diff --git a/requirements/requirements-dev.in b/requirements/requirements-dev.in
index af7c7f1..1ef95c3 100644
--- a/requirements/requirements-dev.in
+++ b/requirements/requirements-dev.in
@@ -21,6 +21,6 @@ safety                      # check requirements file for issues
 
 # maintenance utilities and tox
 pip-tools                   # pip-compile
-tox                         # CI stuff
+tox<4                       # CI stuff, pinned for now to avoid packaging conflict w/safety
 tox-wheel                   # build wheels in tox
 versioneer                  # automatic version numbering
diff --git a/requirements/requirements-dev.txt b/requirements/requirements-dev.txt
index 6b7fcdf..bb3661f 100644
--- a/requirements/requirements-dev.txt
+++ b/requirements/requirements-dev.txt
@@ -1,16 +1,16 @@
 #
-# This file is autogenerated by pip-compile with python 3.10
-# To update, run:
+# This file is autogenerated by pip-compile with Python 3.10
+# by the following command:
 #
 #    pip-compile --output-file=requirements/requirements-dev.txt requirements/requirements-dev.in
 #
-attrs==22.1.0
+attrs==22.2.0
     # via pytest
 bandit==1.7.4
     # via -r requirements/requirements-dev.in
-build==0.8.0
+build==0.9.0
     # via pip-tools
-certifi==2022.9.14
+certifi==2022.12.7
     # via requests
 charset-normalizer==2.1.1
     # via requests
@@ -19,15 +19,17 @@ click==8.1.3
     #   flask
     #   pip-tools
     #   safety
-coverage[toml]==6.4.4
+coverage[toml]==7.0.1
     # via pytest-cov
 distlib==0.3.6
     # via virtualenv
 dlint==0.13.0
     # via -r requirements/requirements-dev.in
-dparse==0.6.0
+dparse==0.6.2
     # via safety
-filelock==3.8.0
+exceptiongroup==1.1.0
+    # via pytest
+filelock==3.9.0
     # via
     #   tox
     #   virtualenv
@@ -42,31 +44,31 @@ flake8==5.0.4
     #   flake8-mutable
 flake8-blind-except==0.2.1
     # via -r requirements/requirements-dev.in
-flake8-builtins==1.5.3
+flake8-builtins==2.1.0
     # via -r requirements/requirements-dev.in
 flake8-docstrings==1.6.0
     # via -r requirements/requirements-dev.in
-flake8-executable==2.1.1
+flake8-executable==2.1.2
     # via -r requirements/requirements-dev.in
 flake8-fixme==1.1.1
     # via -r requirements/requirements-dev.in
-flake8-isort==4.2.0
+flake8-isort==6.0.0
     # via -r requirements/requirements-dev.in
-flake8-logging-format==0.7.5
+flake8-logging-format==0.9.0
     # via -r requirements/requirements-dev.in
 flake8-mutable==1.2.0
     # via -r requirements/requirements-dev.in
 flask==2.2.2
     # via -r requirements/requirements.in
-gitdb==4.0.9
+gitdb==4.0.10
     # via gitpython
-gitpython==3.1.27
+gitpython==3.1.30
     # via bandit
 idna==3.4
     # via requests
 iniconfig==1.1.1
     # via pytest
-isort==5.10.1
+isort==5.11.4
     # via flake8-isort
 itsdangerous==2.1.2
     # via flask
@@ -87,22 +89,20 @@ packaging==21.3
     #   pytest
     #   safety
     #   tox
-pbr==5.10.0
+pbr==5.11.0
     # via stevedore
 pep517==0.13.0
     # via build
-pip-tools==6.8.0
+pip-tools==6.12.1
     # via -r requirements/requirements-dev.in
-platformdirs==2.5.2
+platformdirs==2.6.2
     # via virtualenv
 pluggy==1.0.0
     # via
     #   pytest
     #   tox
 py==1.11.0
-    # via
-    #   pytest
-    #   tox
+    # via tox
 pycodestyle==2.9.1
     # via flake8
 pydocstyle==6.1.1
@@ -115,11 +115,11 @@ pyparsing==3.0.9
     # via
     #   packaging
     #   pydot
-pytest==7.1.3
+pytest==7.2.0
     # via
     #   -r requirements/requirements-dev.in
     #   pytest-cov
-pytest-cov==3.0.0
+pytest-cov==4.0.0
     # via -r requirements/requirements-dev.in
 pyyaml==6.0
     # via bandit
@@ -127,9 +127,9 @@ requests==2.28.1
     # via safety
 ruamel-yaml==0.17.21
     # via safety
-ruamel-yaml-clib==0.2.6
+ruamel-yaml-clib==0.2.7
     # via ruamel-yaml
-safety==2.1.1
+safety==2.3.5
     # via -r requirements/requirements-dev.in
 six==1.16.0
     # via tox
@@ -137,7 +137,7 @@ smmap==5.0.0
     # via gitdb
 snowballstemmer==2.2.0
     # via pydocstyle
-stevedore==4.0.0
+stevedore==4.1.1
     # via bandit
 toml==0.10.2
     # via dparse
@@ -148,21 +148,21 @@ tomli==2.0.1
     #   pep517
     #   pytest
     #   tox
-tox==3.26.0
+tox==3.28.0
     # via
     #   -r requirements/requirements-dev.in
     #   tox-wheel
-tox-wheel==0.7.0
+tox-wheel==1.0.0
     # via -r requirements/requirements-dev.in
-urllib3==1.26.12
+urllib3==1.26.13
     # via requests
-versioneer==0.26
+versioneer==0.28
     # via -r requirements/requirements-dev.in
-virtualenv==20.16.5
+virtualenv==20.17.1
     # via tox
 werkzeug==2.2.2
     # via flask
-wheel==0.37.1
+wheel==0.38.4
     # via
     #   pip-tools
     #   tox-wheel
diff --git a/tox.ini b/tox.ini
index baef02c..325078a 100644
--- a/tox.ini
+++ b/tox.ini
@@ -56,9 +56,10 @@ commands =
 # run security checks
 #
 # again it seems the most valuable here to run against the packaged code
+# 51457 is nearly a red herring that I'm stuck with because tox is pinned, try removing occasionally
 commands =
     bandit {envsitepackagesdir}/incorporealcms/ -r
-    safety check -r requirements/requirements-dev.txt
+    safety check -r requirements/requirements-dev.txt -i 51457
 
 [testenv:lint]
 # run style checks