Skip to content

chore(deps): bump gitleaks/gitleaks-action from 2.3.9 to 3.0.0#267

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/gitleaks/gitleaks-action-3.0.0
Open

chore(deps): bump gitleaks/gitleaks-action from 2.3.9 to 3.0.0#267
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/gitleaks/gitleaks-action-3.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 1, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps gitleaks/gitleaks-action from 2.3.9 to 3.0.0.

Release notes

Sourced from gitleaks/gitleaks-action's releases.

v3.0.0

What's changed

gitleaks-action v3 migrates the runtime from Node 20 to Node 24. No changes to inputs, outputs, or behavior. Update your workflow from gitleaks/gitleaks-action@v2 to gitleaks/gitleaks-action@v3.

Migration

# Before
- uses: gitleaks/gitleaks-action@v2
After

uses: gitleaks/gitleaks-action@v3

Why

GitHub is deprecating the Node 20 runtime for Actions:

  • June 2, 2026: GitHub flips the runner default to Node 24. Workflows using gitleaks-action@v2 (Node 20) will still run, but only if ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true is set as an environment variable.
  • September 16, 2026: Node 20 is removed from GitHub-hosted runners entirely. gitleaks-action@v2 stops working regardless of any opt-out flag.

Changes

  • action.yml: runtime node20node24
  • @actions/core: 1.10.0 → 1.11.1
  • dist/ rebuilt
  • Example workflows updated to actions/checkout@v6 and gitleaks-action@v3
  • README updated with v3 migration guide

Self-hosted runners

If you use self-hosted runners, ensure your runner version is >= v2.327.1 (required for Node 24 support).

Commits

@dependabot dependabot Bot added ci CI/CD changes dependencies Dependency updates labels Jun 1, 2026
@dependabot dependabot Bot requested a review from heznpc as a code owner June 1, 2026 23:12
@dependabot dependabot Bot added the ci CI/CD changes label Jun 1, 2026
@github-actions github-actions Bot added the manual-review Dependency major bump or risky change — needs human review label Jun 1, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/gitleaks/gitleaks-action-3.0.0 branch 2 times, most recently from f74f0cc to 18e834c Compare June 9, 2026 09:45
@dependabot
chore(deps): bump gitleaks/gitleaks-action from 2.3.9 to 3.0.0
0cbdecb 
Bumps [gitleaks/gitleaks-action](https://github.com/gitleaks/gitleaks-action) from 2.3.9 to 3.0.0.
- [Release notes](https://github.com/gitleaks/gitleaks-action/releases)
- [Commits](gitleaks/gitleaks-action@ff98106...e0c47f4)

---
updated-dependencies:
- dependency-name: gitleaks/gitleaks-action
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/gitleaks/gitleaks-action-3.0.0 branch from 18e834c to 0cbdecb Compare June 9, 2026 14:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@heznpc heznpc Awaiting requested review from heznpc heznpc is a code owner

Assignees

No one assigned

Labels

ci CI/CD changes dependencies Dependency updates manual-review Dependency major bump or risky change — needs human review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants