diff --git a/packages/indexer/package.json b/packages/indexer/package.json
index 77270bc8..ead65c8f 100644
--- a/packages/indexer/package.json
+++ b/packages/indexer/package.json
@@ -131,7 +131,7 @@
     "hashlock": "1.0.4",
     "inquirer": "9.2.23",
     "json-stable-stringify": "1.1.1",
-    "openpgp": "5.11.1",
+    "openpgp": "5.11.2",
     "ora": "8.0.1",
     "packageurl-js": "1.2.1",
     "sigstore": "2.3.1",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 1a2c9d59..ebd42422 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -127,8 +127,8 @@ importers:
         specifier: 1.1.1
         version: 1.1.1
       openpgp:
-        specifier: 5.11.1
-        version: 5.11.1
+        specifier: 5.11.2
+        version: 5.11.2
       ora:
         specifier: 8.0.1
         version: 8.0.1
@@ -347,7 +347,7 @@ packages:
       '@babel/traverse': 7.24.1
       '@babel/types': 7.24.0
       convert-source-map: 2.0.0
-      debug: 4.3.4
+      debug: 4.3.6
       gensync: 1.0.0-beta.2
       json5: 2.2.3
       semver: 6.3.1
@@ -5036,8 +5036,8 @@ packages:
       mimic-function: 5.0.1
     dev: true
 
-  /openpgp@5.11.1:
-    resolution: {integrity: sha512-TynUBPuaSI7dN0gP+A38CjNRLxkOkkptefNanalDQ71BFAKKm+dLbksymSW5bUrB7RcAneMySL/Y+r/TbLpOnQ==, tarball: https://registry.npmjs.org/openpgp/-/openpgp-5.11.1.tgz}
+  /openpgp@5.11.2:
+    resolution: {integrity: sha512-f8dJFVLwdkvPvW3VPFs6q9Vs2+HNhdvwls7a/MIFcQUB+XiQzRe7alfa3RtwfGJU7oUDDMAWPZ0nYsHa23Az+A==, tarball: https://registry.npmjs.org/openpgp/-/openpgp-5.11.2.tgz}
     engines: {node: '>= 8.0.0'}
     dependencies:
       asn1.js: 5.4.1