search

hashintel / hash

🚀 The open-source, multi-tenant, self-building knowledge graph
https://hash.dev
Other
1.08k stars 83 forks source link

Update GitHub Action `returntocorp/semgrep` to v1.96.0 #5658

Closed hash-worker[bot] closed 19 hours ago

hash-worker[bot] commented 22 hours ago

This PR contains the following updates:

Package Type Update Change
returntocorp/semgrep container minor 1.86.0 -> 1.96.0

Release Notes

semgrep/semgrep (returntocorp/semgrep) ### [`v1.96.0`](https://redirect.github.com/semgrep/semgrep/blob/HEAD/CHANGELOG.md#1960---2024-11-07) [Compare Source](https://redirect.github.com/semgrep/semgrep/compare/v1.95.0...v1.96.0) ##### Added - The pro engine now handles duplicate function names in C. When duplicate functions are found, we assume that any of the duplicated functions could be called. For example, if the function `foo` is defined in two different files, taint errors will be reported for both instances: // "a/test.h" void foo(int x) { //deepruleid: dup-symbols sink(x); } // "b/test.h" void foo(int x) { //deepruleid: dup-symbols sink(x); } // "main.c" #ifdef HEADER_A #include "a/test.h" #else #include "b/test.h" #endif int main() { int x = source(); foo(x); } ``` (code-7654) ##### Changed - Reduced memory allocations while processing nosemgrep comments, improving memory use and time for scans with a large number of findings. (nosem-mem) ##### Fixed - Optimized taint-mode (only in Pro) to scale better when there is a large number of matches of sources/propagators/sanitizers/sinks within a function. (flow-83) - Fixed a bug in the supply chain scanner's gradle lockfile parser. Previously, semgrep would fail to parse any gradle lockfile which did not start with a specific block comment. Now, semgrep will parse gradle lockfiles correctly by ignoring the comment (allowing any or no comment at all to exist). ([gh-10508](https://redirect.github.com/semgrep/semgrep/issues/10508)) - Exceptions thrown during the processing of a target should not fail the whole scan anymore (regression introduced in 1.94.0). The scan will have an exit code of 0 instead of 2 (unless the user passed --strict in which case it will exit with code 2). (incid-110) - Fix exponential parsing time with generic mode on input containing many unclosed braces on the same line. (saf-1667) - Fix regexp parsing error occurring during ReDoS analysis when encountering a character class starting with `[:` such as `[:a-z]`. (saf-1693) - Fix in `semgrep scan`: anchored semgrepignore patterns for folders such as `/tests` are now honored properly. Such patterns had previously no effect of target file filtering. (semgrepignore-anchored-dirs) ### [`v1.95.0`](https://redirect.github.com/semgrep/semgrep/blob/HEAD/CHANGELOG.md#1950---2024-10-31) [Compare Source](https://redirect.github.com/semgrep/semgrep/compare/v1.94.0...v1.95.0) ##### Changed - Remove deprecated `--enable-experimental-requirements` flag. Functionality has been always enabled since Semgrep 1.93.0. (ssc-1903) ##### Fixed - osemgrep: Running `osemgrep` with the Pro Engine now correctly runs rules with proprietary languages (saf-1686) - Fixed bug where semgrep would crash if --trace was passed (saf-tracing) ### [`v1.94.0`](https://redirect.github.com/semgrep/semgrep/blob/HEAD/CHANGELOG.md#1940---2024-10-30) [Compare Source](https://redirect.github.com/semgrep/semgrep/compare/v1.93.0...v1.94.0) ##### Fixed - pro: taint-mode: Semgrep should no longer confuse a `return` in a lambda with a `return` in its enclosing function. E.g. In the example below the return value of `foo` is NOT tainted: function foo() { bar(() => taint); return ok; } (code-7657) - OCaml: matching will now recognized "local open" so that a pattern like `Foo.bar ...` will now correctly match code such as `let open Foo in bar 1` or `Foo.(bar 1)` in addition to the classic `Foo.bar 1`. (local_open) - Project files lacking sufficient read permissions are now skipped gracefully by semgrep. (saf-1598) - Semgrep will now print stderr and additional debugging info when semgrep-core exits with a fatal error code but still returns a json repsonse (finishes scanning) (saf-1672) - semgrep ci should parse correctly git logs to compute the set of contributors even if some authors have special characters in their names. (saf-1681) ### [`v1.93.0`](https://redirect.github.com/semgrep/semgrep/blob/HEAD/CHANGELOG.md#1930---2024-10-23) [Compare Source](https://redirect.github.com/semgrep/semgrep/compare/v1.92.0...v1.93.0) ##### Added - Improved naming for Common JS module imports (`require`) in arbitrary expression contexts. Notably, in-line use of `require` should now be linked to the correct module. For instance, the pattern `foo.bar` should now match against `require('foo').bar` and taint is likewise