diff --git a/requirements.txt b/requirements.txt
index 4eb573ce36..03701004f0 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -13,7 +13,7 @@ botocore>=1.35,<1.36
 celery>=5.2.6
 coverage>=4.5.4,<5.0    # Coverage 5.x moves from a json database to SQLite.  Moving to 5.x will require substantial rewrites in ietf.utils.test_runner and ietf.release.views
 defusedxml>=0.7.1    # for TastyPie when using xml; not a declared dependency
-Django>4.2,<5
+Django>5.0.14
 django-admin-rangefilter>=0.13.2
 django-analytical>=3.1.0
 django-bootstrap5>=21.3
@@ -31,7 +31,7 @@ django-stubs>=4.2.7,<5    # The django-stubs version used determines the the myp
 django-tastypie>=0.14.7,<0.15.0    # Version must be locked in sync with version of Django
 django-vite>=2.0.2,<3
 django-widget-tweaks>=1.4.12
-djangorestframework>=3.15,<4
+djangorestframework>=3.15.2
 djlint>=1.0.0    # To auto-indent templates via "djlint --profile django --reformat"
 docutils>=0.18.1    # Used only by dbtemplates for RestructuredText
 drf-spectacular>=0.27
@@ -75,14 +75,17 @@ types-requests>=2.27.1
 requests-mock>=1.9.3
 rfc2html>=2.0.3
 scout-apm>=2.24.2
-selenium>=4.0
+selenium>=4.15.1
 tblib>=1.7.0    # So that the django test runner provides tracebacks
 tlds>=2022042700    # Used to teach bleach about which TLDs currently exist
 tqdm>=4.64.0
 types-zxcvbn~=4.5.0.20250223  # match zxcvbn version
 Unidecode>=1.3.4
-urllib3>=1.26,<2
+urllib3>=2.5.0
 weasyprint>=64.1
 xml2rfc>=3.23.0
 xym>=0.6,<1.0
 zxcvbn>=4.5.0
+h11>=0.16.0 # not directly required, pinned by Snyk to avoid a vulnerability
+sqlparse>=0.5.0 # not directly required, pinned by Snyk to avoid a vulnerability
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability