ci: bump gitleaks/gitleaks-action from 2.3.9 to 3.0.0

[dependabot]

Bumps gitleaks/gitleaks-action from 2.3.9 to 3.0.0.

Release notes

Sourced from gitleaks/gitleaks-action's releases.

v3.0.0

What's changed

gitleaks-action v3 migrates the runtime from Node 20 to Node 24. No changes to inputs, outputs, or behavior. Update your workflow from gitleaks/gitleaks-action@v2 to gitleaks/gitleaks-action@v3.

Migration

# Before
- uses: gitleaks/gitleaks-action@v2
After

uses: gitleaks/gitleaks-action@v3

Why

GitHub is deprecating the Node 20 runtime for Actions:

• June 2, 2026: GitHub flips the runner default to Node 24. Workflows using gitleaks-action@v2 (Node 20) will still run, but only if ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true is set as an environment variable.
• September 16, 2026: Node 20 is removed from GitHub-hosted runners entirely. gitleaks-action@v2 stops working regardless of any opt-out flag.

Changes

• action.yml: runtime node20 → node24
• @actions/core: 1.10.0 → 1.11.1
• dist/ rebuilt
• Example workflows updated to actions/checkout@v6 and gitleaks-action@v3
• README updated with v3 migration guide

Self-hosted runners

If you use self-hosted runners, ensure your runner version is >= v2.327.1 (required for Node 24 support).

Commits

• e0c47f4 chore: migrate to Node 24 runtime (v3)
• bf2dc8e Merge pull request #191 from Olexandr88/patch-1
• b71323b Update README.md
• 9c66aa9 Update README.md
• 186c3fe Create FUNDING.yml
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Bundle Report

Bundle size has no change ✅

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.40%. Comparing base (1a42785) to head (bfafb62).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #212   +/-   ##
=======================================
  Coverage   99.40%   99.40%           
=======================================
  Files          33       33           
  Lines        1859     1859           
  Branches      513      530   +17     
=======================================
  Hits         1848     1848           
  Misses          9        9           
  Partials        2        2           

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1a42785...bfafb62. Read the comment docs.

[klodr]

@dependabot rebase

[dependabot]

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[klodr]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

📝 Walkthrough

• Gitleaks secret scanning updated from v2.3.9 to v3.0.0 with no changes to tool behavior, inputs, or outputs
• Runtime migrated from Node 20 to Node 24 to comply with GitHub Actions deprecation timeline (Node 20 removal on September 16, 2026)
• No OAuth scope changes — continues to use existing pull-requests: read permission for PR commit enumeration

Walkthrough

The GitHub Actions workflow file updates the pinned gitleaks/gitleaks-action version from v2.3.9 to v3.0.0 in the Run gitleaks step.

Changes

Gitleaks Action Update

Layer / File(s)	Summary
Update gitleaks action to v3.0.0 .github/workflows/gitleaks.yml	The Run gitleaks step now uses the pinned revision v3.0.0 instead of v2.3.9.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• klodr/gmail-mcp#203: Updates GitHub Actions leak-detection workflow by bumping pinned action/reusable workflow commit SHAs.

Suggested labels

Review effort 2/5

Suggested reviewers

• klodr

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title follows the Conventional Commits format with type 'ci' and imperative subject in lowercase. It clearly describes the dependency update from 2.3.9 to 3.0.0 and matches the actual changeset. The length is 53 characters, well within the 72-character limit.
Description check	✅ Passed	The description is comprehensive and directly related to the changeset, containing release notes from the upstream gitleaks-action repository explaining the v3.0.0 migration from Node 20 to Node 24, migration guidance, and timeline for deprecated runtimes.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/gitleaks.yml (1)

44-50: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Stale comment and unnecessary env var after v3.0.0 upgrade.

The comment references v2.3.9 and mentions "revisit when a successor lands"—v3.0.0 is that successor. Since v3.0.0 runs on Node 24 natively, FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 is no longer needed and the comment is now misleading.

🧹 Proposed cleanup

       - name: Run gitleaks
         uses: gitleaks/gitleaks-action@e0c47f4f8be36e29cdc102c57e68cb5cbf0e8d1e # v3.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          # gitleaks-action v2.3.9 declares `runs.using: node20`, which
-          # GitHub will force to node24 by default starting 2026-06-02
-          # and remove node20 entirely 2026-09-16. Opt into node24 now
-          # to silence the deprecation warning and validate compatibility
-          # before the forced flip. Upstream has not cut a node24 release
-          # since v2.3.9 (2025-04-17); revisit when a successor lands.
-          FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/gitleaks.yml around lines 44 - 50, The comment and the
environment variable FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 are now stale after
upgrading gitleaks to v3.0.0 (which already uses Node 24); remove the
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 entry and the surrounding explanatory comment
block in the gitleaks GitHub Actions workflow so the file no longer contains
misleading text about v2.3.9 and node20/node24 compatibility.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In @.github/workflows/gitleaks.yml:
- Around line 44-50: The comment and the environment variable
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 are now stale after upgrading gitleaks to
v3.0.0 (which already uses Node 24); remove the
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 entry and the surrounding explanatory comment
block in the gitleaks GitHub Actions workflow so the file no longer contains
misleading text about v2.3.9 and node20/node24 compatibility.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 4b9e9f0a-a07b-4f27-aab2-f3cf4bd6bf49

📥 Commits

Reviewing files that changed from the base of the PR and between 1a42785 and bfafb62.

📒 Files selected for processing (1)

• .github/workflows/gitleaks.yml