diff --git a/requirements.txt b/requirements.txt
index 63dd412..13ecd5e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,12 +1,12 @@
 # The order of packages is significant, because pip processes them in the order
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.
-pbr>=2.0.0,!=2.1.0  # Apache-2.0
-debtcollector>=1.2.0  # Apache-2.0
+pbr!=2.1.0,>=2.0.0 # Apache-2.0
+debtcollector>=1.2.0 # Apache-2.0
 monasca-statsd>=1.1.0 # Apache-2.0
 requests>=2.14.2 # Apache-2.0
-PyYAML>=3.10  # MIT
-six>=1.9.0 # MIT
+PyYAML>=3.10 # MIT
+six>=1.10.0 # MIT
 monasca-common>=1.4.0 # Apache-2.0
-oslo.config>=4.6.0  # Apache-2.0
-oslo.log>=3.30.0  # Apache-2.0
+oslo.config>=5.1.0 # Apache-2.0
+oslo.log>=3.36.0 # Apache-2.0
diff --git a/setup.cfg b/setup.cfg
index d40653c..c49688f 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -35,5 +35,5 @@ universal = 1
 
 [extras]
 jira_plugin =
-    jira
-    jinja2
+  jira
+  Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause)
diff --git a/test-requirements.txt b/test-requirements.txt
index b5fb958..73c420e 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -4,14 +4,14 @@
 # Hacking already pins down pep8, pyflakes and flake8
 
 bandit>=1.1.0 # Apache-2.0
-Babel>=2.3.4,!=2.4.0  # BSD
+Babel!=2.4.0,>=2.3.4 # BSD
 hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
-coverage>=4.0,!=4.4  # Apache-2.0
-mock>=2.0.0  # BSD
-funcsigs>=1.0.0;python_version=='2.7' or python_version=='2.6'  # Apache-2.0
+coverage!=4.4,>=4.0 # Apache-2.0
+mock>=2.0.0 # BSD
+funcsigs>=1.0.0;python_version=='2.7' or python_version=='2.6' # Apache-2.0
 os-testr>=1.0.0 # Apache-2.0
-oslotest>=1.10.0 # Apache-2.0
+oslotest>=3.2.0 # Apache-2.0
 testrepository>=0.0.18 # Apache-2.0/BSD
-SQLAlchemy>=1.0.10,!=1.1.5,!=1.1.6,!=1.1.7,!=1.1.8  # MIT
+SQLAlchemy!=1.1.5,!=1.1.6,!=1.1.7,!=1.1.8,>=1.0.10 # MIT
 PyMySQL>=0.7.6 # MIT License
 psycopg2>=2.6.2 # LGPL/ZPL