diff --git a/requirements.txt b/requirements.txt
index 0691869..6b515f7 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,10 +1,12 @@
-asgiref==3.5.0
+asgiref==3.3.4
 confusable-homoglyphs==3.2.0
-coverage==6.3.2
+coverage==5.5
 Django==3.2.12
-docutils==0.18.1
+docutils==0.14
 gunicorn==20.1.0
-pytz==2021.3
-sqlparse==0.4.2
-typing-extensions==4.1.1
-Unidecode==1.3.3
+Pillow==9.0.1
+pytz==2019.1
+reportlab==3.6.8
+sqlparse==0.2.4
+typing-extensions==3.7.4.3
+Unidecode==1.0.23
diff --git a/security-warnings.txt b/security-warnings.txt
index db85a63..11f4f2c 100644
--- a/security-warnings.txt
+++ b/security-warnings.txt
@@ -1,7 +1,7 @@
 System check identified some issues:
 
 WARNINGS:
-?: (security.W001) You do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, and SECURE_SSL_REDIRECT settings will have no effect.
+?: (security.W001) You do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, SECURE_REFERRER_POLICY, and SECURE_SSL_REDIRECT settings will have no effect.
 ?: (security.W012) SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.
 ?: (security.W016) You have 'django.middleware.csrf.CsrfViewMiddleware' in your MIDDLEWARE, but you have not set CSRF_COOKIE_SECURE to True. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token.
 ?: (security.W018) You should not have DEBUG set to True in deployment.