diff --git a/requirements/ci.txt b/requirements/ci.txt
index 4395f7bb..9455adf2 100644
--- a/requirements/ci.txt
+++ b/requirements/ci.txt
@@ -42,7 +42,7 @@ pyproject-api==1.7.1
     # via tox
 requests==2.32.3
     # via coveralls
-tox==4.17.1
+tox==4.18.0
     # via -r requirements/ci.in
 urllib3==2.2.2
     # via requests
diff --git a/requirements/common_constraints.txt b/requirements/common_constraints.txt
index b957ec4c..31879f79 100644
--- a/requirements/common_constraints.txt
+++ b/requirements/common_constraints.txt
@@ -23,15 +23,6 @@ elasticsearch<7.14.0
 # django-simple-history>3.0.0 adds indexing and causes a lot of migrations to be affected
 django-simple-history==3.0.0
 
-# opentelemetry requires version 6.x at the moment:
-# https://github.com/open-telemetry/opentelemetry-python/issues/3570
-# Normally this could be added as a constraint in edx-django-utils, where we're
-# adding the opentelemetry dependency. However, when we compile pip-tools.txt,
-# that uses version 7.x, and then there's no undoing that when compiling base.txt.
-# So we need to pin it globally, for now.
-# Ticket for unpinning: https://github.com/openedx/edx-lint/issues/407
-importlib-metadata<7
-
 # Cause: https://github.com/openedx/event-tracking/pull/290
 # event-tracking 2.4.1 upgrades to pymongo 4.4.0 which is not supported on edx-platform.
 # We will pin event-tracking to do not break existing installations
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 4a69a77d..7ac69db4 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -124,7 +124,7 @@ edx-opaque-keys==2.10.0
     # via edx-drf-extensions
 edx-toggles==5.2.0
     # via -r requirements/base.in
-fastapi==0.112.0
+fastapi==0.112.1
     # via pact-python
 filelock==3.15.4
     # via
@@ -139,9 +139,8 @@ idna==3.7
     #   anyio
     #   requests
     #   yarl
-importlib-metadata==6.11.0
+importlib-metadata==8.2.0
     # via
-    #   -c requirements/common_constraints.txt
     #   keyring
     #   twine
 iniconfig==2.0.0
@@ -166,7 +165,7 @@ jinja2==3.1.4
     #   diff-cover
 keyring==25.3.0
     # via twine
-lxml==5.2.2
+lxml==5.3.0
     # via -r requirements/base.in
 markdown-it-py==3.0.0
     # via rich
@@ -305,7 +304,7 @@ snowballstemmer==2.2.0
     # via pydocstyle
 sqlparse==0.5.1
     # via django
-starlette==0.37.2
+starlette==0.38.2
     # via fastapi
 stevedore==5.2.0
     # via
@@ -314,9 +313,9 @@ stevedore==5.2.0
     #   edx-opaque-keys
 text-unidecode==1.3
     # via python-slugify
-tomlkit==0.13.0
+tomlkit==0.13.2
     # via pylint
-tox==4.17.1
+tox==4.18.0
     # via -r requirements/ci.in
 twine==5.1.1
     # via -r requirements/quality.in
@@ -331,13 +330,13 @@ urllib3==2.2.2
     #   requests
     #   responses
     #   twine
-uvicorn==0.30.5
+uvicorn==0.30.6
     # via pact-python
 virtualenv==20.26.3
     # via tox
 yarl==1.9.4
     # via pact-python
-zipp==3.19.2
+zipp==3.20.0
     # via importlib-metadata
 
 # The following packages are considered to be unsafe in a requirements file:
diff --git a/requirements/pip.txt b/requirements/pip.txt
index 7a6ada8e..5f8b9c04 100644
--- a/requirements/pip.txt
+++ b/requirements/pip.txt
@@ -10,5 +10,5 @@ wheel==0.44.0
 # The following packages are considered to be unsafe in a requirements file:
 pip==24.2
     # via -r requirements/pip.in
-setuptools==72.1.0
+setuptools==72.2.0
     # via -r requirements/pip.in
diff --git a/requirements/quality.txt b/requirements/quality.txt
index e78dae9f..e80f6c65 100644
--- a/requirements/quality.txt
+++ b/requirements/quality.txt
@@ -108,7 +108,7 @@ edx-opaque-keys==2.10.0
     # via edx-drf-extensions
 edx-toggles==5.2.0
     # via -r requirements/base.in
-fastapi==0.112.0
+fastapi==0.112.1
     # via pact-python
 fs==2.4.16
     # via -r requirements/test.in
@@ -119,9 +119,8 @@ idna==3.7
     #   anyio
     #   requests
     #   yarl
-importlib-metadata==6.11.0
+importlib-metadata==8.2.0
     # via
-    #   -c requirements/common_constraints.txt
     #   keyring
     #   twine
 iniconfig==2.0.0
@@ -144,7 +143,7 @@ jinja2==3.1.4
     # via code-annotations
 keyring==25.3.0
     # via twine
-lxml==5.2.2
+lxml==5.3.0
     # via -r requirements/base.in
 markdown-it-py==3.0.0
     # via rich
@@ -270,7 +269,7 @@ snowballstemmer==2.2.0
     # via pydocstyle
 sqlparse==0.5.1
     # via django
-starlette==0.37.2
+starlette==0.38.2
     # via fastapi
 stevedore==5.2.0
     # via
@@ -279,7 +278,7 @@ stevedore==5.2.0
     #   edx-opaque-keys
 text-unidecode==1.3
     # via python-slugify
-tomlkit==0.13.0
+tomlkit==0.13.2
     # via pylint
 twine==5.1.1
     # via -r requirements/quality.in
@@ -294,11 +293,11 @@ urllib3==2.2.2
     #   requests
     #   responses
     #   twine
-uvicorn==0.30.5
+uvicorn==0.30.6
     # via pact-python
 yarl==1.9.4
     # via pact-python
-zipp==3.19.2
+zipp==3.20.0
     # via importlib-metadata
 
 # The following packages are considered to be unsafe in a requirements file:
diff --git a/requirements/test.txt b/requirements/test.txt
index 9d2e7959..d4c921c1 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -85,7 +85,7 @@ edx-opaque-keys==2.10.0
     # via edx-drf-extensions
 edx-toggles==5.2.0
     # via -r requirements/base.in
-fastapi==0.112.0
+fastapi==0.112.1
     # via pact-python
 fs==2.4.16
     # via -r requirements/test.in
@@ -100,7 +100,7 @@ iniconfig==2.0.0
     # via pytest
 jinja2==3.1.4
     # via code-annotations
-lxml==5.2.2
+lxml==5.3.0
     # via -r requirements/base.in
 markupsafe==2.1.5
     # via jinja2
@@ -173,7 +173,7 @@ sniffio==1.3.1
     # via anyio
 sqlparse==0.5.1
     # via django
-starlette==0.37.2
+starlette==0.38.2
     # via fastapi
 stevedore==5.2.0
     # via
@@ -192,7 +192,7 @@ urllib3==2.2.2
     # via
     #   requests
     #   responses
-uvicorn==0.30.5
+uvicorn==0.30.6
     # via pact-python
 yarl==1.9.4
     # via pact-python