ci: bump gitleaks/gitleaks-action from 2.3.9 to 3.0.0

[dependabot]

Bumps gitleaks/gitleaks-action from 2.3.9 to 3.0.0.

Release notes

Sourced from gitleaks/gitleaks-action's releases.

v3.0.0

What's changed

gitleaks-action v3 migrates the runtime from Node 20 to Node 24. No changes to inputs, outputs, or behavior. Update your workflow from gitleaks/gitleaks-action@v2 to gitleaks/gitleaks-action@v3.

Migration

# Before
- uses: gitleaks/gitleaks-action@v2
After

uses: gitleaks/gitleaks-action@v3

Why

GitHub is deprecating the Node 20 runtime for Actions:

• June 2, 2026: GitHub flips the runner default to Node 24. Workflows using gitleaks-action@v2 (Node 20) will still run, but only if ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true is set as an environment variable.
• September 16, 2026: Node 20 is removed from GitHub-hosted runners entirely. gitleaks-action@v2 stops working regardless of any opt-out flag.

Changes

• action.yml: runtime node20 → node24
• @actions/core: 1.10.0 → 1.11.1
• dist/ rebuilt
• Example workflows updated to actions/checkout@v6 and gitleaks-action@v3
• README updated with v3 migration guide

Self-hosted runners

If you use self-hosted runners, ensure your runner version is >= v2.327.1 (required for Node 24 support).

Commits

• e0c47f4 chore: migrate to Node 24 runtime (v3)
• bf2dc8e Merge pull request #191 from Olexandr88/patch-1
• b71323b Update README.md
• 9c66aa9 Update README.md
• 186c3fe Create FUNDING.yml
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.53%. Comparing base (cc3342e) to head (0818308).

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #55   +/-   ##
=======================================
  Coverage   97.53%   97.53%           
=======================================
  Files           3        3           
  Lines          81       81           
  Branches       21       21           
=======================================
  Hits           79       79           
  Misses          2        2           

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cc3342e...0818308. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[klodr]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Summary by CodeRabbit

• Chores
  • Updated gitleaks GitHub Actions workflow to v3.0.0.

Walkthrough

The gitleaks GitHub Actions workflow step is upgraded from v2.3.9 to v3.0.0 by updating the pinned action commit reference. All other workflow configuration—triggers, permissions, concurrency, and checkout—remains unchanged.

Changes

Gitleaks Configuration Update

Layer / File(s)	Summary
Gitleaks action version upgrade .github/workflows/gitleaks.yml	The Run gitleaks step updates the gitleaks/gitleaks-action reference from a v2.3.9 pinned commit to a v3.0.0 pinned commit.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested reviewers

• klodr

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title follows Conventional Commits format with 'ci' type, includes the scope (gitleaks/gitleaks-action), uses imperative mood, and is lowercase without trailing period, meeting all requirements and clearly summarizing the main change.
Description check	✅ Passed	The description is directly related to the changeset, providing detailed release notes, migration rationale, and technical context about the gitleaks-action version bump from 2.3.9 to 3.0.0.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/github_actions/gitleaks/gitleaks-action-3.0.0

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/gitleaks.yml (1)

42-50: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Remove stale comment and redundant environment variable.

The comment (lines 44-49) references v2.3.9 and explains why Node 24 was forced, but the action has been upgraded to v3.0.0, which natively uses Node 24 according to the PR description. The FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 environment variable (line 50) is now redundant since v3.0.0 runs on Node 24 by default.

🧹 Proposed cleanup

       - name: Run gitleaks
         uses: gitleaks/gitleaks-action@e0c47f4f8be36e29cdc102c57e68cb5cbf0e8d1e # v3.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          # gitleaks-action v2.3.9 declares `runs.using: node20`, which
-          # GitHub will force to node24 by default starting 2026-06-02
-          # and remove node20 entirely 2026-09-16. Opt into node24 now
-          # to silence the deprecation warning and validate compatibility
-          # before the forced flip. Upstream has not cut a node24 release
-          # since v2.3.9 (2025-04-17); revisit when a successor lands.
-          FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/gitleaks.yml around lines 42 - 50, Remove the stale
explanatory comment and the redundant environment variable
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 from the gitleaks workflow; keep the required
GITHUB_TOKEN env entry intact. Locate the env block that currently sets
GITHUB_TOKEN and FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 and delete the comment lines
about v2.3.9/Node20 and the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true" line so
the workflow relies on the action's native Node 24 behavior (the GITHUB_TOKEN
line should remain).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In @.github/workflows/gitleaks.yml:
- Around line 42-50: Remove the stale explanatory comment and the redundant
environment variable FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 from the gitleaks
workflow; keep the required GITHUB_TOKEN env entry intact. Locate the env block
that currently sets GITHUB_TOKEN and FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 and
delete the comment lines about v2.3.9/Node20 and the
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true" line so the workflow relies on the
action's native Node 24 behavior (the GITHUB_TOKEN line should remain).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 2a164f0e-787f-48e4-b4db-589aeddb552a

📥 Commits

Reviewing files that changed from the base of the PR and between cc3342e and 0818308.

📒 Files selected for processing (1)

• .github/workflows/gitleaks.yml