diff --git a/requirements-app.txt b/requirements-app.txt
index 80933ce40..c1cc12c12 100644
--- a/requirements-app.txt
+++ b/requirements-app.txt
@@ -1,34 +1,35 @@
 # Run `make freeze-requirements` to update requirements.txt
 # with package version changes made in requirements-app.txt
 
-cffi==1.14.4
+cffi==1.14.5
 celery[sqs]==3.1.26.post2 # pyup: <4
 docopt==0.6.2
 Flask-Bcrypt==0.7.1
 flask-marshmallow==0.14.0
-Flask-Migrate==2.5.3
+Flask-Migrate==2.7.0
 git+https://github.com/mitsuhiko/flask-sqlalchemy.git@500e732dd1b975a56ab06a46bd1a20a21e682262#egg=Flask-SQLAlchemy==2.3.2.dev20190108
 Flask==1.1.2
 click-datetime==0.2
-eventlet==0.30.0
+eventlet==0.30.1
 gunicorn==20.0.4
-iso8601==0.1.13
+iso8601==0.1.14
 itsdangerous==1.1.0
 jsonschema==3.2.0
 marshmallow-sqlalchemy==0.23.1 # pyup: <0.24.1 # marshmallow v3 throws errors
 marshmallow==2.21.0 # pyup: <3 # v3 throws errors
 psycopg2-binary==2.8.6
-PyJWT==2.0.0
-SQLAlchemy==1.3.22
+PyJWT==2.0.1
+SQLAlchemy==1.3.23
 strict-rfc3339==0.7
 rfc3987==1.3.8
-cachetools==4.2.0
+cachetools==4.2.1
 beautifulsoup4==4.9.3
 lxml==4.6.2
-# higher version causes build to fail
+# higher version causes build to fail on PaaS due to lack of Rust
+# see https://github.com/pyca/cryptography/issues/5810
 cryptography<3.4
 
-notifications-python-client==5.7.1
+notifications-python-client==6.0.2
 
 # PaaS
 awscli-cwlogs==1.4.6
diff --git a/requirements.txt b/requirements.txt
index 6bedf5a41..36239e801 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,34 +3,35 @@
 # Run `make freeze-requirements` to update requirements.txt
 # with package version changes made in requirements-app.txt
 
-cffi==1.14.4
+cffi==1.14.5
 celery[sqs]==3.1.26.post2 # pyup: <4
 docopt==0.6.2
 Flask-Bcrypt==0.7.1
 flask-marshmallow==0.14.0
-Flask-Migrate==2.5.3
+Flask-Migrate==2.7.0
 git+https://github.com/mitsuhiko/flask-sqlalchemy.git@500e732dd1b975a56ab06a46bd1a20a21e682262#egg=Flask-SQLAlchemy==2.3.2.dev20190108
 Flask==1.1.2
 click-datetime==0.2
-eventlet==0.30.0
+eventlet==0.30.1
 gunicorn==20.0.4
-iso8601==0.1.13
+iso8601==0.1.14
 itsdangerous==1.1.0
 jsonschema==3.2.0
 marshmallow-sqlalchemy==0.23.1 # pyup: <0.24.1 # marshmallow v3 throws errors
 marshmallow==2.21.0 # pyup: <3 # v3 throws errors
 psycopg2-binary==2.8.6
-PyJWT==2.0.0
-SQLAlchemy==1.3.22
+PyJWT==2.0.1
+SQLAlchemy==1.3.23
 strict-rfc3339==0.7
 rfc3987==1.3.8
-cachetools==4.2.0
+cachetools==4.2.1
 beautifulsoup4==4.9.3
 lxml==4.6.2
-# higher version causes build to fail
+# higher version causes build to fail on PaaS due to lack of Rust
+# see https://github.com/pyca/cryptography/issues/5810
 cryptography<3.4
 
-notifications-python-client==5.7.1
+notifications-python-client==6.0.2
 
 # PaaS
 awscli-cwlogs==1.4.6
@@ -42,18 +43,18 @@ prometheus-client==0.9.0
 gds-metrics==0.2.4
 
 ## The following requirements were added by pip freeze:
-alembic==1.5.5
+alembic==1.5.6
 amqp==1.4.9
 anyjson==0.3.3
 attrs==20.3.0
-awscli==1.19.14
+awscli==1.19.22
 bcrypt==3.2.0
 billiard==3.3.0.23
 bleach==3.3.0
 blinker==1.4
 boto==2.49.0
-boto3==1.17.14
-botocore==1.20.14
+boto3==1.17.22
+botocore==1.20.22
 certifi==2020.12.5
 chardet==4.0.0
 click==7.1.2
@@ -61,22 +62,20 @@ colorama==0.4.3
 dnspython==1.16.0
 docutils==0.15.2
 flask-redis==0.4.0
-future==0.18.2
 geojson==2.5.0
 govuk-bank-holidays==0.8
 greenlet==1.0.0
 idna==2.10
-importlib-metadata==3.6.0
+importlib-metadata==3.7.2
 Jinja2==2.11.3
 jmespath==0.10.0
 kombu==3.0.37
 Mako==1.1.4
 MarkupSafe==1.1.1
 mistune==0.8.4
-monotonic==1.5
 orderedset==2.0.3
 packaging==20.9
-phonenumbers==8.12.18
+phonenumbers==8.12.19
 pyasn1==0.4.8
 pycparser==2.20
 pyparsing==2.4.7
@@ -100,4 +99,4 @@ typing-extensions==3.7.4.3
 urllib3==1.26.3
 webencodings==0.5.1
 Werkzeug==1.0.1
-zipp==3.4.0
+zipp==3.4.1