diff --git a/deployment/requirements.txt b/deployment/requirements.txt
index e6044f64..1f29465e 100644
--- a/deployment/requirements.txt
+++ b/deployment/requirements.txt
@@ -5,41 +5,96 @@
 #    pip-compile --no-index requirements.in
 #
 ansible==2.9.2
-attrs==19.3.0             # via jsonschema
-cachetools==3.1.1         # via google-auth
-certifi==2019.9.11        # via kubernetes, requests
-cffi==1.13.0              # via cryptography
-chardet==3.0.4            # via requests
-cryptography==2.8         # via ansible
-dictdiffer==0.8.0         # via openshift
-google-auth==1.6.3        # via kubernetes
-idna==2.8                 # via requests
-importlib-metadata==0.23  # via jsonschema
-jinja2==2.10.3            # via ansible, openshift
-jsonschema==3.1.1         # via kubernetes-validate
+    # via -r requirements.in
+attrs==19.3.0
+    # via jsonschema
+cachetools==3.1.1
+    # via google-auth
+certifi==2026.5.20
+    # via
+    #   kubernetes
+    #   requests
+cffi==2.0.0
+    # via cryptography
+charset-normalizer==3.4.7
+    # via requests
+cryptography==46.0.7
+    # via ansible
+dictdiffer==0.8.0
+    # via openshift
+google-auth==1.6.3
+    # via kubernetes
+idna==2.8
+    # via requests
+importlib-metadata==0.23
+    # via jsonschema
+jinja2==3.1.6
+    # via
+    #   ansible
+    #   openshift
+jsonschema==3.1.1
+    # via kubernetes-validate
+kubernetes==9.0.1
+    # via openshift
 kubernetes-validate==1.16.0
-kubernetes==9.0.1         # via openshift
-markupsafe==1.1.1         # via jinja2
-more-itertools==7.2.0     # via zipp
-oauthlib==3.1.0           # via requests-oauthlib
+    # via -r requirements.in
+markupsafe==3.0.3
+    # via jinja2
+more-itertools==7.2.0
+    # via zipp
+oauthlib==3.1.0
+    # via requests-oauthlib
 openshift==0.9.2
+    # via -r requirements.in
 passlib==1.7.1
-pyasn1-modules==0.2.7     # via google-auth
-pyasn1==0.4.7             # via pyasn1-modules, rsa
-pycparser==2.19           # via cffi
-pyrsistent==0.15.4        # via jsonschema
-python-dateutil==2.8.0    # via kubernetes
-python-string-utils==0.6.0  # via openshift
-pyyaml==5.1.2
-requests-oauthlib==1.2.0  # via kubernetes
-requests==2.22.0          # via kubernetes, requests-oauthlib
-rsa==4.0                  # via google-auth
-ruamel.yaml.clib==0.2.0   # via ruamel.yaml
-ruamel.yaml==0.16.5       # via openshift
-six==1.12.0               # via cryptography, google-auth, jsonschema, kubernetes, openshift, pyrsistent, python-dateutil, websocket-client
-urllib3==1.25.6           # via kubernetes, requests
-websocket-client==0.56.0  # via kubernetes
-zipp==0.6.0               # via importlib-metadata
+    # via -r requirements.in
+pyasn1==0.4.7
+    # via
+    #   pyasn1-modules
+    #   rsa
+pyasn1-modules==0.2.7
+    # via google-auth
+pycparser==2.19
+    # via cffi
+pyrsistent==0.15.4
+    # via jsonschema
+python-dateutil==2.8.0
+    # via kubernetes
+python-string-utils==0.6.0
+    # via openshift
