diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..5fe3b3758
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,27 @@
+version: 2
+updates:
+  # master
+  - package-ecosystem: "pip"
+    directory: "/dev_requirements"
+    schedule:
+      interval: "daily"
+
+  # mainline-1.x
+  - package-ecosystem: "pip"
+    directory: "/dev_requirements"
+    schedule:
+      interval: "daily"
+    target-branch: "mainline-1.x"
+
+  # mainline-2.x
+  - package-ecosystem: "pip"
+    directory: "/dev_requirements"
+    schedule:
+      interval: "daily"
+    target-branch: "mainline-2.x"
+
+  # Github Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
\ No newline at end of file
diff --git a/.github/workflows/ci_decrypt-oracle.yaml b/.github/workflows/ci_decrypt-oracle.yaml
index e773bd98a..cb10881b3 100644
--- a/.github/workflows/ci_decrypt-oracle.yaml
+++ b/.github/workflows/ci_decrypt-oracle.yaml
@@ -18,7 +18,7 @@ jobs:
           python-version: 3.6
       - run: |
           python -m pip install --upgrade pip
-          pip install --upgrade -r ci-requirements.txt
+          pip install --upgrade -r dev_requirements/ci-requirements.txt
       - name: run test
         env:
           TOXENV: local
@@ -44,7 +44,7 @@ jobs:
             python-version: 3.8
         - run: |
             python -m pip install --upgrade pip
-            pip install --upgrade -r ci-requirements.txt
+            pip install --upgrade -r dev_requirements/ci-requirements.txt
         - name: run test
           env:
             TOXENV: ${{ matrix.category }}
diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml
index 31705a5d3..761156a42 100644
--- a/.github/workflows/ci_static-analysis.yaml
+++ b/.github/workflows/ci_static-analysis.yaml
@@ -33,7 +33,7 @@ jobs:
           python-version: 3.8
       - run: |
           python -m pip install --upgrade pip
-          pip install --upgrade -r ci-requirements.txt
+          pip install --upgrade -r dev_requirements/ci-requirements.txt
       - name: run test
         env:
           TOXENV: ${{ matrix.category }}
diff --git a/.github/workflows/ci_test-vector-handler.yaml b/.github/workflows/ci_test-vector-handler.yaml
index 75556dc13..0a887e2d5 100644
--- a/.github/workflows/ci_test-vector-handler.yaml
+++ b/.github/workflows/ci_test-vector-handler.yaml
@@ -53,7 +53,7 @@ jobs:
           architecture: ${{ matrix.architecture }}
       - run: |
           python -m pip install --upgrade pip
-          pip install --upgrade -r ci-requirements.txt
+          pip install --upgrade -r dev_requirements/ci-requirements.txt
       - name: run test
         env:
           TOXENV: ${{ matrix.category }}
@@ -79,7 +79,7 @@ jobs:
             python-version: 3.8
         - run: |
             python -m pip install --upgrade pip
-            pip install --upgrade -r ci-requirements.txt
+            pip install --upgrade -r dev_requirements/ci-requirements.txt
         - name: run test
           env:
             TOXENV: ${{ matrix.category }}
diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml
index d83b381f2..b3db40f89 100644
--- a/.github/workflows/ci_tests.yaml
+++ b/.github/workflows/ci_tests.yaml
@@ -59,7 +59,7 @@ jobs:
           architecture: ${{ matrix.architecture }}
       - run: |
           python -m pip install --upgrade pip
-          pip install --upgrade -r ci-requirements.txt
+          pip install --upgrade -r dev_requirements/ci-requirements.txt
       - name: run test
         env:
           TOXENV: ${{ matrix.category }}
@@ -79,7 +79,7 @@ jobs:
             python-version: 3.7
         - run: |
             python -m pip install --upgrade pip
-            pip install --upgrade -r ci-requirements.txt
+            pip install --upgrade -r dev_requirements/ci-requirements.txt
         - name: run test
           env:
             TOXENV: ${{ matrix.category }}
diff --git a/ci-requirements.txt b/ci-requirements.txt
deleted file mode 100644
index 053148f84..000000000
--- a/ci-requirements.txt
+++ /dev/null
@@ -1 +0,0 @@
-tox
diff --git a/dev_requirements/ci-requirements.txt b/dev_requirements/ci-requirements.txt
new file mode 100644
index 000000000..215a06a10
--- /dev/null
+++ b/dev_requirements/ci-requirements.txt
@@ -0,0 +1 @@
+tox==3.24.4
diff --git a/doc/requirements.txt b/dev_requirements/doc-requirements.txt
similarity index 100%
rename from doc/requirements.txt
rename to dev_requirements/doc-requirements.txt
diff --git a/dev_requirements/linter-requirements.txt b/dev_requirements/linter-requirements.txt
new file mode 100644
index 000000000..6efccc3a3
--- /dev/null
+++ b/dev_requirements/linter-requirements.txt
@@ -0,0 +1,13 @@
+bandit==1.7.0
+black==21.12b0
+doc8==0.10.1
+flake8==4.0.1
+flake8-bugbear==21.11.29
+flake8-docstrings==1.6.0
+flake8-print==4.0.0
+isort==5.10.1
+pyflakes==2.4.0
+pylint==2.12.2
+readme_renderer==32.0
+seed-isort-config==2.2.0
+vulture==2.3
\ No newline at end of file
diff --git a/dev_requirements/release-requirements.txt b/dev_requirements/release-requirements.txt
new file mode 100644
index 000000000..078f10d61
--- /dev/null
+++ b/dev_requirements/release-requirements.txt
@@ -0,0 +1,4 @@
+pypi-parker==0.1.2
+setuptools==59.6.0
+twine==3.7.1
+wheel==0.37.0
\ No newline at end of file
diff --git a/dev_requirements/test-requirements.txt b/dev_requirements/test-requirements.txt
new file mode 100644
index 000000000..f6553a419
--- /dev/null
+++ b/dev_requirements/test-requirements.txt
@@ -0,0 +1,4 @@
+mock==4.0.3
+pytest==6.2.5
+pytest-cov==3.0.0
+pytest-mock==3.6.1
diff --git a/test/freeze-upstream-requirements.sh b/test/freeze-upstream-requirements.sh
index 293ae16d7..b6ba65860 100755
--- a/test/freeze-upstream-requirements.sh
+++ b/test/freeze-upstream-requirements.sh
@@ -6,5 +6,5 @@ if [ -z ${1} ]; then
 fi
 
