Skip to content

chore(deps)(deps): bump gitleaks/gitleaks-action from 2 to 3#1

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot-github_actions-gitleaks-gitleaks-action-3
Open

chore(deps)(deps): bump gitleaks/gitleaks-action from 2 to 3#1
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot-github_actions-gitleaks-gitleaks-action-3

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026

Bumps gitleaks/gitleaks-action from 2 to 3.

Release notes

Sourced from gitleaks/gitleaks-action's releases.

v3.0.0

What's changed

gitleaks-action v3 migrates the runtime from Node 20 to Node 24. No changes to inputs, outputs, or behavior. Update your workflow from gitleaks/gitleaks-action@v2 to gitleaks/gitleaks-action@v3.

Migration

# Before
- uses: gitleaks/gitleaks-action@v2
After

uses: gitleaks/gitleaks-action@v3

Why

GitHub is deprecating the Node 20 runtime for Actions:

  • June 2, 2026: GitHub flips the runner default to Node 24. Workflows using gitleaks-action@v2 (Node 20) will still run, but only if ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true is set as an environment variable.
  • September 16, 2026: Node 20 is removed from GitHub-hosted runners entirely. gitleaks-action@v2 stops working regardless of any opt-out flag.

Changes

  • action.yml: runtime node20node24
  • @actions/core: 1.10.0 → 1.11.1
  • dist/ rebuilt
  • Example workflows updated to actions/checkout@v6 and gitleaks-action@v3
  • README updated with v3 migration guide

Self-hosted runners

If you use self-hosted runners, ensure your runner version is >= v2.327.1 (required for Node 24 support).

v2.3.9

What's Changed

Full Changelog: gitleaks/gitleaks-action@v2.3.8...v2.3.9

v2.3.8

What's Changed

New Contributors

Full Changelog: gitleaks/gitleaks-action@v2.3.7...v2.3.8

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps)(deps): bump gitleaks/gitleaks-action from 2 to 3
a1182ac 
Bumps [gitleaks/gitleaks-action](https://github.com/gitleaks/gitleaks-action) from 2 to 3.
- [Release notes](https://github.com/gitleaks/gitleaks-action/releases)
- [Commits](gitleaks/gitleaks-action@v2...v3)

---
updated-dependencies:
- dependency-name: gitleaks/gitleaks-action
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Dependency file changes github-actions GitHub Actions workflow changes labels Jun 4, 2026
@github-actions github-actions Bot added ci-cd CI/CD pipeline changes configuration Configuration file changes size/XS Extra small PR (≤10 lines changed) first-time-contributor First PR of an external contributor needs-review and removed dependencies Dependency file changes labels Jun 4, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jun 4, 2026

Messages
📖

⚠️ PR Template Check

These are non-blocking, but please fix:

  • PR description is missing required sections:
  • ### Addressed Issues:
  • ## Checklist

Please follow the PR template.

  • No issue linked. Consider adding Fixes #<number> (e.g. Fixes #42) under the Addressed Issues section.

  • Some required checklist items are not completed:

  • My PR addresses a single issue

  • My code follows the project's code style

  • My changes generate no new warnings or errors

Generated by 🚫 dangerJS against a1182ac

@github-advanced-security
Copy link
Copy Markdown

github-advanced-security AI commented Jun 4, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

ci-cd CI/CD pipeline changes configuration Configuration file changes first-time-contributor First PR of an external contributor github-actions GitHub Actions workflow changes needs-review size/XS Extra small PR (≤10 lines changed)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@github-advanced-security