+pyyaml==6.0.3
+    # via
+    #   -r requirements.in
+    #   ansible
+    #   kubernetes
+    #   kubernetes-validate
+requests==2.33.0
+    # via
+    #   kubernetes
+    #   requests-oauthlib
+requests-oauthlib==1.2.0
+    # via kubernetes
+rsa==4.0
+    # via google-auth
+ruamel-yaml==0.16.5
+    # via openshift
+six==1.12.0
+    # via
+    #   google-auth
+    #   jsonschema
+    #   kubernetes
+    #   openshift
+    #   pyrsistent
+    #   python-dateutil
+    #   websocket-client
+urllib3==2.7.0
+    # via
+    #   kubernetes
+    #   requests
+websocket-client==0.56.0
+    # via kubernetes
+zipp==0.6.0
+    # via importlib-metadata
 
 # The following packages are considered to be unsafe in a requirements file:
-# setuptools==44.0.0        # via jsonschema, kubernetes
+# setuptools
diff --git a/requirements/ci.txt b/requirements/ci.txt
index 8737c8e9..69125896 100644
--- a/requirements/ci.txt
+++ b/requirements/ci.txt
@@ -6,18 +6,18 @@
 #
 alabaster==0.7.12
 amqp==2.4.2
-babel==2.7.0
+babel==2.18.0
 beautifulsoup4==4.8.1     # via webtest
 billiard==3.6.0.0
 celery==4.3.0
-certifi==2018.11.29
+certifi==2026.5.20
 cffi==1.14.0
 chardet==3.0.4
 click==7.0
 coreapi==2.3.3
 coreschema==0.0.4
 coverage==4.5.4
-cryptography==2.8
+cryptography==46.0.7
 django-admin-index==1.2.2
 django-appconf==1.0.3
 django-auth-adfs-db==0.2.0
@@ -25,7 +25,7 @@ django-auth-adfs==1.3.1
 django-axes==4.5.4
 django-choices==1.6.2
 django-cors-middleware==1.3.1
-django-filter==2.1.0
+django-filter==25.2
 django-ipware==2.1.0
 django-markup==1.3
 django-ordered-model==2.1.0
@@ -42,13 +42,13 @@ factory-boy==2.12.0
 faker==2.0.1              # via factory-boy
 freezegun==0.3.12
 gemma-zds-client==0.11.0
-idna==2.8
+idna==3.15
 imagesize==1.1.0
 inflection==0.3.1
 iso-639==0.4.5
 isodate==0.6.0
 itypes==1.1.0
-jinja2==2.10.1
+jinja2==3.1.6
 kombu==4.5.0
 markdown==3.0.1
 markupsafe==1.1.1
@@ -59,17 +59,17 @@ pip-tools==4.2.0
 psycopg2==2.8.2
 pycparser==2.20
 pygments==2.4.2
-pyjwt==1.7.1
+pyjwt==2.12.0
 pyparsing==2.4.1.1
 python-dateutil==2.7.3    # via faker, freezegun
 python-decouple==3.1
 python-dotenv==0.10.1
 pytz==2019.1
-pyyaml==3.13
+pyyaml==6.0.3
 raven==6.10.0
 redis==3.3.11
 requests-mock==1.6.0
-requests==2.21.0
+requests==2.33.0
 ruamel.yaml==0.15.89
 six==1.12.0
 snowballstemmer==1.9.0
@@ -82,17 +82,17 @@ sphinxcontrib-htmlhelp==1.0.2
 sphinxcontrib-jsmath==1.0.1
 sphinxcontrib-qthelp==1.0.2
 sphinxcontrib-serializinghtml==1.1.3
-sqlparse==0.3.0
+sqlparse==0.5.4
 tblib==1.4.0
 text-unidecode==1.2       # via faker
 unidecode==1.0.23
 uritemplate==3.0.0
-urllib3==1.24.3
+urllib3==2.7.0
 uwsgi==2.0.18
 vine==1.3.0
 vng-api-common==1.0.34
-waitress==1.3.1           # via webtest
-webob==1.8.5              # via webtest
+waitress==3.0.1           # via webtest
+webob==1.8.10              # via webtest
 webtest==2.0.33           # via django-webtest
 
 # The following packages are considered to be unsafe in a requirements file: