diff --git a/Makefile b/Makefile
index 0148bfdeaa..31af902b30 100644
--- a/Makefile
+++ b/Makefile
@@ -77,7 +77,7 @@ RECEPTOR_IMAGE ?= quay.io/ansible/receptor:devel
SRC_ONLY_PKGS ?= cffi,pycparser,psycopg,twilio
# These should be upgraded in the AWX and Ansible venv before attempting
# to install the actual requirements
-VENV_BOOTSTRAP ?= pip==21.2.4 setuptools==78.1.1 setuptools_scm[toml]==8.0.4 wheel==0.42.0 cython==0.29.37
+VENV_BOOTSTRAP ?= pip==21.2.4 setuptools==78.1.1 setuptools_scm[toml]==8.0.4 wheel==0.42.0 cython==3.1.3
NAME ?= awx
diff --git a/licenses/docutils.txt b/licenses/docutils.txt
deleted file mode 100644
index ec5b3bd729..0000000000
--- a/licenses/docutils.txt
+++ /dev/null
@@ -1,137 +0,0 @@
-==================
- Copying Docutils
-==================
-
-:Author: David Goodger
-:Contact: goodger@python.org
-:Date: $Date: 2015-05-08 17:56:32 +0200 (Fr, 08 Mai 2015) $
-:Web site: http://docutils.sourceforge.net/
-:Copyright: This document has been placed in the public domain.
-
-Most of the files included in this project have been placed in the
-public domain, and therefore have no license requirements and no
-restrictions on copying or usage; see the `Public Domain Dedication`_
-below. There are a few exceptions_, listed below.
-Files in the Sandbox_ are not distributed with Docutils releases and
-may have different license terms.
-
-
-Public Domain Dedication
-========================
-
-The persons who have associated their work with this project (the
-"Dedicator": David Goodger and the many contributors to the Docutils
-project) hereby dedicate the entire copyright, less the exceptions_
-listed below, in the work of authorship known as "Docutils" identified
-below (the "Work") to the public domain.
-
-The primary repository for the Work is the Internet World Wide Web
-site . The Work consists of the
-files within the "docutils" module of the Docutils project Subversion
-repository (Internet host docutils.svn.sourceforge.net, filesystem path
-/svnroot/docutils), whose Internet web interface is located at
-. Files dedicated to the
-public domain may be identified by the inclusion, near the beginning
-of each file, of a declaration of the form::
-
- Copyright: This document/module/DTD/stylesheet/file/etc. has been
- placed in the public domain.
-
-Dedicator makes this dedication for the benefit of the public at large
-and to the detriment of Dedicator's heirs and successors. Dedicator
-intends this dedication to be an overt act of relinquishment in
-perpetuity of all present and future rights under copyright law,
-whether vested or contingent, in the Work. Dedicator understands that
-such relinquishment of all rights includes the relinquishment of all
-rights to enforce (by lawsuit or otherwise) those copyrights in the
-Work.
-
-Dedicator recognizes that, once placed in the public domain, the Work
-may be freely reproduced, distributed, transmitted, used, modified,
-built upon, or otherwise exploited by anyone for any purpose,
-commercial or non-commercial, and in any way, including by methods
-that have not yet been invented or conceived.
-
-(This dedication is derived from the text of the `Creative Commons
-Public Domain Dedication`. [#]_)
-
-.. [#] Creative Commons has `retired this legal tool`__ and does not
- recommend that it be applied to works: This tool is based on United
- States law and may not be applicable outside the US. For dedicating new
- works to the public domain, Creative Commons recommend the replacement
- Public Domain Dedication CC0_ (CC zero, "No Rights Reserved"). So does
- the Free Software Foundation in its license-list_.
-
- __ http://creativecommons.org/retiredlicenses
- .. _CC0: http://creativecommons.org/about/cc0
-
-Exceptions
-==========
-
-The exceptions to the `Public Domain Dedication`_ above are:
-
-* docutils/writers/s5_html/themes/default/iepngfix.htc:
-
- IE5.5+ PNG Alpha Fix v1.0 by Angus Turnbull
- . Free usage permitted as long as
- this notice remains intact.
-
-* docutils/utils/math/__init__.py,
- docutils/utils/math/latex2mathml.py,
- docutils/writers/xetex/__init__.py,
- docutils/writers/latex2e/docutils-05-compat.sty,
- docs/user/docutils-05-compat.sty.txt,
- docutils/utils/error_reporting.py,
- docutils/test/transforms/test_smartquotes.py:
-
- Copyright © Günter Milde.
- Released under the terms of the `2-Clause BSD license`_
- (`local copy `__).
-
-* docutils/utils/smartquotes.py
-
- Copyright © 2011 Günter Milde,
- based on `SmartyPants`_ © 2003 John Gruber
- (released under a 3-Clause BSD license included in the file)
- and smartypants.py © 2004, 2007 Chad Miller.
- Released under the terms of the `2-Clause BSD license`_
- (`local copy `__).
-
- .. _SmartyPants: http://daringfireball.net/projects/smartypants/
-
-* docutils/utils/math/math2html.py,
- docutils/writers/html4css1/math.css
-
- Copyright © Alex Fernández
- These files are part of eLyXer_, released under the `GNU
- General Public License`_ version 3 or later. The author relicensed
- them for Docutils under the terms of the `2-Clause BSD license`_
- (`local copy `__).
-
- .. _eLyXer: http://www.nongnu.org/elyxer/
-
-* docutils/utils/roman.py, copyright by Mark Pilgrim, released under the
- `Python 2.1.1 license`_ (`local copy`__).
-
- __ licenses/python-2-1-1.txt
-
-* tools/editors/emacs/rst.el, copyright by Free Software Foundation,
- Inc., released under the `GNU General Public License`_ version 3 or
- later (`local copy`__).
-
- __ licenses/gpl-3-0.txt
-
-The `2-Clause BSD license`_ and the Python licenses are OSI-approved_
-and GPL-compatible_.
-
-Plaintext versions of all the linked-to licenses are provided in the
-licenses_ directory.
-
-.. _sandbox: http://docutils.sourceforge.net/sandbox/README.html
-.. _licenses: licenses/
-.. _Python 2.1.1 license: http://www.python.org/2.1.1/license.html
-.. _GNU General Public License: http://www.gnu.org/copyleft/gpl.html
-.. _2-Clause BSD license: http://www.spdx.org/licenses/BSD-2-Clause
-.. _OSI-approved: http://opensource.org/licenses/
-.. _license-list:
-.. _GPL-compatible: http://www.gnu.org/licenses/license-list.html
diff --git a/requirements/requirements.in b/requirements/requirements.in
index 28e0197cde..48dc040a42 100644
--- a/requirements/requirements.in
+++ b/requirements/requirements.in
@@ -2,7 +2,7 @@ aiohttp>=3.11.6 # CVE-2024-52304
ansiconv==1.0.0 # UPGRADE BLOCKER: from 2013, consider replacing instead of upgrading
ansible-runner==2.4.1
jq # used for indirect host counting feature
-asciichartpy
+asciichartpy<=1.5.7 # Unable to build from source for >1.5.7 due to missing README.md in PyPI sdist
asn1
azure-identity
azure-keyvault
@@ -10,8 +10,8 @@ boto3
botocore
channels
channels-redis
-cryptography>=41.0.7 # CVE-2023-49083
-Cython<3 # due to https://github.com/yaml/pyyaml/pull/702
+cryptography>=42.0.4 # CVE-2024-26130
+Cython
daphne
distro
django==4.2.23 # CVE-2025-48432
@@ -37,7 +37,7 @@ JSON-log-formatter
jsonschema
Markdown # used for formatting API help
maturin # pydantic-core build dep
-msgpack<1.0.6 # 1.0.6+ requires cython>=3
+msgpack
msrestazure
OPA-python-client==2.0.2 # Code contain monkey patch targeted to 2.0.2 to fix https://github.com/Turall/OPA-python-client/issues/29
openshift
@@ -53,11 +53,11 @@ pygerduty
PyGithub <= 2.6.0
pyopenssl>=23.2.0 # resolve dep conflict from cryptography pin above
pyparsing==2.4.6 # Upgrading to v3 of pyparsing introduce errors on smart host filtering: Expected 'or' term, found 'or' (at char 15), (line:1, col:16)
-python-daemon>3.0.0
+python-daemon
python-dsv-sdk>=1.0.4
python-tss-sdk>=1.2.1
python-ldap
-pyyaml>=6.0.1
+pyyaml>=6.0.2
pyzstd # otel collector log file compression library
receptorctl==1.5.7
social-auth-core == 4.5.4 # hard pinned due to resolver picking CVE version when uncapped
@@ -78,6 +78,8 @@ setuptools_scm[toml] # see UPGRADE BLOCKERs, xmlsec build dep
