Bump CI actions to Node 24 runtime (gitleaks v3, dependency-review v5)#42
Merged
Conversation
GitHub is deprecating the Node 20 Actions runtime (runner default flips to Node 24 on 2026-06-16; Node 20 removed 2026-09-16), which surfaced as deprecation annotations on the Security Checks workflow. Bump the two flagged actions to their Node 24 majors: - gitleaks/gitleaks-action v2 -> v3 (runtime-only migration; no input/output/behavior changes) - actions/dependency-review-action v4 -> v5 (runtime updated to node24) Both run on ubuntu-latest, which satisfies the required runner >= v2.327.1. The other actions in the repo (checkout@v6, setup-node@v6, pnpm/action-setup@v6, codeql-action@v4) were not flagged. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
GitHub is deprecating the Node 20 Actions runtime (runner default flips to Node 24 on 2026-06-16; Node 20 removed 2026-09-16), which surfaced as deprecation annotations on the Security Checks workflow. This bumps the two flagged actions to their Node 24 majors.
Changes
.github/workflows/security.yml:gitleaks/gitleaks-actionv2 → v3 — runtime-only migration; release notes confirm no changes to inputs, outputs, or behavioractions/dependency-review-actionv4 → v5 — runtime updated to node24Notes
ubuntu-latest, satisfying the Node 24 minimum runner (>= v2.327.1).actions/checkout@v6,actions/setup-node@v6,pnpm/action-setup@v6,github/codeql-action/*@v4) were not flagged and are unchanged.main(where the dependency-audit fix already lives, so Dependency Audit passes on its own).🤖 Generated with Claude Code