diff --git a/ci-constraints-requirements.txt b/ci-constraints-requirements.txt
index 04f7993764e1..39dd2d6a3cfb 100644
--- a/ci-constraints-requirements.txt
+++ b/ci-constraints-requirements.txt
@@ -1,76 +1,134 @@
-# This is named ambigiously, but it's a pip constraints file, named like a
-# requirements file so dependabot will update the pins.
-# It was originally generated with;
-#    pip-compile --extra=docs --extra=docstest --extra=pep8test --extra=test --extra=test-randomorder --extra=nox --extra=sdist --resolver=backtracking --strip-extras --unsafe-package=cffi --unsafe-package=pycparser --unsafe-package=setuptools pyproject.toml
-# and then manually massaged to add version specifiers to packages whose
-# versions vary by Python version
-
-alabaster==1.0.0
+# This file was autogenerated by uv via the following command:
+#    uv pip compile --universal -p 3.7 --extra=docs --extra=docstest --extra=pep8test --extra=test --extra=test-randomorder --extra=nox --extra=sdist --unsafe-package=cffi --unsafe-package=pycparser --unsafe-package=setuptools --unsafe-package=cryptography-vectors pyproject.toml
+alabaster==0.7.13 ; python_full_version < '3.10'
+    # via sphinx
+alabaster==1.0.0 ; python_full_version >= '3.10'
     # via sphinx
-argcomplete==3.5.0; python_version >= "3.8"
+argcomplete==3.1.2 ; python_full_version < '3.8'
+    # via nox
+argcomplete==3.5.0 ; python_full_version >= '3.8'
     # via nox
-babel==2.16.0
+babel==2.14.0 ; python_full_version < '3.8'
     # via sphinx
-build==1.2.1
+babel==2.16.0 ; python_full_version >= '3.8'
+    # via sphinx
+bleach==6.0.0 ; python_full_version < '3.8'
+    # via readme-renderer
+build==1.1.1 ; python_full_version < '3.8'
+    # via cryptography (pyproject.toml)
+build==1.2.1 ; python_full_version >= '3.8'
     # via
-    #   check-sdist
     #   cryptography (pyproject.toml)
+    #   check-sdist
 certifi==2024.8.30
-    # via requests
+    # via
+    #   cryptography (pyproject.toml)
+    #   requests
 charset-normalizer==3.3.2
     # via requests
-check-sdist==0.1.3
+check-sdist==0.1.3 ; python_full_version >= '3.8'
     # via cryptography (pyproject.toml)
 click==8.1.7
     # via cryptography (pyproject.toml)
+colorama==0.4.6 ; (platform_system != 'Windows' and sys_platform == 'win32') or platform_system == 'Windows' or os_name == 'nt'
+    # via
+    #   build
+    #   click
+    #   colorlog
+    #   pytest
+    #   sphinx
 colorlog==6.8.2
     # via nox
-coverage==7.6.1; python_version >= "3.8"
-    # via
-    #   coverage
-    #   pytest-cov
+coverage==7.2.7 ; python_full_version < '3.8'
+    # via pytest-cov
+coverage==7.6.1 ; python_full_version >= '3.8'
+    # via pytest-cov
 distlib==0.3.8
     # via virtualenv
-docutils==0.21.2
+docutils==0.19 ; python_full_version < '3.8'
+    # via
+    #   readme-renderer
+    #   sphinx
+docutils==0.20.1 ; python_full_version >= '3.8' and python_full_version < '3.10'
     # via
     #   readme-renderer
     #   sphinx
     #   sphinx-rtd-theme
-exceptiongroup==1.2.2
+docutils==0.21.2 ; python_full_version >= '3.10'
+    # via
+    #   readme-renderer
+    #   sphinx
+    #   sphinx-rtd-theme
+exceptiongroup==1.2.2 ; python_full_version < '3.11'
     # via pytest
-execnet==2.1.1; python_version >= "3.8"
+execnet==2.0.2 ; python_full_version < '3.8'
     # via pytest-xdist
-filelock==3.15.4; python_version >= "3.8"
+execnet==2.1.1 ; python_full_version >= '3.8'
+    # via pytest-xdist
+filelock==3.12.2 ; python_full_version < '3.8'
+    # via virtualenv
+filelock==3.15.4 ; python_full_version >= '3.8'
     # via virtualenv
 idna==3.8
     # via requests
 imagesize==1.4.1
     # via sphinx
+importlib-metadata==6.7.0 ; python_full_version < '3.8'
+    # via
+    #   argcomplete
+    #   build
+    #   click
+    #   nox
+    #   pluggy
+    #   pytest
+    #   pytest-randomly
+    #   sphinx
+    #   sphinxcontrib-spelling
+    #   virtualenv
+importlib-metadata==8.4.0 ; python_full_version >= '3.8' and python_full_version < '3.10.2'
+    # via
+    #   build
