Comparing changes

* ci: increase runner size and ubuntu concurrency The ubuntu provider is consistently timing out. It should be rewritten to use a more performant approach, but first today's Grype DB needs to be published. Temporarily raise the amount of compute available to the daily data sync jobs and increase the amount concurrency requested of the vunnel ubuntu provider. Signed-off-by: Will Murphy <[email protected]> * ci: run highly concurrent providers (ubuntu) on big runner The ubuntu provider does a ton of local file I/O and can be meaningfully sped up by using the a large multi core runner and a higher number of workers. However many providers are essentially single threaded and do not benefit from the multicore runner. Therfore, rearrange some yaml to put highly concurrent providers (today just Ubuntu) on a bit multi core runner without paying to put the rest of them on the big multi core runner. Signed-off-by: Will Murphy <[email protected]> * revert vunnel concurrency change Signed-off-by: Will Murphy <[email protected]> * ci: prevent runner stealing in matrix jobs Add job-index to runs-on labels for matrix strategy jobs to ensure deterministic job-to-runner assignment. Without unique labels, runners launched for one matrix job could pick up a different job with matching labels, causing unpredictable scheduling. Affected jobs: - daily-data-sync.yaml: update-provider-multicore, update-provider - daily-db-publisher-r2.yaml: generate-and-publish-dbs - validations.yaml: Acceptance-Test See: https://runs-on.com/guides/troubleshoot/#runner-stealing Signed-off-by: Will Murphy <[email protected]> --------- Signed-off-by: Will Murphy <[email protected]>

#777) Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.11 to 8.0.0. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@22a9089...98357b1) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.1 to 6.0.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v5.0.1...8e8c483) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/cache](https://github.com/actions/cache) from 4.3.0 to 5.0.1. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@0057852...9255dc7) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

) Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 7.1.5 to 7.1.6. - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@ed21f2f...681c641) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 7.1.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <[email protected]>

) Bumps [github.com/anchore/grype](https://github.com/anchore/grype) from 0.104.2 to 0.104.3. - [Release notes](https://github.com/anchore/grype/releases) - [Changelog](https://github.com/anchore/grype/blob/main/RELEASE.md) - [Commits](anchore/grype@v0.104.2...v0.104.3) --- updated-dependencies: - dependency-name: github.com/anchore/grype dependency-version: 0.104.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Comparing changes

Open a pull request

Commits on Dec 10, 2025

Commits on Dec 16, 2025

Commits on Dec 22, 2025

Commits on Dec 23, 2025

This comparison is taking too long to generate.

Uh oh!