Skip to content

chore(deps): bump gitleaks/gitleaks-action from 2.3.9 to 3.0.0#26

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/gitleaks/gitleaks-action-3.0.0
Open

chore(deps): bump gitleaks/gitleaks-action from 2.3.9 to 3.0.0#26
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/gitleaks/gitleaks-action-3.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 2, 2026

Copy link
Copy Markdown
Contributor

Bumps gitleaks/gitleaks-action from 2.3.9 to 3.0.0.

Release notes

Sourced from gitleaks/gitleaks-action's releases.

v3.0.0

What's changed

gitleaks-action v3 migrates the runtime from Node 20 to Node 24. No changes to inputs, outputs, or behavior. Update your workflow from gitleaks/gitleaks-action@v2 to gitleaks/gitleaks-action@v3.

Migration

# Before
- uses: gitleaks/gitleaks-action@v2
After

uses: gitleaks/gitleaks-action@v3

Why

GitHub is deprecating the Node 20 runtime for Actions:

  • June 2, 2026: GitHub flips the runner default to Node 24. Workflows using gitleaks-action@v2 (Node 20) will still run, but only if ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true is set as an environment variable.
  • September 16, 2026: Node 20 is removed from GitHub-hosted runners entirely. gitleaks-action@v2 stops working regardless of any opt-out flag.

Changes

  • action.yml: runtime node20node24
  • @actions/core: 1.10.0 → 1.11.1
  • dist/ rebuilt
  • Example workflows updated to actions/checkout@v6 and gitleaks-action@v3
  • README updated with v3 migration guide

Self-hosted runners

If you use self-hosted runners, ensure your runner version is >= v2.327.1 (required for Node 24 support).

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump gitleaks/gitleaks-action from 2.3.9 to 3.0.0
b7bee27 
Bumps [gitleaks/gitleaks-action](https://github.com/gitleaks/gitleaks-action) from 2.3.9 to 3.0.0.
- [Release notes](https://github.com/gitleaks/gitleaks-action/releases)
- [Commits](gitleaks/gitleaks-action@ff98106...e0c47f4)

---
updated-dependencies:
- dependency-name: gitleaks/gitleaks-action
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 2, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 2, 2026
@codacy-production

codacy-production Bot commented Jun 2, 2026

Copy link
Copy Markdown

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.

Run reviewer

TIP This summary will be updated as you push new changes.

codacy-production[bot]
codacy-production Bot reviewed Jun 2, 2026
View reviewed changes

@codacy-production codacy-production Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

The PR successfully upgrades the gitleaks-action from v2.3.9 to v3.0.0 across the CI and Release workflows. This update migrates the action's internal runtime from Node 20 to Node 24, adhering to GitHub's upcoming environment requirements. Codacy analysis indicates that the changes are up to standards with no new quality issues or complexity increases. There are no critical security flaws or logic bugs that should prevent merging.

Test suggestions

  • Gitleaks action is triggered during the Security Checks job in the CI workflow.
  • Gitleaks action is triggered during the Security Checks job in the Release workflow.

TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback

Comment thread .github/workflows/release.yml
Comment on lines +73 to 76
uses: gitleaks/gitleaks-action@e0c47f4f8be36e29cdc102c57e68cb5cbf0e8d1e # v3.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}

@codacy-production codacy-production Bot Jun 2, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚪ LOW RISK

Suggestion: The GITLEAKS_LICENSE environment variable is obsolete in gitleaks-action v3.0.0+. Gitleaks no longer requires a license key.

Suggested change
uses: gitleaks/gitleaks-action@e0c47f4f8be36e29cdc102c57e68cb5cbf0e8d1e # v3.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}
uses: gitleaks/gitleaks-action@[REDACTED:HIGH_ENTROPY] # v3.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Comment thread .github/workflows/ci.yml
Comment on lines +77 to 80
uses: gitleaks/gitleaks-action@e0c47f4f8be36e29cdc102c57e68cb5cbf0e8d1e # v3.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}

@codacy-production codacy-production Bot Jun 2, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚪ LOW RISK

Suggestion: The GITLEAKS_LICENSE environment variable is obsolete in gitleaks-action v3.0.0+. Gitleaks no longer requires a license key.

Suggested change
uses: gitleaks/gitleaks-action@e0c47f4f8be36e29cdc102c57e68cb5cbf0e8d1e # v3.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}
uses: gitleaks/gitleaks-action@[REDACTED:HIGH_ENTROPY] # v3.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@codacy-production codacy-production[bot] codacy-production[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants