diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 77110ddaf27..5c474e9ab6a 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -31,7 +31,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
         with:
           results_file: results.sarif
           results_format: sarif
@@ -49,7 +49,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3.pre.node20
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.pre.node20
         with:
           name: SARIF file
           path: results.sarif
diff --git a/internal/tools/go.mod b/internal/tools/go.mod
index a6de656bc75..4c0dd969a67 100644
--- a/internal/tools/go.mod
+++ b/internal/tools/go.mod
@@ -213,7 +213,7 @@ require (
 	golang.org/x/net v0.34.0 // indirect
 	golang.org/x/sync v0.11.0 // indirect
 	golang.org/x/sys v0.30.0 // indirect
-	golang.org/x/telemetry v0.0.0-20250204190103-3af0d96bfba9 // indirect
+	golang.org/x/telemetry v0.0.0-20250205183316-c67c2d15c073 // indirect
 	golang.org/x/text v0.22.0 // indirect
 	google.golang.org/protobuf v1.36.4 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/internal/tools/go.sum b/internal/tools/go.sum
index b9ac7c28b40..158c064b91f 100644
--- a/internal/tools/go.sum
+++ b/internal/tools/go.sum
@@ -594,8 +594,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
 golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/telemetry v0.0.0-20250204190103-3af0d96bfba9 h1:ll4oETaFUTp12GxDdTNO0B8WjE7UOMvJBQdEZ71v0Dk=
-golang.org/x/telemetry v0.0.0-20250204190103-3af0d96bfba9/go.mod h1:Ng+6E7PnWNge4EifZkPKeQUnm5iyAoH8qQgw3pLCiF4=
+golang.org/x/telemetry v0.0.0-20250205183316-c67c2d15c073 h1:x9Og37+Gh3SJTA+vtqYxIK7EKh7a4j2DAqXG0TaNQ5s=
+golang.org/x/telemetry v0.0.0-20250205183316-c67c2d15c073/go.mod h1:Ng+6E7PnWNge4EifZkPKeQUnm5iyAoH8qQgw3pLCiF4=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=