 pip install -r requirements.txt
-pip install -r test/requirements.txt
+pip install -r test/upstream-requirements.txt
 pip freeze > ${1}
diff --git a/test/upstream-requirements-py27.txt b/test/upstream-requirements-py27.txt
index a5a48c9ab..892925256 100644
--- a/test/upstream-requirements-py27.txt
+++ b/test/upstream-requirements-py27.txt
@@ -1,9 +1,9 @@
 atomicwrites==1.4.0
 attrs==21.2.0
 backports.functools-lru-cache==1.6.4
-boto3==1.17.92
-botocore==1.20.92
-cffi==1.14.5
+boto3==1.17.112
+botocore==1.20.112
+cffi==1.15.0
 configparser==4.0.2
 contextlib2==0.6.0.post1
 coverage==5.5
@@ -11,26 +11,26 @@ cryptography==3.3.2
 enum34==1.1.10
 funcsigs==1.0.2
 futures==3.3.0
-importlib-metadata==2.1.1
+importlib-metadata==2.1.2
 ipaddress==1.0.23
 jmespath==0.10.0
 mock==3.0.5
 more-itertools==5.0.0
 packaging==20.9
-pathlib2==2.3.5
+pathlib2==2.3.6
 pluggy==0.13.1
-py==1.10.0
-pycparser==2.20
+py==1.11.0
+pycparser==2.21
 pyparsing==2.4.7
 pytest==4.6.11
 pytest-cov==2.12.1
 pytest-mock==2.0.0
-python-dateutil==2.8.1
+python-dateutil==2.8.2
 s3transfer==0.4.2
 scandir==1.10.0
 six==1.16.0
 toml==0.10.2
-urllib3==1.26.5
+urllib3==1.26.7
 wcwidth==0.2.5
-wrapt==1.12.1
+wrapt==1.13.3
 zipp==1.2.0
diff --git a/test/requirements.txt b/test/upstream-requirements.txt
similarity index 71%
rename from test/requirements.txt
rename to test/upstream-requirements.txt
index 152b5dbf4..d1b878ce2 100644
--- a/test/requirements.txt
+++ b/test/upstream-requirements.txt
@@ -1,4 +1,4 @@
 mock
 pytest>=3.3.1
 pytest-cov
-pytest-mock
+pytest-mock
\ No newline at end of file
diff --git a/tox.ini b/tox.ini
index b0221eee2..9e81cc359 100644
--- a/tox.ini
+++ b/tox.ini
@@ -61,7 +61,11 @@ passenv =
     # Pass through custom pip config file settings
     PIP_CONFIG_FILE
 sitepackages = False
-deps = -rtest/requirements.txt
+deps =
+    py3{4,5,6,7,8,9}: -rdev_requirements/test-requirements.txt
+    # Because Python2.7 is no longer supported,
+    # our maintenance branch tests Python2.7 against frozen dependencies
+    py27: -rtest/upstream-requirements-py27.txt
 commands =
     local: {[testenv:base-command]commands} test/ -m local
     integ: {[testenv:base-command]commands} test/ -m integ
@@ -83,7 +87,7 @@ sitepackages = False
 passenv =
 setenv =
 #########################################################
-deps = -rtest/requirements.txt
+deps = -rdev_requirements/test-requirements.txt
 commands = {[testenv:base-command]commands} test/ -m local
 
