diff --git a/requirements.txt b/requirements.txt
index d8b6e0742f..9065458e2b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,5 +1,5 @@
 # -*- conf-mode -*-
-setuptools>=51.1.0    # Require this first, to prevent later errors
+setuptools>=78.1.1    # Require this first, to prevent later errors
 #
 argon2-cffi>=21.3.0    # For the Argon2 password hasher option
 beautifulsoup4>=4.11.1    # Only used in tests
@@ -12,7 +12,7 @@ botocore>=1.35,<1.36
 celery>=5.2.6
 coverage>=4.5.4,<5.0    # Coverage 5.x moves from a json database to SQLite.  Moving to 5.x will require substantial rewrites in ietf.utils.test_runner and ietf.release.views
 defusedxml>=0.7.1    # for TastyPie when using xml; not a declared dependency
-Django>4.2,<5
+Django>4.2.22
 django-analytical>=3.1.0
 django-bootstrap5>=21.3
 django-celery-beat>=2.3.0
@@ -69,7 +69,7 @@ pymemcache>=4.0.0  # for django.core.cache.backends.memcached.PyMemcacheCache
 python-mimeparse>=1.6    # from TastyPie
 pytz==2022.2.1   # Pinned as changes need to be vetted for their effect on Meeting fields
 types-pytz==2022.2.1   # match pytz version
-requests>=2.31.0
+requests>=2.32.4
 types-requests>=2.27.1
 requests-mock>=1.9.3
 rfc2html>=2.0.3
@@ -79,7 +79,8 @@ tblib>=1.7.0    # So that the django test runner provides tracebacks
 tlds>=2022042700    # Used to teach bleach about which TLDs currently exist
 tqdm>=4.64.0
 Unidecode>=1.3.4
-urllib3>=1.26,<2
+urllib3>=2.5.0
 weasyprint>=64.1
 xml2rfc>=3.23.0
 xym>=0.6,<1.0
+h11>=0.16.0 # not directly required, pinned by Snyk to avoid a vulnerability