diff --git a/requirements.txt b/requirements.txt
index 155e5c6766..743dac8f17 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,5 +1,5 @@
 # -*- conf-mode -*-
-setuptools>=51.1.0    # Require this first, to prevent later errors
+setuptools>=70.0.0    # Require this first, to prevent later errors
 #
 argon2-cffi>=21.3.0    # For the Argon2 password hasher option
 beautifulsoup4>=4.11.1    # Only used in tests
@@ -9,7 +9,7 @@ celery>=5.2.6
 coverage>=4.5.4,<5.0    # Coverage 5.x moves from a json database to SQLite.  Moving to 5.x will require substantial rewrites in ietf.utils.test_runner and ietf.release.views
 decorator>=5.1.1
 defusedxml>=0.7.1    # for TastyPie when using xml; not a declared dependency
-Django>=2.2.28,<3.0
+Django>=4.2.16
 django-analytical>=3.1.0
 django-bootstrap5>=21.3
 django-celery-beat>=2.3.0
@@ -36,7 +36,7 @@ hashids>=1.3.1
 html2text>=2020.1.16    # Used only to clean comment field of secr/sreq
 html5lib>=1.1    # Only used in tests
 jsonfield>=3.1.0    # for SubmissionCheck.  This is https://github.com/bradjasper/django-jsonfield/.
-jwcrypto>=1.2    # for signed notifications - this is aspirational, and is not really used.
+jwcrypto>=1.5.6    # for signed notifications - this is aspirational, and is not really used.
 logging_tree>=1.9    # Used only by the showloggers management command
 lxml>=4.8.0,<5
 markdown>=3.3.6
@@ -44,7 +44,7 @@ mock>=4.0.3    # Used only by tests, of course
 mypy>=0.782,<0.790    # Version requirements determined by django-stubs.
 mysqlclient>=2.1.0
 oic>=1.3    # Used only by tests
-Pillow>=9.1.0
+Pillow>=10.3.0
 pyang>=2.5.3
 pyflakes>=2.4.0
 pyopenssl>=22.0.0    # Used by urllib3.contrib, which is used by PyQuery but not marked as a dependency
@@ -54,7 +54,7 @@ python-magic==0.4.18    # Versions beyond the yanked .19 and .20 introduce form
 python-memcached>=1.59    # for django.core.cache.backends.memcached
 python-mimeparse>=1.6    # from TastyPie
 pytz==2022.2.1   # Pinned as changes need to be vetted for their effect on Meeting fields
-requests>=2.27.1
+requests>=2.32.2
 requests-mock>=1.9.3
 rfc2html>=2.0.3
 scout-apm>=2.24.2
@@ -66,3 +66,7 @@ Unidecode>=1.3.4
 weasyprint>=52.5,<53    # Datatracker tests past on 54, but xml2rfc tests do not.
 xml2rfc>=3.12.4
 xym>=0.6,<1.0
+sqlparse>=0.5.0 # not directly required, pinned by Snyk to avoid a vulnerability
+urllib3>=2.2.2 # not directly required, pinned by Snyk to avoid a vulnerability
+waitress>=3.0.1 # not directly required, pinned by Snyk to avoid a vulnerability
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability