From a2b8777da929773e962cb73f5f1700681161ac11 Mon Sep 17 00:00:00 2001
From: godofredoc <godofredoc@google.com>
Date: Mon, 12 Sep 2022 20:18:01 -0700
Subject: [PATCH] Manual update of scorecards 2.0.3

It requires a manual update to add a new permission to get an oidc token.
---
 .github/workflows/scorecards-analysis.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index fa4bda80f4751..24626afeec40c 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -18,6 +18,8 @@ jobs:
       security-events: write
       actions: read
       contents: read
+      # Needed to access OIDC token.
+      id-token: write
 
     steps:
       - name: "Checkout code"
@@ -34,7 +36,7 @@ jobs:
         run: python ci/deps_parser.py
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@68bf5b3327e4fd443d2add8ab122280547b4a16d
+        uses: ossf/scorecard-action@865b4092859256271290c77adbd10a43f4779972
         with:
           results_file: results.sarif
           results_format: sarif