diff --git a/requirements.in b/requirements.in
index 2e44b6052..12242c6ff 100644
--- a/requirements.in
+++ b/requirements.in
@@ -27,7 +27,7 @@ pyproj==3.3.1
 
 # PaaS
 awscli-cwlogs>=1.4,<1.5
-itsdangerous==1.1.0  # pyup: <2
+itsdangerous==2.0.1  # pyup: <2.1.0  Release 2.1.0 introduced a change that is not compatible with Flask 1.x
 notifications-utils @ git+https://github.com/alphagov/notifications-utils.git@55.1.6
 govuk-frontend-jinja @ git+https://github.com/alphagov/govuk-frontend-jinja.git@v0.5.8-alpha
 
diff --git a/requirements.txt b/requirements.txt
index 19d1bef54..73fec4360 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -89,7 +89,7 @@ humanize==4.1.0
     # via -r requirements.in
 idna==3.3
     # via requests
-itsdangerous==1.1.0
+itsdangerous==2.0.1
     # via
     #   -r requirements.in
     #   flask
diff --git a/tests/__init__.py b/tests/__init__.py
index 4c174d477..a5d718396 100644
--- a/tests/__init__.py
+++ b/tests/__init__.py
@@ -3,6 +3,7 @@ from datetime import datetime, timedelta, timezone
 from unittest.mock import patch
 from urllib.parse import parse_qs, urlparse
 
+import freezegun
 import pytest
 from flask import session as flask_session
 from flask import url_for
@@ -11,6 +12,12 @@ from flask_login import login_user
 
 from app.models.user import User
 
+# Add itsdangerous to the libraries which freezegun ignores to avoid errors.
+# In tests where we freeze time, the code in the test function will get the frozen time but the
+# fixtures will be using the current time. This causes itsdangerous to raise an exception - when
+# the session is decoded it appears to be created in the future.
+freezegun.configure(extend_ignore_list=['itsdangerous'])
+
 
 class TestClient(FlaskClient):
     def login(self, user, mocker=None, service=None):