diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index e735b9e..e1ba06a 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -37,7 +37,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
         with:
           results_file: results.sarif
           results_format: sarif
diff --git a/news/20250109185845.bugfix b/news/20250109185845.bugfix
new file mode 100644
index 0000000..b38c333
--- /dev/null
+++ b/news/20250109185845.bugfix
@@ -0,0 +1 @@
+Dependency upgrade: scorecard-action-2.4.0