From c60f817363b2fe0e817ea1597488da8f95da93fb Mon Sep 17 00:00:00 2001
From: ymc9 <104139426+ymc9@users.noreply.github.com>
Date: Mon, 13 May 2024 11:55:48 +0800
Subject: [PATCH 1/2] chore: upgrade ossf/scorecard CI action

---
 .github/workflows/security-scorecard.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/security-scorecard.yml b/.github/workflows/security-scorecard.yml
index aafcfb513..b3f0cf3dc 100644
--- a/.github/workflows/security-scorecard.yml
+++ b/.github/workflows/security-scorecard.yml
@@ -53,7 +53,7 @@ jobs:
                   token: ${{ secrets.BOT_TOKEN || github.token }} # Bot Token is a PAT for a automation account.
 
             - name: 'Run analysis'
-              uses: ossf/scorecard-action@v2.1.2
+              uses: ossf/scorecard-action@v2.3.3
               with:
                   results_file: results.sarif
                   results_format: sarif

From fd4dc85896dc5533ca2c237a9113d5df4639812a Mon Sep 17 00:00:00 2001
From: ymc9 <104139426+ymc9@users.noreply.github.com>
Date: Mon, 13 May 2024 12:07:21 +0800
Subject: [PATCH 2/2] remove unsupported telemetry action

---
 .github/workflows/security-scorecard.yml | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/.github/workflows/security-scorecard.yml b/.github/workflows/security-scorecard.yml
index b3f0cf3dc..2040044d7 100644
--- a/.github/workflows/security-scorecard.yml
+++ b/.github/workflows/security-scorecard.yml
@@ -38,14 +38,6 @@ jobs:
               with:
                   egress-policy: audit
 
-            - name: Workflow Telemetry
-              uses: catchpoint/workflow-telemetry-action@v1.8.7
-              with:
-                  github_token: ${{ secrets.BOT_TOKEN || github.token }} # Bot Token is a PAT for a automation account.
-                  comment_on_pr: false
-                  theme: dark
-                  proc_trace_sys_enable: true
-
             # checks out the repository
             - uses: actions/checkout@v4
               with: