diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index e1d91e1..96aa062 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -37,7 +37,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
+        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
         with:
           results_file: results.sarif
           results_format: sarif
diff --git a/news/20251001060855.bugfix b/news/20251001060855.bugfix
new file mode 100644
index 0000000..d8ae972
--- /dev/null
+++ b/news/20251001060855.bugfix
@@ -0,0 +1 @@
+Dependency upgrade: scorecard-action-2.4.3