diff --git a/analyzer/requirements.txt b/analyzer/requirements.txt
index dccb01c102..e100b2d148 100644
--- a/analyzer/requirements.txt
+++ b/analyzer/requirements.txt
@@ -1,10 +1,16 @@
-lxml==5.3.0
-portalocker==3.1.1
-psutil==5.9.8
-PyYAML==6.0.1
-types-PyYAML==6.0.12.12
-sarif-tools==3.0.4
-multiprocess==0.70.15
-setuptools==70.2.0
-semver==3.0.4
-argcomplete==3.5.1
+# These requirements are exported via setup.py and become the install
+# dependencies of the published pip package.
+# Avoid pinning exact versions!
+# Use version ranges or upper bounds instead (e.g. limited to a major release)
+# to let users select a specific compatible version.
+
+lxml<6
+portalocker<4
+psutil<8
+PyYAML<7
+types-PyYAML<7
+sarif-tools<4
+multiprocess<0.71
+setuptools<81
+semver<4
+argcomplete<4
diff --git a/analyzer/requirements_py/dev/requirements.txt b/analyzer/requirements_py/dev/requirements.txt
index c9f40124f1..adb20d773f 100644
--- a/analyzer/requirements_py/dev/requirements.txt
+++ b/analyzer/requirements_py/dev/requirements.txt
@@ -1,7 +1,7 @@
-pytest==7.3.1
-pycodestyle==2.12.0
-pylint==3.2.4
-mkdocs==1.5.3
-coverage==5.5.0
+pytest<=7.3.1
+pycodestyle<=2.12.0
+pylint<3.3
+mkdocs<=1.5.3
+coverage<=5.5.0
 
 -r ../../requirements.txt
diff --git a/analyzer/requirements_py/osx/requirements.txt b/analyzer/requirements_py/osx/requirements.txt
index 2189184c4d..5646e208bc 100644
--- a/analyzer/requirements_py/osx/requirements.txt
+++ b/analyzer/requirements_py/osx/requirements.txt
@@ -1,3 +1,3 @@
-scan-build==2.0.19
+scan-build<=2.0.19
 
 -r ../../requirements.txt
diff --git a/analyzer/tools/build-logger/requirements_py/dev/requirements.txt b/analyzer/tools/build-logger/requirements_py/dev/requirements.txt
index 9685d12ba7..5e765ce629 100644
--- a/analyzer/tools/build-logger/requirements_py/dev/requirements.txt
+++ b/analyzer/tools/build-logger/requirements_py/dev/requirements.txt
@@ -1,3 +1,3 @@
-pytest==7.3.1
-pycodestyle==2.12.0
-pylint==3.2.4
+pytest<=7.3.1
+pycodestyle<=2.12.0
+pylint<3.3
diff --git a/analyzer/tools/merge_clang_extdef_mappings/requirements_py/dev/requirements.txt b/analyzer/tools/merge_clang_extdef_mappings/requirements_py/dev/requirements.txt
index 6d3f90e864..64798f5a47 100644
--- a/analyzer/tools/merge_clang_extdef_mappings/requirements_py/dev/requirements.txt
+++ b/analyzer/tools/merge_clang_extdef_mappings/requirements_py/dev/requirements.txt
@@ -1,4 +1,4 @@
-pytest==7.3.1
-pycodestyle==2.12.0
-pylint==3.2.4
-setuptools==70.2.0
+pytest<=7.3.1
+pycodestyle<=2.12.0
+pylint<3.3
+setuptools<81
diff --git a/analyzer/tools/statistics_collector/requirements_py/dev/requirements.txt b/analyzer/tools/statistics_collector/requirements_py/dev/requirements.txt
index 6d3f90e864..64798f5a47 100644
--- a/analyzer/tools/statistics_collector/requirements_py/dev/requirements.txt
+++ b/analyzer/tools/statistics_collector/requirements_py/dev/requirements.txt
@@ -1,4 +1,4 @@
-pytest==7.3.1
-pycodestyle==2.12.0
-pylint==3.2.4
-setuptools==70.2.0
+pytest<=7.3.1
+pycodestyle<=2.12.0
+pylint<3.3
+setuptools<81
diff --git a/codechecker_common/requirements_py/dev/requirements.txt b/codechecker_common/requirements_py/dev/requirements.txt
index f7b29e9444..a84c1ba53b 100644
--- a/codechecker_common/requirements_py/dev/requirements.txt
+++ b/codechecker_common/requirements_py/dev/requirements.txt
@@ -1,6 +1,6 @@
-portalocker==3.1.1
-coverage==5.5.0
-mypy==1.7.1
-PyYAML==6.0.1
-types-PyYAML==6.0.12.12
-setuptools==70.2.0
+portalocker<4
+coverage<=5.5.0
+mypy<=1.7.1
+PyYAML<7
+types-PyYAML<7
+setuptools<81
diff --git a/requirements_py/docs/requirements.txt b/requirements_py/docs/requirements.txt
index 8bc44de365..dcdc31b44b 100644
--- a/requirements_py/docs/requirements.txt
+++ b/requirements_py/docs/requirements.txt
@@ -1 +1 @@
-mkdocs==1.5.3
+mkdocs<=1.5.3
diff --git a/scripts/debug_tools/crash_clustering/requirements.txt b/scripts/debug_tools/crash_clustering/requirements.txt
index c2721b5d80..e5184e1e67 100644
--- a/scripts/debug_tools/crash_clustering/requirements.txt
+++ b/scripts/debug_tools/crash_clustering/requirements.txt
@@ -1,5 +1,5 @@
-matplotlib==3.8.2
-numpy==1.25.2
-scikit-learn==1.5.0
-scipy==1.11.1
-tqdm==4.66.3
+matplotlib<=3.8.2
+numpy<=1.25.2
+scikit-learn<=1.5.0
+scipy<=1.11.1
+tqdm<=4.66.3
diff --git a/scripts/labels/requirements.txt b/scripts/labels/requirements.txt
index 23e6018f7f..beecd7c811 100644
--- a/scripts/labels/requirements.txt
+++ b/scripts/labels/requirements.txt
@@ -1,8 +1,8 @@
-# codechecker==local
-emoji==2.11.0
-lxml==5.3.0
-packaging==24.0
-selenium==4.19.0
-tabulate==0.9.0
-termcolor==2.4.0
-urllib3==2.5.0
+# codechecker<=local
+emoji<3
+lxml<6
+packaging<26
+selenium<5
+tabulate<1
+termcolor<4
+urllib3<3
diff --git a/tools/bazel/requirements_py/dev/requirements.txt b/tools/bazel/requirements_py/dev/requirements.txt
index c56a9ccd0e..a678f11ebd 100644
--- a/tools/bazel/requirements_py/dev/requirements.txt
+++ b/tools/bazel/requirements_py/dev/requirements.txt
@@ -1,5 +1,5 @@
-pytest==7.3.1
-pycodestyle==2.12.0
-pylint==3.2.4
-mypy==1.7.1
-setuptools==70.2.0
+pytest<=7.3.1
+pycodestyle<=2.12.0
+pylint<3.3
+mypy<=1.7.1
+setuptools<81
diff --git a/tools/report-converter/requirements_py/dev/requirements.txt b/tools/report-converter/requirements_py/dev/requirements.txt
index 18a9ec7698..64d2513c4a 100644
--- a/tools/report-converter/requirements_py/dev/requirements.txt
+++ b/tools/report-converter/requirements_py/dev/requirements.txt
@@ -1,9 +1,9 @@
-pytest==7.3.1
-sarif-tools==3.0.4
-pycodestyle==2.12.0
-pylint==3.2.4
-portalocker==3.1.1
-mypy==1.7.1
-setuptools==70.2.0
-PyYAML==6.0.1
-types-PyYAML==6.0.12
+pytest<=7.3.1
+sarif-tools<4
+pycodestyle<=2.12.0
+pylint<3.3
+portalocker<4
+mypy<=1.7.1
+setuptools<81
+PyYAML<7
+types-PyYAML<7
diff --git a/tools/tu_collector/requirements_py/dev/requirements.txt b/tools/tu_collector/requirements_py/dev/requirements.txt
index c56a9ccd0e..a678f11ebd 100644
--- a/tools/tu_collector/requirements_py/dev/requirements.txt
+++ b/tools/tu_collector/requirements_py/dev/requirements.txt
@@ -1,5 +1,5 @@
-pytest==7.3.1
-pycodestyle==2.12.0
-pylint==3.2.4
-mypy==1.7.1
-setuptools==70.2.0
+pytest<=7.3.1
+pycodestyle<=2.12.0
+pylint<3.3
+mypy<=1.7.1
+setuptools<81
diff --git a/web/requirements.txt b/web/requirements.txt
index 93d063feb4..a801999c2c 100644
--- a/web/requirements.txt
+++ b/web/requirements.txt
@@ -1,17 +1,23 @@
-Authlib==1.3.1
-requests==2.32.4  # Required by Authlib. Not installed automatically for some reason.
-lxml==5.3.0
-sqlalchemy==1.4.54
-alembic==1.5.5
-portalocker==3.1.1
-psutil==5.9.8
-multiprocess==0.70.15
-thrift==0.22.0
-gitpython==3.1.41
-PyYAML==6.0.1
-types-PyYAML==6.0.12.12
-sarif-tools==3.0.4
-argcomplete==3.5.1
+# These requirements are exported via setup.py and become the install
+# dependencies of the published pip package.
+# Avoid pinning exact versions!
+# Use version ranges or upper bounds instead (e.g. limited to a major release)
+# to let users select a specific compatible version.
+
+Authlib<2
+requests<3  # Required by Authlib. Not installed automatically for some reason.
+lxml<6
+sqlalchemy<2
+alembic<2
+portalocker<4
+psutil<8
+multiprocess<0.71
+thrift<0.23
+gitpython<4
+PyYAML<7
+types-PyYAML<7
+sarif-tools<4
+argcomplete<4
 