similarily tracked. (code-7485) - Secrets: `semgrep ci` output now includes a list of all secrets rules which generated at least one blocking finding (similar to Code) (code-7663) - Added experimental support via `--allow-dynamic-dependency-resolution` for dynamic resolution of Maven and Gradle dependencies for projects that do not have lockfiles (in Semgrep Pro only). ([gh-2389](https://redirect.github.com/semgrep/semgrep/issues/2389)) - Expanded support for pip requirement lockfiles is now available by default. Semgrep will now find any *requirement*.txt file and lockfiles in a requirements folder (\*\*/requirements/\*.txt). The existing experimental flag `--enable-experimental-requirements` is now deprecated and will be removed in a future release. ([gh-2441](https://redirect.github.com/semgrep/semgrep/issues/2441)) ##### Changed - Removed support for Vue. The tree-sitter grammar has not been updated in 3 years, there was no community rules added and semgrep-vue is causing linking conflicts when compiling semgrep under Windows so just simpler to remove support for Vue. In theory, extract mode could be a good substitute to parse Vue files. (vue) ##### Fixed - semgrep will now print exit codes if a segfault/OOM/other terminating signal happens in semgrep-core, or any of semgrep-core's child processes (saf-1646) ### [`v1.92.0`](https://redirect.github.com/semgrep/semgrep/blob/HEAD/CHANGELOG.md#1920---2024-10-17) [Compare Source](https://redirect.github.com/semgrep/semgrep/compare/v1.91.0...v1.92.0) ##### Added - Pro: taint-mode: Semgrep has now basic support to track taint through callbacks, when they lead to a sink, e.g.: function unsafe_callback(x) { sink(x); // finding here now ! } function withCallback(val, callback) { callback(val); } withCallback(taint, unsafe_callback); (code-7476) - New subcommand `dump-cst` for tree-sitter languages available via `semgrep show`. This shows the concrete syntax tree for a given file. (code-7653) - Pro only: Updated C# parser supporting all versions of the language up to 13.0 (.NET 9) (saf-1610) - Added support for the Move-on-sui language! (sui) - Pro-only: semgrep test now supports the --pro flag to not only use pro languages but also run the tests with the --pro-intrafile engine flag. If a finding is detected only by the pro engine, please use `proruleid:` instead of `ruleid:` and if an OSS finding is actually a false positive for the pro engine, please add the `prook:` to your test annotation. (test_pro) ##### Fixed - pro: dataflow: Fixed a bug that could cause a class constructor to not be analyzed in the correct dependency order, potentially leading to FNs. (code-7649) - Display an ✘ instead of a ✔ in the scan status print out when scanning with Semgrep OSS code is not enabled. (grow-422) - semgrep will no longer randomly segfault when --trace is on with -j > 2 (saf-1590) - Previously, semgrep fails when --trace-endpoint is specified, but --trace is not. Now, we relax this requirement a bit. In this case, we disable tracing, print out a warning, and continue to scan. (sms-550) ### [`v1.91.0`](https://redirect.github.com/semgrep/semgrep/blob/HEAD/CHANGELOG.md#1910---2024-10-10) [Compare Source](https://redirect.github.com/semgrep/semgrep/compare/v1.90.0...v1.91.0) ##### Added - Type inference in the Pro engine has been improved for class fields in TypeScript that are assigned a new instance but lack an explicit type definition. When no explicit type is provided for a class field, its type is inferred from the type of the expression assigned to it. For example, in the class definition `class Foo { private readonly bar = new Bar(); }`, the type of `bar` is inferred to be `Bar`. (code-7635) - Cargo.lock parser can now associate dependencies with lockfile line numbers (sc-1140) ##### Fixed - Address python `rich.errors.LiveError` where attempting to display multiple progress bars raises an exception as flagged in [#​10562](https://redirect.github.com/semgrep/semgrep/issues/10562). (grow-414) - C: Fix a regression causing pattern `-n` to sometimes not match code `-n`. (saf-1592) - When a scan runs into an exception, the app is appropriately notified about the failure. Previously, in the app, it would seem to the user that the scan is still in progress. (sms-502) ### [`v1.90.0`](https://redirect.github.com/semgrep/semgrep/blob/HEAD/CHANGELOG.md#1900---2024-09-25) [Compare Source](https://redirect.github.com/semgrep/semgrep/compare/v1.89.0...v1.90.0) ##### Added - Expanded support for requirement lockfiles. Semgrep will now find any `*requirement*.txt` file and lockfiles in a requirements folder (`**/requirements/*.txt`). This functionality will be gated behind the `--enable-experimental-requirements` CLI flag. (sc-1752) ##### Changed - Security update for code snippet storage & access methods. ([gh-2038](https://redirect.github.com/semgrep/semgrep/issues/2038)) ##### Fixed - Errors that occur in semgrep scans with jobs > 1 will now have more detail (SAF-1628) - Dockerfile matching: `CMD $...ARGS` now behaves like `CMD ...