[react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router)\n| `7.6.0` | `7.13.0` |\n\n\nUpdates `lodash` from 4.17.21 to 4.17.23\n
\nCommits\n\n
\n
\n\nUpdates `mdast-util-to-hast` from 13.2.0 to 13.2.1\n
\nRelease notes\n

Sourced from mdast-util-to-hast's\nreleases.

\n
\n

13.2.1

\n

Fix

\n
    \n
  • ab3a795 Fix support for spaces in class names
    • \n
\n

Types

\n
    \n
  • efb5312 Refactor to use @imports
    • \n
  • a5bc210 Add declaration maps
    • \n
\n

Full Changelog: https://github.com/syntax-tree/mdast-util-to-hast/compare/13.2.0...13.2.1

\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `node-forge` from 1.3.1 to 1.3.3\n
\nChangelog\n

Sourced from node-forge's\nchangelog.

\n
\n

1.3.3 - 2025-12-02

\n

Fixed

\n
    \n
  • [pkcs12] Make digestAlgorithm parameters optional to fix PKCS#12/PFX\nissues\nintroduced in 1.3.2.
    • \n
\n

1.3.2 - 2025-11-25

\n

Security

\n
    \n
  • HIGH: ASN.1 Validator Desynchronization\n
      \n
    • An Interpretation Conflict (CWE-436) vulnerability in node-forge\nversions\n1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1\nstructures to desynchronize schema validations, yielding a semantic\ndivergence that may bypass downstream cryptographic verifications and\nsecurity decisions.
      • \n
    • Reported by Hunter Wodzenski.
      • \n
    • CVE ID: CVE-2025-12816
      • \n
    • GHSA ID: GHSA-5gfm-wpxj-wjgq
      • \n
    \n
    • \n
  • HIGH: ASN.1 Unbounded Recursion\n
      \n
    • An Uncontrolled Recursion (CWE-674) vulnerability in node-forge\nversions\n1.3.1 and below enables remote, unauthenticated attackers to craft deep\nASN.1 structures that trigger unbounded recursive parsing. This leads to\na\nDenial-of-Service (DoS) via stack exhaustion when parsing untrusted DER\ninputs.
      • \n
    • Reported by Hunter Wodzenski.
      • \n
    • CVE ID: CVE-2025-66031
      • \n
    • GHSA ID: GHSA-554w-wpv2-vw27
      • \n
    \n
    • \n
  • MODERATE: ASN.1 OID Integer Truncation\n
      \n
    • An Integer Overflow (CWE-190) vulnerability in node-forge versions\n1.3.1\nand below enables remote, unauthenticated attackers to craft ASN.1\nstructures containing OIDs with oversized arcs. These arcs may be\ndecoded\nas smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the\nbypass of downstream OID-based security decisions.
      • \n
    • Reported by Hunter Wodzenski.
      • \n
    • CVE ID: CVE-2025-66030
      • \n
    • GHSA ID: GHSA-65ch-62r8-g69g
      • \n
    \n
    • \n
\n

Fixed

\n
    \n
  • [asn1] Fix for vulnerability identified by CVE-2025-12816 PKCS#12\nMAC\nverification bypass due to missing macData enforcement and improper\nasn1.validate routine.
    • \n
  • [asn1] Add fromDer() max recursion depth check.\n
      \n
    • Add a asn1.maxDepth global configurable maximum depth\nof 256.
      • \n
    • Add a asn1.fromDer() per-call maxDepth\noption.
      • \n
    • NOTE: The default maximum is assumed to be higher\nthan needed for valid\ndata. If this assumption is false then this could be a breaking change.\nPlease file an issue if there are use cases that need a higher\nmaximum.
      • \n
    • NOTE: The per-call maxDepth parameter\nhas not been exposed up through\nall of the API stack due to the complexities involved. Please file an\nissue\nif there are use cases that require this instead of changing the\ndefault
      • \n
    \n
    • \n
\n\n
\n

... (truncated)

\n
\n
\nCommits\n\n
\n
\n\nUpdates `qs` from 6.13.0 to 6.14.1\n
\nChangelog\n

Sourced from qs's\nchangelog.

\n
\n

6.14.1

\n
    \n
  • [Fix] ensure arrayLength applies to [] notation as\nwell
    • \n
  • [Fix] parse: when a custom decoder returns\nnull for a key, ignore that key
    • \n
  • [Refactor] parse: extract key segment splitting\nhelper
    • \n
  • [meta] add threat model
    • \n
  • [actions] add workflow permissions
    • \n
  • [Tests] stringify: increase coverage
    • \n
  • [Dev Deps] update eslint,\n@ljharb/eslint-config, npmignore,\nes-value-fixtures, for-each,\nobject-inspect
    • \n
\n

6.14.0

\n
    \n
  • [New] parse: add\nthrowOnParameterLimitExceeded option (#517)
    • \n
  • [Refactor] parse: use utils.combine\nmore
    • \n
  • [patch] parse: add explicit\nthrowOnLimitExceeded default
    • \n
  • [actions] use shared action; re-add finishers
    • \n
  • [meta] Fix changelog formatting bug
    • \n
  • [Deps] update side-channel
    • \n
  • [Dev Deps] update es-value-fixtures,\nhas-bigints, has-proto,\nhas-symbols
    • \n
  • [Tests] increase coverage
    • \n
\n

6.13.1

\n
    \n
  • [Fix] stringify: avoid a crash when a\nfilter key is null
    • \n
  • [Fix] utils.merge: functions should not be stringified\ninto keys
    • \n
  • [Fix] parse: avoid a crash with\ninterpretNumericEntities: true, comma: true, and iso charset
    • \n
  • [Fix] stringify: ensure a non-string\nfilter does not crash
    • \n
  • [Refactor] use __proto__ syntax instead of\nObject.create for null objects
    • \n
  • [Refactor] misc cleanup
    • \n
  • [Tests] utils.merge: add some coverage
    • \n
  • [Tests] fix a test case
    • \n
  • [actions] split out node 10-20, and 20+
    • \n
  • [Dev Deps] update es-value-fixtures,\nmock-property, object-inspect,\ntape
    • \n
\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `react-router` from 7.6.0 to 7.13.0\n
\nRelease notes\n

Sourced from react-router's\nreleases.

\n
\n

v7.13.0

\n

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7130

\n

v7.12.0

\n

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7120

\n

v7.11.0

\n

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110

\n

v7.10.1

\n

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101

\n

v7.10.0

\n

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100

\n

v7.9.6

\n

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v796

\n

v7.9.5

\n

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v795

\n

v7.9.4

\n

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v794

\n

v7.9.3

\n

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v793

\n

v7.9.2

\n

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v792

\n

v7.9.1

\n

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791

\n

v7.9.0

\n

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790

\n

v7.8.2

\n

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v782

\n

v7.8.1

\n

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v781

\n

v7.8.0

\n

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v780

\n

v7.7.1

\n

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v771

\n

v7.7.0

\n

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v770

\n\n
\n

... (truncated)

\n
\n
\nChangelog\n

Sourced from react-router's\nchangelog.

\n
\n

7.13.0

\n

Minor Changes

\n
    \n
  • Add crossOrigin prop to Links component\n(#14687)
    • \n
\n

Patch Changes

\n
    \n
  • Fix double slash normalization for useNavigate colon urls (#14718)
    • \n
  • Update failed origin checks to return a 400 status instead of a 500\n(#14737)
    • \n
  • Bugfix #14666:\nInline criticalCss is missing nonce (#14691)
    • \n
  • Loosen allowedActionOrigins glob check so\n** matches all domains (#14722)
    • \n
\n

7.12.0

\n

Minor Changes

\n
    \n
  • Add additional layer of CSRF protection by rejecting submissions to\nUI routes from external origins. If you need to permit access to\nspecific external origins, you can specify them in the\nreact-router.config.ts config\nallowedActionOrigins field. (#14708)
    • \n
\n

Patch Changes

\n
    \n
  • \n

    Fix generatePath when used with suffixed params (i.e.,\n"/books/:id.json") (#14269)

    \n
    • \n
  • \n

    Export UNSAFE_createMemoryHistory and\nUNSAFE_createHashHistory alongside\nUNSAFE_createBrowserHistory for consistency. These are not\nintended to be used for new apps but intended to help apps usiong\nunstable_HistoryRouter migrate from v6->v7 so they can\nadopt the newer APIs. (#14663)

    \n
    • \n
  • \n

    Escape HTML in scroll restoration keys (#14705)

    \n
    • \n
  • \n

    Validate redirect locations (#14706)

    \n
    • \n
  • \n

    [UNSTABLE] Pass <Scripts nonce> value through to\nthe underlying importmap script tag when using\nfuture.unstable_subResourceIntegrity (#14675)

