Skip to content

Fix checkout of untrusted code in benchmark.yml#3438

Merged
jackiekazil merged 1 commit intomainfrom
fix/ghsa-3j55-5q6x-2h48
Mar 5, 2026
Merged

Fix checkout of untrusted code in benchmark.yml#3438
jackiekazil merged 1 commit intomainfrom
fix/ghsa-3j55-5q6x-2h48

Conversation

@jackiekazil
Copy link
Copy Markdown
Member

@jackiekazil jackiekazil commented Mar 5, 2026
edited
Loading

This was managed here for security purposes: GHSA-3j55-5q6x-2h48

Already approved.

@jackiekazil jackiekazil merged commit c35b8cd into main Mar 5, 2026
16 checks passed
@jackiekazil jackiekazil changed the title split workflow Fix checkout of untrusted code in benchmark.yml Mar 5, 2026
@jackiekazil jackiekazil added the bug Release notes label label Mar 5, 2026
@jackiekazil jackiekazil self-assigned this Mar 5, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 5, 2026

Performance benchmarks:

Model Size Init time [95% CI] Run time [95% CI]
BoltzmannWealth small 🔵 -0.8% [-1.0%, -0.7%] 🔵 -0.2% [-0.3%, -0.1%]
BoltzmannWealth large 🔵 -0.2% [-0.4%, -0.0%] 🔵 -0.1% [-0.4%, +0.3%]
Schelling small 🔵 +0.2% [+0.0%, +0.3%] 🔵 +0.3% [+0.2%, +0.5%]
Schelling large 🔵 +0.5% [+0.1%, +1.0%] 🔵 +0.2% [-0.3%, +0.7%]
WolfSheep small 🔵 +3.8% [+2.9%, +4.7%] 🔵 +2.7% [+1.9%, +3.4%]
WolfSheep large 🔵 -0.5% [-1.5%, +0.4%] 🔵 +0.9% [-0.1%, +2.0%]
SugarscapeG1mt small 🔵 +1.7% [+1.4%, +2.1%] 🔵 +0.4% [+0.0%, +0.8%]
SugarscapeG1mt large 🔵 +1.8% [+1.3%, +2.4%] 🔵 +0.1% [-0.1%, +0.3%]
BoidFlockers small 🔵 +1.1% [+0.9%, +1.3%] 🔵 +0.4% [+0.3%, +0.5%]
BoidFlockers large 🔵 +1.6% [+1.2%, +1.9%] 🔵 +0.4% [+0.1%, +0.6%]

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 5, 2026

Performance benchmarks:

Model Size Init time [95% CI] Run time [95% CI]
BoltzmannWealth small 🔵 +0.1% [-0.2%, +0.4%] 🔵 +0.1% [-0.1%, +0.2%]
BoltzmannWealth large 🔵 +0.2% [-0.3%, +0.6%] 🔵 -0.6% [-1.7%, +0.1%]
Schelling small 🔵 +0.7% [+0.4%, +1.1%] 🔵 +0.3% [+0.1%, +0.5%]
Schelling large 🔵 +0.4% [+0.0%, +0.8%] 🔵 +0.2% [-0.1%, +0.5%]
WolfSheep small 🔵 +0.8% [+0.5%, +1.0%] 🔵 +1.1% [+1.0%, +1.2%]
WolfSheep large 🔵 -0.6% [-1.4%, +0.4%] 🔵 +1.9% [+0.8%, +3.3%]
SugarscapeG1mt small 🔵 +1.9% [+1.5%, +2.3%] 🔵 +0.3% [+0.2%, +0.5%]
SugarscapeG1mt large 🔵 +1.1% [+0.2%, +1.9%] 🔵 -0.1% [-0.3%, +0.1%]
BoidFlockers small 🔵 +1.3% [+0.9%, +1.7%] 🔵 +0.8% [+0.5%, +1.0%]
BoidFlockers large 🔵 +1.7% [+1.4%, +1.9%] 🔵 +1.2% [+1.1%, +1.3%]

@EwoutH
Copy link
Copy Markdown
Member

EwoutH commented Mar 5, 2026

@m-y-mo did you fully validate this solution kept existing functionality intact? Apparently our benchmarks broke, could you look into it?

@abhinavk0220
Copy link
Copy Markdown

abhinavk0220 commented Mar 5, 2026

Thanks for the quick fix! The two-workflow split approach looks correct.

@EwoutH
Copy link
Copy Markdown
Member

EwoutH commented Mar 5, 2026

It might look correct, but it doesn’t work.

This was referenced Mar 6, 2026
Merged
Open
@m-y-mo m-y-mo mentioned this pull request Mar 6, 2026
Closed
1 task
@m-y-mo
Copy link
Copy Markdown
Contributor

m-y-mo commented Mar 6, 2026

@EwoutH Please check and see if this works: #3464

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@jackiekazil jackiekazil

Labels

bug Release notes label

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jackiekazil @EwoutH @abhinavk0220 @m-y-mo