` and matches any CMD instruction that uses the array syntax such as `CMD ["ls"]`. This fix also applies to the other command-like instructions RUN and ENTRYPOINT. ([gh-9726](https://redirect.github.com/semgrep/semgrep/issues/9726)) - Pro Engine: There is now improved type inference in Kotlin and Scala. Constructor invocations like `Foo()` will now be inferred properly to be of type `Foo`. (saf-1537) ### [`v1.89.0`](https://redirect.github.com/semgrep/semgrep/blob/HEAD/CHANGELOG.md#1890---2024-09-19) [Compare Source](https://redirect.github.com/semgrep/semgrep/compare/v1.88.0...v1.89.0) ##### Fixed - Fix crash on certain SCA parse errors caused by an access to an unbound variable. ([gh-2259](https://redirect.github.com/semgrep/semgrep/issues/2259)) ### [`v1.88.0`](https://redirect.github.com/semgrep/semgrep/blob/HEAD/CHANGELOG.md#1880---2024-09-18) [Compare Source](https://redirect.github.com/semgrep/semgrep/compare/v1.87.0...v1.88.0) ##### Added - The dataflow analysis in the Pro engine can now track method invocations on variables of an interface type, safely assuming that any implementation of the method can be called. For example, tainted input vulnerabilities in both implementation classes can now be detected in the following code: ````java public interface MovieService { String vulnerableInjection(String input); } public class SimpleImpl implements MovieService { @​Override public String vulnerableInjection(String input) { return sink(input); } } public class MoreImpl implements MovieService { @​Override public String vulnerableInjection(String input) { return sink(input); } } public class AppController { private MovieService movieService; public String pwnTest(String taintedInput) { return movieService.vulnerableInjection(taintedInput); } } ``` (code-7435) ```` - Type inference for constructor parameter properties in TypeScript is now supported in the Pro engine. For example, the taint analysis can recognize that `sampleFunction` is defined in `AbstractedService` class in the following code: export class AppController { constructor(private readonly abstractedService: AbstractedService) {} async taintTest() { const src = source(); await this.abstractedService.sampleFunction(src); } } ``` (code-7597) ##### Changed - include the exit code that semgrep will emit in the fail-open payload prior to exiting with a failure. ([gh-2033](https://redirect.github.com/semgrep/semgrep/issues/2033)) ### [`v1.87.0`](https://redirect.github.com/semgrep/semgrep/blob/HEAD/CHANGELOG.md#1870---2024-09-13) [Compare Source](https://redirect.github.com/semgrep/semgrep/compare/v1.86.0...v1.87.0) ##### Added - Semgrep now infers more accurate type information for class fields in TypeScript. This improves taint tracking for dependency injection in TypeScript, such as in the following example: export class AppController { private readonly abstractedService: AbstractedService; constructor(abstractedService: AbstractedService) { this.abstractedService = abstractedService; } async taintTest() { const src = taintedSource(); await this.abstractedService.sinkInHere(src); } } ``` (code-7591) - Semgrep's interfile analysis (available with the Pro Engine) now ships with information about Python's standard library, improving its ability to resolve names and types in Python code and therefore its ability to produce findings. (py-libdefs) - Added support for comparing Golang pre-release versions. With this, strict core versions, pseudo-versions and pre-release versions can all be compared to each other. (sc-1739) ##### Changed - If there is an OOM error during interfile dataflow analysis (`--pro`) Semgrep will now try to recover from it and continue the interfile analysis without falling back immediately to intrafile analysis. This allows using `--max-memory` with `--pro` in a more effective way. (flow-81) - Consolidates lockfile parsing logic to happen once, at the beginning of the scan. This consolidated parsing now considers both changed and unchanged lockfiles during all steps of diff scans. ([gh-2051](https://redirect.github.com/semgrep/semgrep/issues/2051)) ##### Fixed - pro: taint-mode: Restore missing taint findings after having improved index- sensitivity: def foo(t): x = third_party_func(t) return x def test1(): t = ("ok", taint) y = foo(t) sink(y) # now it's found! (code-7486) - The Semgrep proprietary engine added a new entropy analyzer `entropy_v2` that supports strictness options. ([gh-1641](https://redirect.github.com/semgrep/semgrep/issues/1641))

