diff --git a/package-lock.json b/package-lock.json
index 77e7ba72..f4d3c4b7 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -16,7 +16,7 @@
         "cookie-parser": "1.4.7",
         "cors": "2.8.5",
         "dotenv": "16.6.0",
-        "express": "5.1.0",
+        "express": "5.2.1",
         "helmet": "8.1.0",
         "jose": "6.1.2",
         "jsonwebtoken": "9.0.2",
@@ -3466,18 +3466,19 @@
       }
     },
     "node_modules/express": {
-      "version": "5.1.0",
-      "resolved": "https://registry.npmjs.org/express/-/express-5.1.0.tgz",
-      "integrity": "sha512-DT9ck5YIRU+8GYzzU5kT3eHGA5iL+1Zd0EutOmTE9Dtk+Tvuzd23VBU+ec7HPNSTxXYO55gPV/hq4pSBJDjFpA==",
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/express/-/express-5.2.1.tgz",
+      "integrity": "sha512-hIS4idWWai69NezIdRt2xFVofaF4j+6INOpJlVOLDO8zXGpUVEVzIYk12UUi2JzjEzWL3IOAxcTubgz9Po0yXw==",
       "license": "MIT",
       "dependencies": {
         "accepts": "^2.0.0",
-        "body-parser": "^2.2.0",
+        "body-parser": "^2.2.1",
         "content-disposition": "^1.0.0",
         "content-type": "^1.0.5",
         "cookie": "^0.7.1",
         "cookie-signature": "^1.2.1",
         "debug": "^4.4.0",
+        "depd": "^2.0.0",
         "encodeurl": "^2.0.0",
         "escape-html": "^1.0.3",
         "etag": "^1.8.1",
diff --git a/package.json b/package.json
index 45d145e1..3bf03d84 100644
--- a/package.json
+++ b/package.json
@@ -22,7 +22,7 @@
     "cookie-parser": "1.4.7",
     "cors": "2.8.5",
     "dotenv": "16.6.0",
-    "express": "5.1.0",
+    "express": "5.2.1",
     "helmet": "8.1.0",
     "jose": "6.1.2",
     "jsonwebtoken": "9.0.2",