diff --git a/package.json b/package.json
index 3138cb4375..a9fec0a88b 100644
--- a/package.json
+++ b/package.json
@@ -6,7 +6,7 @@
 		"type": "git",
 		"url": "https://github.com/misskey-dev/misskey.git"
 	},
-	"packageManager": "pnpm@10.28.0",
+	"packageManager": "pnpm@10.28.2",
 	"workspaces": [
 		"packages/misskey-js",
 		"packages/i18n",
@@ -75,7 +75,7 @@
 		"eslint": "9.39.2",
 		"globals": "16.5.0",
 		"ncp": "2.0.0",
-		"pnpm": "10.28.0",
+		"pnpm": "10.28.2",
 		"typescript": "5.9.3",
 		"start-server-and-test": "2.1.3"
 	},
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 9ffbdedd60..0a58d6e14b 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -75,8 +75,8 @@ importers:
         specifier: 2.0.0
         version: 2.0.0
       pnpm:
-        specifier: 10.28.0
-        version: 10.28.0
+        specifier: 10.28.2
+        version: 10.28.2
       start-server-and-test:
         specifier: 2.1.3
         version: 2.1.3
@@ -8927,8 +8927,8 @@ packages:
     resolution: {integrity: sha512-40QW5YalBNfQo5yRYmiw7Yz6TKKVr3h6970B2YE+3fQpsWcrbj1PzJgxeJ19DRQjhMbKPIuMY8rFaXc8moolVw==}
     engines: {node: '>=10.13.0'}
 
-  pnpm@10.28.0:
-    resolution: {integrity: sha512-Bd9x0UIfITmeBT/eVnzqNNRG+gLHZXFEG/wceVbpjjYwiJgtlARl/TRIDU2QoGaLwSNi+KqIAApk6D0LDke+SA==}
+  pnpm@10.28.2:
+    resolution: {integrity: sha512-QYcvA3rSL3NI47Heu69+hnz9RI8nJtnPdMCPGVB8MdLI56EVJbmD/rwt9kC1Q43uYCPrsfhO1DzC1lTSvDJiZA==}
     engines: {node: '>=18.12'}
     hasBin: true
 
@@ -10181,6 +10181,7 @@ packages:
   tar@7.5.6:
     resolution: {integrity: sha512-xqUeu2JAIJpXyvskvU3uvQW8PAmHrtXp2KDuMJwQqW8Sqq0CaZBAQ+dKS3RBXVhU4wC5NjAdKrmh84241gO9cA==}
     engines: {node: '>=18'}
+    deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exhorbitant rates) by contacting i@izs.me
 
   taskkill@5.0.0:
     resolution: {integrity: sha512-+HRtZ40Vc+6YfCDWCeAsixwxJgMbPY4HHuTgzPYH3JXvqHWUlsCfy+ylXlAKhFNcuLp4xVeWeFBUhDk+7KYUvQ==}
@@ -20559,7 +20560,7 @@ snapshots:
 
   pngjs@5.0.0: {}
 
-  pnpm@10.28.0: {}
+  pnpm@10.28.2: {}
 
   polished@4.3.1:
     dependencies:
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
index cc642989ed..e77bf17e3b 100644
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -38,3 +38,5 @@ minimumReleaseAgeExclude:
   - '@fastify/express' # 脆弱性対応。そのうち消すこと
   - 'lodash' # 脆弱性対応。そのうち消すこと
   - 'tar' # 脆弱性対応。そのうち消すこと
+  # Renovate security update: pnpm@10.28.2
+  - pnpm@10.28.2