setuptools-rust>=0.11.4 # cryptography build dep
pkgconfig>=1.5.1 # xmlsec build dep - needed for offline build
django-flags>=5.0.13
+protobuf>=4.25.8 # CVE-2025-4565
+idna>=3.10 # CVE-2024-3651
# Temporarily added to use ansible-runner from git branch, to be removed
# when ansible-runner moves from requirements_git.txt to here
pbr
diff --git a/requirements/requirements.txt b/requirements/requirements.txt
index e2a9f964dd..48089cea5e 100644
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@@ -22,7 +22,7 @@ ansible-runner==2.4.1
# via -r /awx_devel/requirements/requirements.in
ansiconv==1.0.0
# via -r /awx_devel/requirements/requirements.in
-asciichartpy==1.5.25
+asciichartpy==1.5.7
# via -r /awx_devel/requirements/requirements.in
asgiref==3.7.2
# via
@@ -30,6 +30,7 @@ asgiref==3.7.2
# channels-redis
# daphne
# django
+ # django-ansible-base
# django-cors-headers
asn1==2.7.0
# via -r /awx_devel/requirements/requirements.in
@@ -106,7 +107,7 @@ click==8.1.7
# via receptorctl
constantly==23.10.4
# via twisted
-cryptography==41.0.7
+cryptography==42.0.8
# via
# -r /awx_devel/requirements/requirements.in
# adal
@@ -120,7 +121,7 @@ cryptography==41.0.7
# pyopenssl
# service-identity
# social-auth-core
-cython==0.29.37
+cython==3.1.3
# via -r /awx_devel/requirements/requirements.in
daphne==3.0.2
# via
@@ -187,8 +188,6 @@ djangorestframework==3.15.2
# django-ansible-base
djangorestframework-yaml==2.0.0
# via -r /awx_devel/requirements/requirements.in
-docutils==0.20.1
- # via python-daemon
dynaconf==3.2.10
# via
# -r /awx_devel/requirements/requirements.in
@@ -221,8 +220,9 @@ hyperlink==21.0.0
# via
# autobahn
# twisted
-idna==3.6
+idna==3.10
# via
+ # -r /awx_devel/requirements/requirements.in
# hyperlink
# requests
# twisted
@@ -305,7 +305,7 @@ msal==1.26.0
# msal-extensions
msal-extensions==1.1.0
# via azure-identity
-msgpack==1.0.5
+msgpack==1.1.1
# via
# -r /awx_devel/requirements/requirements.in
# channels-redis
@@ -363,7 +363,7 @@ opentelemetry-sdk==1.24.0
# opentelemetry-exporter-otlp-proto-http
opentelemetry-semantic-conventions==0.45b0
# via opentelemetry-sdk
-packaging==23.2
+packaging==25.0
# via
# ansible-runner
# msal-extensions
@@ -384,8 +384,9 @@ propcache==0.2.0
# via
# aiohttp
# yarl
-protobuf==4.25.3
+protobuf==4.25.8
# via
+ # -r /awx_devel/requirements/requirements.in
# googleapis-common-protos
# opentelemetry-proto
psutil==5.9.8
@@ -420,6 +421,7 @@ pygithub==2.6.0
pyjwt[crypto]==2.8.0
# via
# adal
+ # django-ansible-base
# msal
# pygithub
# social-auth-core
@@ -434,7 +436,7 @@ pyparsing==2.4.6
# via -r /awx_devel/requirements/requirements.in
pyrad==2.4
# via django-radius
-python-daemon==3.0.1
+python-daemon==3.1.2
# via
# -r /awx_devel/requirements/requirements.in
# ansible-runner
@@ -461,7 +463,7 @@ pytz==2024.1
# via
# irc
# tempora
-pyyaml==6.0.1
+pyyaml==6.0.2
# via
# -r /awx_devel/requirements/requirements.in
# ansible-runner
@@ -485,6 +487,7 @@ requests==2.32.3
# -r /awx_devel/requirements/requirements.in
# adal
# azure-core
+ # django-ansible-base
# django-oauth-toolkit
# kubernetes
# msal
@@ -551,7 +554,7 @@ tempora==5.5.1
# via
# irc
# jaraco-logging
-tomli==2.0.1
+tomli==2.2.1
# via
# incremental
# maturin
@@ -585,6 +588,7 @@ urllib3==1.26.20
# via
# -r /awx_devel/requirements/requirements.in
# botocore
+ # django-ansible-base
# kubernetes
# pygithub
# requests
@@ -619,7 +623,6 @@ setuptools==78.1.1
# autobahn
# incremental
# opentelemetry-instrumentation
- # python-daemon
# setuptools-rust
# setuptools-scm
# zope-interface