Configuration

📅 Schedule: Branch creation - "before 2am on saturday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Renovate Bot.

codecov[bot] commented 22 hours ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 19.83%. Comparing base (76b5ec9) to head (6d37b82). Report is 14 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #5658 +/- ## ========================================== - Coverage 19.84% 19.83% -0.01% ========================================== Files 515 515 Lines 17323 17327 +4 Branches 2547 2548 +1 ========================================== Hits 3437 3437 - Misses 13848 13852 +4 Partials 38 38 ``` | [Flag](https://app.codecov.io/gh/hashintel/hash/pull/5658/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=hashintel) | Coverage Δ | | |---|---|---| | [apps.hash-ai-worker-ts](https://app.codecov.io/gh/hashintel/hash/pull/5658/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=hashintel) | `1.38% <ø> (ø)` | | | [apps.hash-api](https://app.codecov.io/gh/hashintel/hash/pull/5658/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=hashintel) | `1.17% <ø> (-0.01%)` | :arrow_down: | | [blockprotocol.type-system](https://app.codecov.io/gh/hashintel/hash/pull/5658/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=hashintel) | `47.40% <ø> (ø)` | | | [local.hash-backend-utils](https://app.codecov.io/gh/hashintel/hash/pull/5658/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=hashintel) | `8.80% <ø> (ø)` | | | [local.hash-graph-sdk](https://app.codecov.io/gh/hashintel/hash/pull/5658/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=hashintel) | `100.00% <ø> (ø)` | | | [local.hash-isomorphic-utils](https://app.codecov.io/gh/hashintel/hash/pull/5658/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=hashintel) | `1.05% <ø> (ø)` | | | [local.hash-subgraph](https://app.codecov.io/gh/hashintel/hash/pull/5658/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=hashintel) | `24.54% <ø> (ø)` | | | [rust.deer](https://app.codecov.io/gh/hashintel/hash/pull/5658/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=hashintel) | `6.66% <ø> (ø)` | | | [rust.error-stack](https://app.codecov.io/gh/hashintel/hash/pull/5658/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=hashintel) | `72.51% <ø> (ø)` | | | [rust.sarif](https://app.codecov.io/gh/hashintel/hash/pull/5658/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=hashintel) | `87.66% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=hashintel#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

