diff --git a/examples/auth/server/package-lock.json b/examples/auth/server/package-lock.json
index 381c3b2..d37ed26 100644
--- a/examples/auth/server/package-lock.json
+++ b/examples/auth/server/package-lock.json
@@ -12,7 +12,7 @@
         "axios": "^1.12.2",
         "body-parser": "^2.2.1",
         "cors": "^2.8.5",
-        "express": "^5.1.0",
+        "express": "^5.2.0",
         "helmet": "^7.1.0",
         "jsonwebtoken": "^9.0.2",
         "jwk-to-pem": "^2.0.7",
@@ -392,18 +392,19 @@
       }
     },
     "node_modules/express": {
-      "version": "5.1.0",
-      "resolved": "https://registry.npmjs.org/express/-/express-5.1.0.tgz",
-      "integrity": "sha512-DT9ck5YIRU+8GYzzU5kT3eHGA5iL+1Zd0EutOmTE9Dtk+Tvuzd23VBU+ec7HPNSTxXYO55gPV/hq4pSBJDjFpA==",
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/express/-/express-5.2.0.tgz",
+      "integrity": "sha512-XdpJDLxfztVY59X0zPI6sibRiGcxhTPXRD3IhJmjKf2jwMvkRGV1j7loB8U+heeamoU3XvihAaGRTR4aXXUN3A==",
       "license": "MIT",
       "dependencies": {
         "accepts": "^2.0.0",
-        "body-parser": "^2.2.0",
+        "body-parser": "^2.2.1",
         "content-disposition": "^1.0.0",
         "content-type": "^1.0.5",
         "cookie": "^0.7.1",
         "cookie-signature": "^1.2.1",
         "debug": "^4.4.0",
+        "depd": "^2.0.0",
         "encodeurl": "^2.0.0",
         "escape-html": "^1.0.3",
         "etag": "^1.8.1",
diff --git a/examples/auth/server/package.json b/examples/auth/server/package.json
index ff72373..e42fdca 100644
--- a/examples/auth/server/package.json
+++ b/examples/auth/server/package.json
@@ -12,7 +12,7 @@
     "axios": "^1.12.2",
     "body-parser": "^2.2.1",
     "cors": "^2.8.5",
-    "express": "^5.1.0",
+    "express": "^5.2.0",
     "helmet": "^7.1.0",
     "jsonwebtoken": "^9.0.2",
     "jwk-to-pem": "^2.0.7",