    \n
    • \n
  • \n

    [UNSTABLE] Add a new\nfuture.unstable_trailingSlashAwareDataRequests flag to\nprovide consistent behavior of request.pathname inside\nmiddleware, loader, and action\nfunctions on document and data requests when a trailing slash is present\nin the browser URL. (#14644)

    \n

    Currently, your HTTP and request pathnames would be as\nfollows for /a/b/c and /a/b/c/

    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
    URL /a/b/cHTTP pathnamerequest pathname`
    Document/a/b/c/a/b/c
    Data/a/b/c.data/a/b/c
    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
    URL /a/b/c/HTTP pathnamerequest pathname`
    Document/a/b/c//a/b/c/
    Data/a/b/c.data/a/b/c ⚠️
    \n

    With this flag enabled, these pathnames will be made consistent\nthough a new _.data format for client-side\n.data requests:

    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
    URL /a/b/cHTTP pathnamerequest pathname`
    Document/a/b/c/a/b/c
    \n
    • \n
\n\n
\n

... (truncated)

\n
\n
\nCommits\n\n
\n
\nMaintainer changes\n

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub\nActions), a new releaser for react-router since your current\nversion.

\n
\n
\n\n\nDependabot will resolve any conflicts with this PR as long as you don't\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n
\nDependabot commands and options\n
\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after\nyour CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge\nand block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating\nit. You can achieve the same result by closing it manually\n- `@dependabot show ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore major version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency's major version (unless you unignore this specific\ndependency's major version or upgrade to it yourself)\n- `@dependabot ignore minor version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency's minor version (unless you unignore this specific\ndependency's minor version or upgrade to it yourself)\n- `@dependabot ignore ` will close this group update PR\nand stop Dependabot creating any more for the specific dependency\n(unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore ` will remove all of the ignore\nconditions of the specified dependency\n- `@dependabot unignore ` will\nremove the ignore condition of the specified dependency and ignore\nconditions\nYou can disable automated security fix PRs for this repo from the\n[Security Alerts\npage](https://github.com/git-bug/git-bug/network/alerts).\n\n
\n\nSigned-off-by: dependabot[bot] \nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>", + "timestamp": "2026-01-27T17:21:02Z", + "tree_id": "c167b6374917771a840808b3b547027b73809ef9", + "url": "https://github.com/git-bug/git-bug/commit/0d58c4961980536c6e33638919ebac52d58bc757" + }, + "date": 1769535010388, + "tool": "go", + "benches": [ + { + "name": "BenchmarkReadBugs5", + "value": 15861282, + "unit": "ns/op\t 1064184 B/op\t 16256 allocs/op", + "extra": "102 times\n4 procs" + }, + { + "name": "BenchmarkReadBugs5 - ns/op", + "value": 15861282, + "unit": "ns/op", + "extra": "102 times\n4 procs" + }, + { + "name": "BenchmarkReadBugs5 - B/op", + "value": 1064184, + "unit": "B/op", + "extra": "102 times\n4 procs" + }, + { + "name": "BenchmarkReadBugs5 - allocs/op", + "value": 16256, + "unit": "allocs/op", + "extra": "102 times\n4 procs" + }, + { + "name": "BenchmarkReadBugs25", + "value": 73467632, + "unit": "ns/op\t 5064677 B/op\t 75781 allocs/op", + "extra": "14 times\n4 procs" + }, + { + "name": "BenchmarkReadBugs25 - ns/op", + "value": 73467632, + "unit": "ns/op", + "extra": "14 times\n4 procs" + }, + { + "name": "BenchmarkReadBugs25 - B/op", + "value": 5064677, + "unit": "B/op", + "extra": "14 times\n4 procs" + }, + { + "name": "BenchmarkReadBugs25 - allocs/op", + "value": 75781, + "unit": "allocs/op", + "extra": "14 times\n4 procs" + }, + { + "name": "BenchmarkReadBugs150", + "value": 436121939, + "unit": "ns/op\t35551434 B/op\t 465709 allocs/op", + "extra": "3 times\n4 procs" + }, + { + "name": "BenchmarkReadBugs150 - ns/op", + "value": 436121939, + "unit": "ns/op", + "extra": "3 times\n4 procs" + }, + { + "name": "BenchmarkReadBugs150 - B/op", + "value": 35551434, + "unit": "B/op", + "extra": "3 times\n4 procs" + }, + { + "name": "BenchmarkReadBugs150 - allocs/op", + "value": 465709, + "unit": "allocs/op", + "extra": "3 times\n4 procs" + } + ] } ] }