github-actions[bot] commented 21 hours ago

Benchmark results

@rust/hash-graph-benches – Integrations

 ## representative_read_entity | Function | Value | Mean | Flame graphs | |----------|-------|------|--------------| | entity_by_id | entity type ID: `https://blockprotocol.org/@alice/types/entity-type/organization/v/1` | $$16.9 \mathrm{ms} \pm 216 \mathrm{μs}\left({\color{red}10.6 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/representative_read_entity/entity_by_id/entity+type+ID_+`https___blockprotocol.org_@alice_types_entity-t/flamegraph.svg) | | entity_by_id | entity type ID: `https://blockprotocol.org/@alice/types/entity-type/song/v/1` | $$16.6 \mathrm{ms} \pm 198 \mathrm{μs}\left({\color{gray}3.42 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/representative_read_entity/entity_by_id/entity+type+ID_+`https___blockprotocol.org_@alice_types_entity-t_5/flamegraph.svg) | | entity_by_id | entity type ID: `https://blockprotocol.org/@alice/types/entity-type/person/v/1` | $$16.3 \mathrm{ms} \pm 163 \mathrm{μs}\left({\color{lightgreen}-5.330 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/representative_read_entity/entity_by_id/entity+type+ID_+`https___blockprotocol.org_@alice_types_entity-t_4/flamegraph.svg) | | entity_by_id | entity type ID: `https://blockprotocol.org/@alice/types/entity-type/building/v/1` | $$16.2 \mathrm{ms} \pm 191 \mathrm{μs}\left({\color{gray}2.48 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/representative_read_entity/entity_by_id/entity+type+ID_+`https___blockprotocol.org_@alice_types_entity-t_8/flamegraph.svg) | | entity_by_id | entity type ID: `https://blockprotocol.org/@alice/types/entity-type/uk-address/v/1` | $$16.2 \mathrm{ms} \pm 155 \mathrm{μs}\left({\color{gray}-1.335 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/representative_read_entity/entity_by_id/entity+type+ID_+`https___blockprotocol.org_@alice_types_entity-t_7/flamegraph.svg) | | entity_by_id | entity type ID: `https://blockprotocol.org/@alice/types/entity-type/playlist/v/1` | $$16.3 \mathrm{ms} \pm 197 \mathrm{μs}\left({\color{gray}-0.428 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/representative_read_entity/entity_by_id/entity+type+ID_+`https___blockprotocol.org_@alice_types_entity-t_9/flamegraph.svg) | | entity_by_id | entity type ID: `https://blockprotocol.org/@alice/types/entity-type/book/v/1` | $$16.7 \mathrm{ms} \pm 236 \mathrm{μs}\left({\color{gray}1.71 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/representative_read_entity/entity_by_id/entity+type+ID_+`https___blockprotocol.org_@alice_types_entity-t_6/flamegraph.svg) | | entity_by_id | entity type ID: `https://blockprotocol.org/@alice/types/entity-type/page/v/2` | $$16.2 \mathrm{ms} \pm 168 \mathrm{μs}\left({\color{gray}-2.428 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/representative_read_entity/entity_by_id/entity+type+ID_+`https___blockprotocol.org_@alice_types_entity-t_2/flamegraph.svg) | | entity_by_id | entity type ID: `https://blockprotocol.org/@alice/types/entity-type/block/v/1` | $$16.1 \mathrm{ms} \pm 188 \mathrm{μs}\left({\color{lightgreen}-5.390 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/representative_read_entity/entity_by_id/entity+type+ID_+`https___blockprotocol.org_@alice_types_entity-t_3/flamegraph.svg) | ## representative_read_multiple_entities | Function | Value | Mean | Flame graphs | |----------|-------|------|--------------| | entity_by_property | depths: DT=255, PT=255, ET=255, E=255 | $$69.2 \mathrm{ms} \pm 282 \mathrm{μs}\left({\color{gray}0.540 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/representative_read_multiple_entities/entity_by_property/depths_+DT=255,+PT=255,+ET=255,+E=255/flamegraph.svg) | | entity_by_property | depths: DT=0, PT=0, ET=0, E=0 | $$39.6 \mathrm{ms} \pm 234 \mathrm{μs}\left({\color{gray}-0.902 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/representative_read_multiple_entities/entity_by_property/depths_+DT=0,+PT=0,+ET=0,+E=0/flamegraph.svg) | | entity_by_property | depths: DT=2, PT=2, ET=2, E=2 | $$58.4 \mathrm{ms} \pm 271 \mathrm{μs}\left({\color{gray}-0.151 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/representative_read_multiple_entities/entity_by_property/depths_+DT=2,+PT=2,+ET=2,+E=2/flamegraph.svg) | | entity_by_property | depths: DT=0, PT=0, ET=0, E=2 | $$43.8 \mathrm{ms} \pm 300 \mathrm{μs}\left({\color{gray}-0.499 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/representative_read_multiple_entities/entity_by_property/depths_+DT=0,+PT=0,+ET=0,+E=2/flamegraph.svg) | | entity_by_property | depths: DT=0, PT=0, ET=2, E=2 | $$49.4 \mathrm{ms} \pm 273 \mathrm{μs}\left({\color{gray}-0.618 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/representative_read_multiple_entities/entity_by_property/depths_+DT=0,+PT=0,+ET=2,+E=2/flamegraph.svg) | | entity_by_property | depths: DT=0, PT=2, ET=2, E=2 | $$53.8 \mathrm{ms} \pm 356 \mathrm{μs}\left({\color{gray}-0.777 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/representative_read_multiple_entities/entity_by_property/depths_+DT=0,+PT=2,+ET=2,+E=2/flamegraph.svg) | | link_by_source_by_property | depths: DT=255, PT=255, ET=255, E=255 | $$107 \mathrm{ms} \pm 739 \mathrm{μs}\left({\color{gray}0.280 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/representative_read_multiple_entities/link_by_source_by_property/depths_+DT=255,+PT=255,+ET=255,+E=255/flamegraph.svg) | | link_by_source_by_property | depths: DT=0, PT=0, ET=0, E=0 | $$42.0 \mathrm{ms} \pm 234 \mathrm{μs}\left({\color{gray}-1.275 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/representative_read_multiple_entities/link_by_source_by_property/depths_+DT=0,+PT=0,+ET=0,+E=0/flamegraph.svg) | | link_by_source_by_property | depths: DT=2, PT=2, ET=2, E=2 | $$97.3 \mathrm{ms} \pm 493 \mathrm{μs}\left({\color{gray}-0.100 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/representative_read_multiple_entities/link_by_source_by_property/depths_+DT=2,+PT=2,+ET=2,+E=2/flamegraph.svg) | | link_by_source_by_property | depths: DT=0, PT=0, ET=0, E=2 | $$79.7 \mathrm{ms} \pm 376 \mathrm{μs}\left({\color{gray}-0.732 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/representative_read_multiple_entities/link_by_source_by_property/depths_+DT=0,+PT=0,+ET=0,+E=2/flamegraph.svg) | | link_by_source_by_property | depths: DT=0, PT=0, ET=2, E=2 | $$88.8 \mathrm{ms} \pm 538 \mathrm{μs}\left({\color{gray}-0.596 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/representative_read_multiple_entities/link_by_source_by_property/depths_+DT=0,+PT=0,+ET=2,+E=2/flamegraph.svg) | | link_by_source_by_property | depths: DT=0, PT=2, ET=2, E=2 | $$92.9 \mathrm{ms} \pm 503 \mathrm{μs}\left({\color{gray}-0.288 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/representative_read_multiple_entities/link_by_source_by_property/depths_+DT=0,+PT=2,+ET=2,+E=2/flamegraph.svg) | ## representative_read_entity_type | Function | Value | Mean | Flame graphs | |----------|-------|------|--------------| | get_entity_type_by_id | Account ID: `d4e16033-c281-4cde-aa35-9085bf2e7579` | $$1.39 \mathrm{ms} \pm 4.68 \mathrm{μs}\left({\color{gray}0.285 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/representative_read_entity_type/get_entity_type_by_id/Account+ID_+`d4e16033-c281-4cde-aa35-9085bf2e7579`/flamegraph.svg) | ## scaling_read_entity_complete_one_depth | Function | Value | Mean | Flame graphs | |----------|-------|------|--------------| | entity_by_id | 50 entities | $$559 \mathrm{ms} \pm 4.50 \mathrm{ms}\left({\color{red}118 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/scaling_read_entity_complete_one_depth/entity_by_id/50+entities/flamegraph.svg) | | entity_by_id | 5 entities | $$25.0 \mathrm{ms} \pm 130 \mathrm{μs}\left({\color{gray}1.81 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/scaling_read_entity_complete_one_depth/entity_by_id/5+entities/flamegraph.svg) | | entity_by_id | 1 entities | $$19.9 \mathrm{ms} \pm 88.2 \mathrm{μs}\left({\color{gray}0.104 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/scaling_read_entity_complete_one_depth/entity_by_id/1+entities/flamegraph.svg) | | entity_by_id | 10 entities | $$30.8 \mathrm{ms} \pm 224 \mathrm{μs}\left({\color{lightgreen}-38.071 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/scaling_read_entity_complete_one_depth/entity_by_id/10+entities/flamegraph.svg) | | entity_by_id | 25 entities | $$70.4 \mathrm{ms} \pm 478 \mathrm{μs}\left({\color{gray}0.197 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/scaling_read_entity_complete_one_depth/entity_by_id/25+entities/flamegraph.svg) | ## scaling_read_entity_linkless | Function | Value | Mean | Flame graphs | |----------|-------|------|--------------| | entity_by_id | 1 entities | $$1.87 \mathrm{ms} \pm 10.3 \mathrm{μs}\left({\color{gray}0.969 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/scaling_read_entity_linkless/entity_by_id/1+entities/flamegraph.svg) | | entity_by_id | 100 entities | $$2.01 \mathrm{ms} \pm 7.37 \mathrm{μs}\left({\color{gray}-1.110 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/scaling_read_entity_linkless/entity_by_id/100+entities/flamegraph.svg) | | entity_by_id | 10 entities | $$1.89 \mathrm{ms} \pm 6.79 \mathrm{μs}\left({\color{gray}-0.690 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/scaling_read_entity_linkless/entity_by_id/10+entities/flamegraph.svg) | | entity_by_id | 1000 entities | $$2.80 \mathrm{ms} \pm 11.4 \mathrm{μs}\left({\color{gray}0.068 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/scaling_read_entity_linkless/entity_by_id/1000+entities/flamegraph.svg) | | entity_by_id | 10000 entities | $$13.6 \mathrm{ms} \pm 48.2 \mathrm{μs}\left({\color{gray}0.378 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/scaling_read_entity_linkless/entity_by_id/10000+entities/flamegraph.svg) | ## scaling_read_entity_complete_zero_depth | Function | Value | Mean | Flame graphs | |----------|-------|------|--------------| | entity_by_id | 50 entities | $$5.30 \mathrm{ms} \pm 30.6 \mathrm{μs}\left({\color{gray}0.146 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/scaling_read_entity_complete_zero_depth/entity_by_id/50+entities/flamegraph.svg) | | entity_by_id | 5 entities | $$1.89 \mathrm{ms} \pm 8.31 \mathrm{μs}\left({\color{gray}-1.348 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/scaling_read_entity_complete_zero_depth/entity_by_id/5+entities/flamegraph.svg) | | entity_by_id | 1 entities | $$1.86 \mathrm{ms} \pm 5.66 \mathrm{μs}\left({\color{gray}-3.805 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/scaling_read_entity_complete_zero_depth/entity_by_id/1+entities/flamegraph.svg) | | entity_by_id | 10 entities | $$2.10 \mathrm{ms} \pm 10.5 \mathrm{μs}\left({\color{gray}0.249 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/scaling_read_entity_complete_zero_depth/entity_by_id/10+entities/flamegraph.svg) | | entity_by_id | 25 entities | $$3.31 \mathrm{ms} \pm 16.9 \mathrm{μs}\left({\color{gray}0.204 \mathrm{\\%}}\right) $$ | [Flame Graph](https://benchmarks.hash.dev/6d37b82ebc347bbc50d0f9e46134bf273639534b/scaling_read_entity_complete_zero_depth/entity_by_id/25+entities/flamegraph.svg) |