diff --git a/lower-constraints.txt b/lower-constraints.txt
index 7ea6342..d33ca42 100644
--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@@ -1,12 +1,12 @@
 appdirs==1.3.0
 asn1crypto==0.23.0
 Babel==2.3.4
-cffi==1.7.0
+cffi==1.14.0
 chardet==3.0.4
 cliff==2.8.0
 cmd2==0.8.0
-coverage==4.0
-cryptography==2.1
+coverage==5.0
+cryptography==2.7
 debtcollector==1.2.0
 decorator==3.4.0
 deprecation==1.0
@@ -60,7 +60,7 @@ python-mimeparse==1.6.0
 python-novaclient==9.1.0
 python-openstackclient==3.12.0
 pytz==2013.6
-PyYAML==3.12
+PyYAML==3.13
 requests==2.14.2
 requests-mock==1.2.0
 requestsexceptions==1.2.0
diff --git a/requirements.txt b/requirements.txt
index 5b4775b..19314ad 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,5 +4,5 @@
 cliff!=2.9.0,>=2.8.0 # Apache-2.0
 keystoneauth1>=3.4.0 # Apache-2.0
 pbr!=2.1.0,>=2.0.0 # Apache-2.0
-PyYAML>=3.12 # MIT
+PyYAML>=3.13 # MIT
 requests>=2.14.2 # Apache-2.0
diff --git a/test-requirements.txt b/test-requirements.txt
index daadc4b..8cb671b 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,7 +1,7 @@
 # The order of packages is significant, because pip processes them in the order
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.
-coverage!=4.4,>=4.0 # Apache-2.0
+coverage>=5.0 # Apache-2.0
 doc8>=0.6.0 # Apache-2.0
 fixtures>=3.0.0 # Apache-2.0/BSD
 flake8-import-order>=0.17.1 # LGPLv3