diff --git a/package-lock.json b/package-lock.json
index eb9f15738..01c8add20 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10858,11 +10858,13 @@
         "node": ">=8"
       }
     },
-    "node_modules/object-hash": {
-      "version": "2.2.0",
+    "node_modules/oauth4webapi": {
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/oauth4webapi/-/oauth4webapi-3.1.3.tgz",
+      "integrity": "sha512-dik5wEMdFL5p3JlijYvM7wMNCgaPhblLIDCZtdXcaZp5wgu5Iwmsu7lMzgFhIDTi5d0BJo03LVoOoFQvXMeOeQ==",
       "license": "MIT",
-      "engines": {
-        "node": ">= 6"
+      "funding": {
+        "url": "https://github.com/sponsors/panva"
       }
     },
     "node_modules/object-inspect": {
@@ -11024,13 +11026,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/oidc-token-hash": {
-      "version": "5.0.3",
-      "license": "MIT",
-      "engines": {
-        "node": "^10.13.0 || >=12.0.0"
-      }
-    },
     "node_modules/on-finished": {
       "version": "2.4.1",
       "license": "MIT",
@@ -11137,39 +11132,18 @@
       }
     },
     "node_modules/openid-client": {
-      "version": "5.7.0",
+      "version": "6.1.6",
+      "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-6.1.6.tgz",
+      "integrity": "sha512-ZvMKXUKKQ7AA2ZykmoA8C/1DovRY2Fzdp860xcZQIAZoWS7OGZcO9Z2FJ53jAAO505VTD7M2mgW0fdiJqaf8CQ==",
       "license": "MIT",
       "dependencies": {
-        "jose": "^4.15.9",
-        "lru-cache": "^6.0.0",
-        "object-hash": "^2.2.0",
-        "oidc-token-hash": "^5.0.3"
+        "jose": "^5.9.6",
+        "oauth4webapi": "^3.1.3"
       },
       "funding": {
         "url": "https://github.com/sponsors/panva"
       }
     },
-    "node_modules/openid-client/node_modules/jose": {
-      "version": "4.15.9",
-      "license": "MIT",
-      "funding": {
-        "url": "https://github.com/sponsors/panva"
-      }
-    },
-    "node_modules/openid-client/node_modules/lru-cache": {
-      "version": "6.0.0",
-      "license": "ISC",
-      "dependencies": {
-        "yallist": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/openid-client/node_modules/yallist": {
-      "version": "4.0.0",
-      "license": "ISC"
-    },
     "node_modules/optionator": {
       "version": "0.9.4",
       "dev": true,
@@ -13133,7 +13107,7 @@
         "@sigstore/oci": "^0.4.0",
         "@sigstore/sign": "^3.0.0",
         "open": "^8.4.2",
-        "openid-client": "^5.7.0",
+        "openid-client": "^6.1.6",
         "sigstore": "^3.0.0"
       },
       "bin": {
diff --git a/packages/cli/package.json b/packages/cli/package.json
index 37aab2fe6..41bd44537 100644
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -39,7 +39,7 @@
     "@sigstore/oci": "^0.4.0",
     "@sigstore/sign": "^3.0.0",
     "open": "^8.4.2",
-    "openid-client": "^5.7.0",
+    "openid-client": "^6.1.6",
     "sigstore": "^3.0.0"
   },
   "devDependencies": {