diff --git a/requirements.txt b/requirements.txt
index 155e5c6766..e19ae08deb 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,5 +1,5 @@
 # -*- conf-mode -*-
-setuptools>=51.1.0    # Require this first, to prevent later errors
+setuptools>=65.5.1    # Require this first, to prevent later errors
 #
 argon2-cffi>=21.3.0    # For the Argon2 password hasher option
 beautifulsoup4>=4.11.1    # Only used in tests
@@ -54,15 +54,19 @@ python-magic==0.4.18    # Versions beyond the yanked .19 and .20 introduce form
 python-memcached>=1.59    # for django.core.cache.backends.memcached
 python-mimeparse>=1.6    # from TastyPie
 pytz==2022.2.1   # Pinned as changes need to be vetted for their effect on Meeting fields
-requests>=2.27.1
+requests>=2.31.0
 requests-mock>=1.9.3
 rfc2html>=2.0.3
 scout-apm>=2.24.2
 selenium>=3.141.0,<4.0
 tblib>=1.7.0    # So that the django test runner provides tracebacks
 tlds>=2022042700    # Used to teach bleach about which TLDs currently exist
-tqdm>=4.64.0
+tqdm>=4.66.3
 Unidecode>=1.3.4
 weasyprint>=52.5,<53    # Datatracker tests past on 54, but xml2rfc tests do not.
 xml2rfc>=3.12.4
 xym>=0.6,<1.0
+certifi>=2024.7.4 # not directly required, pinned by Snyk to avoid a vulnerability
+idna>=3.7 # not directly required, pinned by Snyk to avoid a vulnerability
+waitress>=2.1.1 # not directly required, pinned by Snyk to avoid a vulnerability
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability