diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 6297790..0c6c6a2 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -40,7 +40,7 @@ jobs:
           fetch-depth: 0 # scan da história inteira (gitleaks varre commits, não só working tree)
 
       - name: Gitleaks scan
-        uses: gitleaks/gitleaks-action@v2
+        uses: gitleaks/gitleaks-action@v3
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           # GITLEAKS_LICENSE não necessário para repos públicos / repos privados