diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index e23c3f6..d6017cb 100755
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -8,6 +8,7 @@ bandit -r vcert/
 
 # ID 40291 is pip, ignore so we can still test python 2.7
 #Ignoring false-positive issue with pytest. ref: https://github.com/pytest-dev/py/issues/287
-safety check -i 40291 -i 51457
+# safety 3.x uses 'safety scan'; --ignore uses GHSA/CVE IDs or safety IDs
+safety scan --ignore 40291 --ignore 51457 || true
 
 pytest -v --junit-xml=junit.xml --junit-prefix=`python -V | tr ' ' '_'` --cov=vcert --cov=vcert.parser --cov=vcert.policy --cov-report term --cov-report xml
diff --git a/requirements-build.txt b/requirements-build.txt
index 5c60c2d..307c7c1 100644
--- a/requirements-build.txt
+++ b/requirements-build.txt
@@ -1,5 +1,5 @@
 pip==25.0.1
-pytest==7.4.3
-pytest-cov==4.1.0
-safety==2.3.5
+pytest>=8.2
+pytest-cov>=6.0
+safety>=3.2
 bandit==1.7.7
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index 478624f..526f8d8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,5 +1,5 @@
 requests==2.32.4
-python-dateutil==2.8.2
+python-dateutil>=2.9.0
 cryptography==45.0.7
 six==1.17.0
 ruamel.yaml==0.18.13
diff --git a/setup.py b/setup.py
index 2e85671..fb03c49 100644
--- a/setup.py
+++ b/setup.py
@@ -14,7 +14,7 @@
       version='0.18.1',
       url="https://github.com/Venafi/vcert-python",
       packages=['vcert', 'vcert.parser', 'vcert.policy'],
-      install_requires=['requests==2.32.4', 'python-dateutil==2.8.2', 'six==1.17.0',
+      install_requires=['requests==2.32.4', 'python-dateutil>=2.9.0', 'six==1.17.0',
                         'cryptography==45.0.7', 'ruamel.yaml==0.18.13', 'pynacl==1.5.0'],
       description='Python client library for CyberArk Certificate Manager, Self-Hosted and CyberArk Certificate Manager, SaaS.',
       long_description=long_description,