+    #   pytest-randomly
+    #   sphinx
+importlib-resources==6.4.4 ; python_full_version == '3.8.*'
+    # via check-sdist
 iniconfig==2.0.0
     # via pytest
 jinja2==3.1.4
     # via sphinx
 markupsafe==2.1.5
     # via jinja2
-mypy==1.11.2
+mypy==1.4.1 ; python_full_version < '3.8'
+    # via cryptography (pyproject.toml)
+mypy==1.11.2 ; python_full_version >= '3.8'
     # via cryptography (pyproject.toml)
 mypy-extensions==1.0.0
     # via mypy
-nh3==0.2.18
+nh3==0.2.18 ; python_full_version >= '3.8'
     # via readme-renderer
 nox==2024.4.15
     # via cryptography (pyproject.toml)
-packaging==24.1; python_version >= "3.8"
+packaging==24.0 ; python_full_version < '3.8'
+    # via
+    #   build
+    #   nox
+    #   pytest
+    #   sphinx
+packaging==24.1 ; python_full_version >= '3.8'
     # via
     #   build
     #   nox
     #   pytest
     #   sphinx
-pathspec==0.12.1
+pathspec==0.12.1 ; python_full_version >= '3.8'
     # via check-sdist
-platformdirs==4.2.2; python_version >= "3.8"
+platformdirs==4.0.0 ; python_full_version < '3.8'
+    # via virtualenv
+platformdirs==4.2.2 ; python_full_version >= '3.8'
     # via virtualenv
-pluggy==1.5.0; python_version >= "3.8"
+pluggy==1.2.0 ; python_full_version < '3.8'
+    # via pytest
+pluggy==1.5.0 ; python_full_version >= '3.8'
     # via pytest
 pretend==1.0.9
     # via cryptography (pyproject.toml)
@@ -80,13 +138,24 @@ pyenchant==3.2.2
     # via
     #   cryptography (pyproject.toml)
     #   sphinxcontrib-spelling
-pygments==2.18.0
+pygments==2.17.2 ; python_full_version < '3.8'
+    # via
+    #   readme-renderer
+    #   sphinx
+pygments==2.18.0 ; python_full_version >= '3.8'
     # via
     #   readme-renderer
     #   sphinx
 pyproject-hooks==1.1.0
     # via build
-pytest==8.3.2; python_version >= "3.8"
+pytest==7.4.4 ; python_full_version < '3.8'
+    # via
+    #   cryptography (pyproject.toml)
+    #   pytest-benchmark
+    #   pytest-cov
+    #   pytest-randomly
+    #   pytest-xdist
+pytest==8.3.2 ; python_full_version >= '3.8'
     # via
     #   cryptography (pyproject.toml)
     #   pytest-benchmark
@@ -95,64 +164,119 @@ pytest==8.3.2; python_version >= "3.8"
     #   pytest-xdist
 pytest-benchmark==4.0.0
     # via cryptography (pyproject.toml)
-pytest-cov==5.0.0; python_version >= "3.8"
+pytest-cov==4.1.0 ; python_full_version < '3.8'
+    # via cryptography (pyproject.toml)
+pytest-cov==5.0.0 ; python_full_version >= '3.8'
+    # via cryptography (pyproject.toml)
+pytest-randomly==3.12.0 ; python_full_version < '3.8'
+    # via cryptography (pyproject.toml)
+pytest-randomly==3.15.0 ; python_full_version >= '3.8'
+    # via cryptography (pyproject.toml)
+pytest-xdist==3.5.0 ; python_full_version < '3.8'
     # via cryptography (pyproject.toml)
-pytest-randomly==3.15.0
+pytest-xdist==3.6.1 ; python_full_version >= '3.8'
     # via cryptography (pyproject.toml)
-pytest-xdist==3.6.1; python_version >= "3.8"
+pytz==2024.1 ; python_full_version < '3.9'
+    # via babel
+readme-renderer==37.3 ; python_full_version < '3.8'
     # via cryptography (pyproject.toml)
-readme-renderer==44.0
+readme-renderer==43.0 ; python_full_version >= '3.8' and python_full_version < '3.10'
     # via cryptography (pyproject.toml)
-requests==2.32.3
+readme-renderer==44.0 ; python_full_version >= '3.10'
+    # via cryptography (pyproject.toml)
+requests==2.31.0 ; python_full_version < '3.8'
+    # via sphinx
+requests==2.32.3 ; python_full_version >= '3.8'
     # via sphinx
 ruff==0.6.4
     # via cryptography (pyproject.toml)
+six==1.16.0 ; python_full_version < '3.8'
+    # via bleach
 snowballstemmer==2.2.0
     # via sphinx
-sphinx==8.0.2
+sphinx==5.3.0 ; python_full_version < '3.8'
+    # via
+    #   cryptography (pyproject.toml)
+    #   sphinxcontrib-spelling
+sphinx==7.1.2 ; python_full_version >= '3.8' and python_full_version < '3.10'
     # via
     #   cryptography (pyproject.toml)
     #   sphinx-rtd-theme
-    #   sphinxcontrib-applehelp
-    #   sphinxcontrib-devhelp
