diff --git a/pyproject.toml b/pyproject.toml
index 6a5d8db..2fed305 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -12,7 +12,7 @@ readme = "README.md"
 
 dependencies = [
   # Dependencies available from both PyPI and conda should be listed here
-  "numpy>=2.2,<3",
+  "numpy>=2.2.6,<3",
   "QtPy",
   "PyQt5",
   "pyqtgraph",
@@ -113,9 +113,9 @@ brotli = ">=1.2.0"
 urllib3 = ">=2.6.3"          # Known vulnerability in <2.6.3
 filelock = ">=3.20.3"        # Known vulnerability in <3.20.3
 virtualenv = ">=20.36.1,<21" # Known vulnerability in <20.36.1; capped due to https://github.com/pypa/hatch/issues/2193
-cryptography = ">=46.0.5"    # CVE-2026-26007
+cryptography = ">=46.0.7"    # CVE-2026-26007, CVE-2026-39892
 requests = ">=2.33.0"        # CVE-2026-25645
-pillow = ">=12.1.1"          # CVE-2026-25990
+pillow = ">=12.2.0"          # CVE-2026-25990, CVE-2026-40192
 
 [tool.pixi.pypi-dependencies]
 # PyPI dependencies, including this package to allow local editable installs
@@ -154,7 +154,7 @@ default = { features = [
 jupyter = { features = ["developer", "jupyter"], solve-group = "jupyter" }
 
 [tool.pixi.feature.test.dependencies]
-pytest = ">=6.2.4,<9.0.0" # constrained to match pytest-playwright requirements
+pytest = ">=9.0.3"  # CVE-2025-71176 fixed in 9.0.3
 pytest-cov = "*"
 pytest-repeat = "*"
 pytest-xdist = "*"