 # Collect requirements for use in upstream tests
@@ -137,27 +141,19 @@ commands = {[testenv:test-upstream-requirements-base]commands}
 # Linters
 [testenv:flake8]
 basepython = python3
-deps =
-    flake8
-    flake8-docstrings>=1.5.0
-    # https://github.com/JBKahn/flake8-print/pull/30
-    flake8-print>=3.1.0
-    flake8-bugbear
+deps = -rdev_requirements/linter-requirements.txt
 commands =
     flake8 src/aws_encryption_sdk/ setup.py
 
 [testenv:flake8-tests]
 basepython = {[testenv:flake8]basepython}
-deps =
-    flake8
-    # https://github.com/JBKahn/flake8-print/pull/30
-    flake8-print>=3.1.0
+deps = -rdev_requirements/linter-requirements.txt
 commands =
     flake8 \
         # Ignore F811 redefinition errors in tests (breaks with pytest-mock use)
         # E203 is not PEP8 compliant https://github.com/ambv/black#slices
         # W503 is not PEP8 compliant https://github.com/ambv/black#line-breaks--binary-operators
-        --ignore F811,E203,W503 \
+        --ignore F811,E203,W503,D \
         test/
 
 [testenv:flake8-examples]
@@ -176,8 +172,7 @@ commands =
 basepython = python3
 deps =
     {[testenv]deps}
-    pyflakes
-    pylint
+    -rdev_requirements/linter-requirements.txt
 commands =
     pylint \
         --rcfile=src/pylintrc \
@@ -204,8 +199,7 @@ commands =
 
 [testenv:blacken-src]
 basepython = python3
-deps =
-    black
+deps = -rdev_requirements/linter-requirements.txt
 commands =
     black --line-length 120 \
         src/aws_encryption_sdk/ \
@@ -232,12 +226,12 @@ commands =
 
 [testenv:isort-seed]
 basepython = python3
-deps = seed-isort-config
+deps = -rdev_requirements/linter-requirements.txt
 commands = seed-isort-config
 
 [testenv:isort]
 basepython = python3
-deps = isort
+deps = -rdev_requirements/linter-requirements.txt
 commands = isort -rc \
     src \
     test \
@@ -264,25 +258,24 @@ commands =
 [testenv:doc8]
 basepython = python3
 deps =
-    sphinx
-    doc8
+    -rdev_requirements/linter-requirements.txt
+    -rdev_requirements/doc-requirements.txt
 commands = doc8 doc/index.rst README.rst CHANGELOG.rst
 
 [testenv:readme]
 basepython = python3
-deps = readme_renderer
+deps = -rdev_requirements/linter-requirements.txt
 commands = python setup.py check -r -s
 
 [testenv:bandit]
 basepython = python3
-deps = 
-    bandit>=1.5.1
+deps = -rdev_requirements/linter-requirements.txt
 commands = bandit -r src/aws_encryption_sdk/
 
 # Prone to false positives: only run independently
 [testenv:vulture]
 basepython = python3
-deps = vulture
+deps = -rdev_requirements/linter-requirements.txt
 commands = vulture src/aws_encryption_sdk/
 
 [testenv:linters]
@@ -321,7 +314,7 @@ commands =
 # Documentation
 [testenv:docs]
 basepython = python3
-deps = -rdoc/requirements.txt
+deps = -rdev_requirements/doc-requirements.txt
 commands =
     sphinx-build -E -c doc/ -b html doc/ doc/build/html
 
@@ -337,26 +330,20 @@ commands =
 [testenv:park]
 basepython = python3.6
 skip_install = true
-deps =
-    pypi-parker
-    setuptools
+deps = -rdev_requirements/release-requirements.txt
 commands = python setup.py park
 
 [testenv:build]
 basepython = python3
 skip_install = true
-deps =
-    wheel
-    setuptools
+deps = -rdev_requirements/release-requirements.txt
 commands =
     python setup.py sdist bdist_wheel
 
 [testenv:release-base]
 basepython = python3
 skip_install = true
-deps =
-    {[testenv:build]deps}
-    twine
+deps = -rdev_requirements/release-requirements.txt
 passenv =
     # Intentionally omit TWINE_REPOSITORY_URL from the passenv list,
     # as this overrides other ways of setting the repository and could