-    #   sphinxcontrib-htmlhelp
     #   sphinxcontrib-jquery
-    #   sphinxcontrib-qthelp
-    #   sphinxcontrib-serializinghtml
     #   sphinxcontrib-spelling
-sphinx-rtd-theme==3.0.0rc1
+sphinx==8.0.2 ; python_full_version >= '3.10'
+    # via
+    #   cryptography (pyproject.toml)
+    #   sphinx-rtd-theme
+    #   sphinxcontrib-jquery
+    #   sphinxcontrib-spelling
+sphinx-rtd-theme==3.0.0rc1 ; python_full_version >= '3.8'
     # via cryptography (pyproject.toml)
-sphinxcontrib-applehelp==2.0.0
+sphinxcontrib-applehelp==1.0.2 ; python_full_version < '3.8'
+    # via sphinx
+sphinxcontrib-applehelp==1.0.4 ; python_full_version >= '3.8' and python_full_version < '3.10'
     # via sphinx
-sphinxcontrib-devhelp==2.0.0
+sphinxcontrib-applehelp==2.0.0 ; python_full_version >= '3.10'
     # via sphinx
-sphinxcontrib-htmlhelp==2.1.0
+sphinxcontrib-devhelp==1.0.2 ; python_full_version < '3.10'
     # via sphinx
-sphinxcontrib-jquery==4.1
+sphinxcontrib-devhelp==2.0.0 ; python_full_version >= '3.10'
+    # via sphinx
+sphinxcontrib-htmlhelp==2.0.0 ; python_full_version < '3.8'
+    # via sphinx
+sphinxcontrib-htmlhelp==2.0.1 ; python_full_version >= '3.8' and python_full_version < '3.10'
+    # via sphinx
+sphinxcontrib-htmlhelp==2.1.0 ; python_full_version >= '3.10'
+    # via sphinx
+sphinxcontrib-jquery==4.1 ; python_full_version >= '3.8'
     # via sphinx-rtd-theme
 sphinxcontrib-jsmath==1.0.1
     # via sphinx
-sphinxcontrib-qthelp==2.0.0
+sphinxcontrib-qthelp==1.0.3 ; python_full_version < '3.10'
+    # via sphinx
+sphinxcontrib-qthelp==2.0.0 ; python_full_version >= '3.10'
     # via sphinx
-sphinxcontrib-serializinghtml==2.0.0
+sphinxcontrib-serializinghtml==1.1.5 ; python_full_version < '3.10'
+    # via sphinx
+sphinxcontrib-serializinghtml==2.0.0 ; python_full_version >= '3.10'
     # via sphinx
 sphinxcontrib-spelling==8.0.0
     # via cryptography (pyproject.toml)
-tomli==2.0.1
+tomli==2.0.1 ; python_full_version <= '3.11'
     # via
     #   build
-    #   check-manifest
+    #   check-sdist
     #   coverage
     #   mypy
-    #   pyproject-hooks
+    #   nox
     #   pytest
-typing-extensions==4.12.2; python_version >= "3.8"
+    #   sphinx
+typed-ast==1.5.5 ; python_full_version < '3.8'
+    # via mypy
+typing-extensions==4.7.1 ; python_full_version < '3.8'
+    # via
+    #   importlib-metadata
+    #   mypy
+    #   nox
+    #   platformdirs
+typing-extensions==4.12.2 ; python_full_version >= '3.8'
     # via mypy
-urllib3==2.2.2
+urllib3==2.0.7 ; python_full_version < '3.8'
+    # via requests
+urllib3==2.2.2 ; python_full_version >= '3.8'
     # via requests
 virtualenv==20.26.3
     # via nox
+webencodings==0.5.1 ; python_full_version < '3.8'
+    # via bleach
+zipp==3.15.0 ; python_full_version < '3.8'
+    # via importlib-metadata
+zipp==3.20.1 ; python_full_version >= '3.8' and python_full_version < '3.10.2'
+    # via
+    #   importlib-metadata
+    #   importlib-resources
 
-# The following packages are considered to be unsafe in a requirements file:
+# The following packages were excluded from the output:
 # cffi
 # pycparser
+# cryptography-vectors
diff --git a/pyproject.toml b/pyproject.toml
index 44348415061a..4f9fab38d563 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -74,7 +74,7 @@ test = [
     "certifi",
 ]
 test-randomorder = ["pytest-randomly"]
-docs = ["sphinx >=5.3.0", "sphinx-rtd-theme >=3.0.0rc1"]
+docs = ["sphinx >=5.3.0", "sphinx-rtd-theme >=3.0.0rc1; python_version >= '3.8'"]
 docstest = ["pyenchant >=1.6.11", "readme-renderer", "sphinxcontrib-spelling >=4.0.1"]
 sdist = ["build"]
 # `click` included because its needed to type check `release.py`
@@ -184,3 +184,8 @@ git-only = [
     ".gitattributes",
     ".gitignore",
 ]
+
+[tool.uv]
+# These cover all Python versions, but by expressing multiple environments we
+# force uv's resolver to pick the latest versions of packages for each version.
+environments = ["python_version >= '3.10'", "python_version >= '3.8' and python_version < '3.10'", "python_version < '3.8'"]