diff --git a/package.json b/package.json
index 8a2f0c55..49ce73b3 100644
--- a/package.json
+++ b/package.json
@@ -143,7 +143,7 @@
       "@babel/helpers@<7.26.10": ">=7.29.2",
       "cross-spawn@>=7.0.0 <7.0.5": ">=7.0.6",
       "brace-expansion@>=1.0.0 <=1.1.11": ">=1.1.12",
-      "brace-expansion@>=2.0.0 <=2.0.1": ">=2.0.2",
+      "brace-expansion@>=2.0.0 <=2.0.1": ">=5.0.5",
       "pbkdf2@<=3.1.2": ">=3.1.5",
       "sha.js@<=2.4.11": ">=2.4.12",
       "cipher-base@<=1.0.4": ">=1.0.7",
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
index 0ce6b8d6..72420ce0 100644
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -4,5 +4,7 @@ minimumReleaseAgeExclude:
   - '@kong/*'
   - '@kong-ui/*'
   - '@kong-ui-public/*'
+  # Renovate security update: brace-expansion@>=2.0.0 <=2.0.1@5.0.5
+  - brace-expansion@>=2.0.0 <=2.0.1@5.0.5
 # When set to no-downgrade, pnpm will fail if a package's trust level has decreased compared to previous releases
 trustPolicy: no-downgrade