diff --git a/package.json b/package.json
index 4f680765..0e18b69d 100644
--- a/package.json
+++ b/package.json
@@ -31,7 +31,7 @@
     "awilix": "^13.0.3",
     "class-variance-authority": "^0.7.1",
     "date-fns": "^4.1.0",
-    "http-message-signatures": "^1.0.4",
+    "http-message-signatures": "^1.0.5",
     "httpbis-digest-headers": "^1.0.0",
     "iso8601-duration": "^2.1.3",
     "loglevel": "^1.9.2",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 28d7005a..4621fa8e 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -37,8 +37,8 @@ importers:
         specifier: ^4.1.0
         version: 4.1.0
       http-message-signatures:
-        specifier: ^1.0.4
-        version: 1.0.4
+        specifier: ^1.0.5
+        version: 1.0.5
       httpbis-digest-headers:
         specifier: ^1.0.0
         version: 1.0.0
@@ -1629,6 +1629,7 @@ packages:
 
   '@ungap/structured-clone@1.3.0':
     resolution: {integrity: sha512-WmoN8qaIAo7WTYWbAZuG8PYEhn5fkz7dZrqTBZ7dtt//lL2Gwms1IcnQ5yHqjDfX8Ft5j4YzDM23f87zBfDe9g==}
+    deprecated: Potential CWE-502 - Update to 1.3.1 or higher
 
   '@unrs/resolver-binding-android-arm-eabi@1.9.0':
     resolution: {integrity: sha512-h1T2c2Di49ekF2TE8ZCoJkb+jwETKUIPDJ/nO3tJBKlLFPu+fyd93f0rGP/BvArKx2k2HlRM4kqkNarj3dvZlg==}
@@ -2397,8 +2398,8 @@ packages:
   http-message-signatures@0.1.2:
     resolution: {integrity: sha512-gjJYDgFBy+xnlAs2G0gIWpiorCv9Xi7pIlOnnd91zHAK7BtkLxonmm/JAtd5e6CakOuW03IwEuJzj2YMy8lfWQ==}
 
-  http-message-signatures@1.0.4:
-    resolution: {integrity: sha512-gavCQWnxHFg0BVlKs6CmYK7hNSH1o0x0mHTC68yBAHYOYuTVXPv52mEE7QuT5TenfiagTdOa/zPJzen4lEX7Rg==}
+  http-message-signatures@1.0.5:
+    resolution: {integrity: sha512-3eO+JHsgVI1ilIzqdh8GdeLkEnpdqM8CIX+Q2gsMAqJZasj/TPKAHciuXYW87zySvPM3yudEG9sDMUhVFqkhTg==}
 
   http-proxy-agent@7.0.2:
     resolution: {integrity: sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==}
@@ -3602,10 +3603,12 @@ packages:
 
   uuid@8.3.2:
     resolution: {integrity: sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==}
+    deprecated: uuid@10 and below is no longer supported.  For ESM codebases, update to uuid@latest.  For CommonJS codebases, use uuid@11 (but be aware this version will likely be deprecated in 2028).
     hasBin: true
 
   uuid@9.0.1:
     resolution: {integrity: sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==}
+    deprecated: uuid@10 and below is no longer supported.  For ESM codebases, update to uuid@latest.  For CommonJS codebases, use uuid@11 (but be aware this version will likely be deprecated in 2028).
     hasBin: true
 
   v8-compile-cache-lib@3.0.1:
@@ -4266,7 +4269,7 @@ snapshots:
 
   '@interledger/http-signature-utils@2.0.3':
     dependencies:
-      http-message-signatures: 1.0.4
+      http-message-signatures: 1.0.5
       httpbis-digest-headers: 1.0.0
       jose: 4.15.4
       uuid: 9.0.1
@@ -5907,7 +5910,7 @@ snapshots:
 
   http-message-signatures@0.1.2: {}
 
-  http-message-signatures@1.0.4:
+  http-message-signatures@1.0.5:
     dependencies:
       structured-headers: 1.0.1