diff --git a/.github/workflows/tox.yml b/.github/workflows/tox.yml
index 6a6863c0832..e502bd5d682 100644
--- a/.github/workflows/tox.yml
+++ b/.github/workflows/tox.yml
@@ -156,7 +156,7 @@ jobs:
     strategy:
       max-parallel: 5
       matrix:
-        python-version: [3.6]
+        python-version: [3.8]
 
     steps:
     - uses: actions/checkout@v4
diff --git a/build_tools/install_cexts.py b/build_tools/install_cexts.py
index 27392a32b81..355083a69e9 100644
--- a/build_tools/install_cexts.py
+++ b/build_tools/install_cexts.py
@@ -153,6 +153,24 @@ def install_package(package_name, package_version, index_url, info, cache_path):
                     shutil.rmtree(os.path.join(package_path, folder))
 
 
+def _filter_result(result):
+    filtered_result = []
+
+    # Do filtering for Windows versions after we get all the information
+    # So if we have expanded the range for an ABI build, we can still get the
+    # correct version for Python 3.8
+    for info in result:
+        if "win_amd64" in info["platform"] or "win32" in info["platform"]:
+            if info["version"] == "38":
+                filtered_result.append(info)
+        else:
+            filtered_result.append(info)
+    return filtered_result
+
+
+supported_python3_versions = ["36", "37", "38", "39", "310", "311"]
+
+
 def parse_package_page(files, pk_version, index_url, cache_path):
     """
     Parse the PYPI and Piwheels links for the package information.
@@ -161,7 +179,8 @@ def parse_package_page(files, pk_version, index_url, cache_path):
         * not the version specified in requirements.txt
         * not python versions that kolibri does not support
         * not macosx
-        * not win_x64 with python 3.6
+        * not win_x64 with python 3.8
+        * not win32 with python 3.8
     """
 
     result = []
@@ -181,19 +200,18 @@ def parse_package_page(files, pk_version, index_url, cache_path):
 
         if package_version != pk_version:
             continue
-        if python_version == "26" or python_version == "34" or python_version == "35":
+        if python_version != "27" and python_version not in supported_python3_versions:
             continue
         if "macosx" in platform:
             continue
-        if "win_amd64" in platform and python_version != "39":
-            continue
 
-        # Cryptography builds for Linux target Python 3.4+ but the only existing
-        # build is labeled 3.4 (the lowest version supported).
-        # Expand the abi3 tag here. e.g. cp34 abi3 is expanded to cp34m, cp35m, cp36m, cp37m
+        # Cryptography builds for Linux target Python 3.6+ but the only existing
+        # build is labeled 3.6 (the lowest version supported).
+        # Expand the abi3 tag here. e.g. cp36 abi3 is expanded to cp36m, cp37m, cp38m, cp39m, cp310m, cp311m
         # https://cryptography.io/en/latest/faq/#why-are-there-no-wheels-for-my-python3-x-version
         if abi == "abi3":
-            for actual_version in range(int(python_version), 38):
+            version_index = supported_python3_versions.index(python_version)
+            for actual_version in supported_python3_versions[version_index:]:
                 actual_version = str(actual_version)
                 actual_abi = "".join([implementation, actual_version, "m"])
                 info = {
@@ -212,7 +230,9 @@ def parse_package_page(files, pk_version, index_url, cache_path):
             }
             result.append(info)
 
-    install_package(package_name, pk_version, index_url, result, cache_path)
+    install_package(
+        package_name, pk_version, index_url, _filter_result(result), cache_path
+    )
 
 
 def parse_pypi_and_piwheels(name, pk_version, cache_path, session):
diff --git a/requirements/base.txt b/requirements/base.txt
index 6eef941f552..5e1096c2557 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -16,7 +16,7 @@ more-itertools==5.0.0  # Last Python 2.7 friendly release # pyup: <6.0
 le-utils==0.2.2
 jsonfield==2.0.2
 requests-toolbelt==0.9.1
-morango==0.6.19
+morango==0.7.1
 tzlocal==2.1
 pytz==2022.1
 python-dateutil==2.8.2
diff --git a/requirements/build.txt b/requirements/build.txt
index 24bbc52536d..fbef5cda989 100644
--- a/requirements/build.txt
+++ b/requirements/build.txt
@@ -3,7 +3,7 @@
 # This does not depend on runtime stuff so we do not
 # include base.txt
 pex<1.6
-pip>=20.1
+pip>=20.3.4
 setuptools>=20.3,<41,!=34.*,!=35.*  # https://github.com/pantsbuild/pex/blob/master/pex/version.py#L6 # pyup: ignore
 beautifulsoup4==4.8.2
 requests==2.21.0
diff --git a/requirements/cext.txt b/requirements/cext.txt
index 056967d91fd..da4bb82ad31 100644
--- a/requirements/cext.txt
+++ b/requirements/cext.txt
@@ -1,8 +1,8 @@
 # If libraries in here have dependencies
 # they must be explicitly listed in here if
 # they have architecture requirements, or
-# in other files toe ensure they are properly
+# in other files to ensure they are properly
 # installed - as these dependencies are installed
 # without their dependencies.
-cryptography==2.3
 cffi==1.14.4
+cryptography==3.3.2
diff --git a/requirements/cext_noarch.txt b/requirements/cext_noarch.txt
index 531c25877e8..640c1563941 100644
--- a/requirements/cext_noarch.txt
+++ b/requirements/cext_noarch.txt
@@ -3,3 +3,4 @@
 # arch/OS/pyVesion
 pyOpenSSL==18.0.0
 asn1crypto==1.4.0
+pycparser==2.21