 ./api/py/codechecker_api/dist/codechecker_api.tar.gz
 ./api/py/codechecker_api_shared/dist/codechecker_api_shared.tar.gz
diff --git a/web/requirements_py/auth/requirements.txt b/web/requirements_py/auth/requirements.txt
index c88224c58d..d2d7584a15 100644
--- a/web/requirements_py/auth/requirements.txt
+++ b/web/requirements_py/auth/requirements.txt
@@ -1,3 +1,3 @@
-python-ldap==3.4.0
-python-pam==1.8.4
-requests==2.32.4
+python-ldap<=3.4.0
+python-pam<=1.8.4
+requests<3
diff --git a/web/requirements_py/db_pg8000/requirements.txt b/web/requirements_py/db_pg8000/requirements.txt
index e062032013..d1c62f0a6c 100644
--- a/web/requirements_py/db_pg8000/requirements.txt
+++ b/web/requirements_py/db_pg8000/requirements.txt
@@ -1,9 +1,9 @@
-lxml==5.3.0
-sqlalchemy==1.4.54
-alembic==1.5.5
-pg8000==1.31.4
-psutil==5.9.8
-portalocker==3.1.1
+lxml<6
+sqlalchemy<2
+alembic<2
+pg8000<=1.31.4
+psutil<8
+portalocker<4
 
 ./api/py/codechecker_api/dist/codechecker_api.tar.gz
 ./api/py/codechecker_api_shared/dist/codechecker_api_shared.tar.gz
diff --git a/web/requirements_py/db_psycopg2/requirements.txt b/web/requirements_py/db_psycopg2/requirements.txt
index 3b0baf50e7..7fb207af38 100644
--- a/web/requirements_py/db_psycopg2/requirements.txt
+++ b/web/requirements_py/db_psycopg2/requirements.txt
@@ -1,9 +1,9 @@
-lxml==5.3.0
-sqlalchemy==1.4.54
-alembic==1.5.5
-psycopg2-binary==2.9.10
-psutil==5.9.8
-portalocker==3.1.1
+lxml<6
+sqlalchemy<2
+alembic<2
+psycopg2-binary<=2.9.10
+psutil<8
+portalocker<4
 
 ./api/py/codechecker_api/dist/codechecker_api.tar.gz
 ./api/py/codechecker_api_shared/dist/codechecker_api_shared.tar.gz
diff --git a/web/requirements_py/dev/requirements.txt b/web/requirements_py/dev/requirements.txt
index f2ad59ecc3..562311b72e 100644
--- a/web/requirements_py/dev/requirements.txt
+++ b/web/requirements_py/dev/requirements.txt
@@ -1,13 +1,13 @@
-pycodestyle==2.12.0
-psycopg2-binary==2.9.10
-pg8000==1.31.4
-pylint==3.2.4
-pytest==7.3.1
-mkdocs==1.5.3
-coverage==5.5.0
+pycodestyle<=2.12.0
+psycopg2-binary<=2.9.10
+pg8000<=1.31.4
+pylint<3.3
+pytest<=7.3.1
+mkdocs<=1.5.3
+coverage<=5.5.0
 
 -r ../../requirements.txt
 
 # publish packages to pypi
 twine
-cryptography==41.0.4
+cryptography<=41.0.4