diff --git a/poetry.lock b/poetry.lock
index f9cdddcc..ba438aac 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -103,18 +103,18 @@ lxml = ["lxml"]
 
 [[package]]
 name = "boto3"
-version = "1.35.19"
+version = "1.34.11"
 description = "The AWS SDK for Python"
 category = "main"
 optional = false
-python-versions = ">=3.8"
+python-versions = ">= 3.8"
 files = [
-    {file = "boto3-1.35.19-py3-none-any.whl", hash = "sha256:84b3fe1727945bc3cada832d969ddb3dc0d08fce1677064ca8bdc13a89c1a143"},
-    {file = "boto3-1.35.19.tar.gz", hash = "sha256:9979fe674780a0b7100eae9156d74ee374cd1638a9f61c77277e3ce712f3e496"},
+    {file = "boto3-1.34.11-py3-none-any.whl", hash = "sha256:1af021e0c6e3040e8de66d403e963566476235bb70f9a8e3f6784813ac2d8026"},
+    {file = "boto3-1.34.11.tar.gz", hash = "sha256:31c130a40ec0631059b77d7e87f67ad03ff1685a5b37638ac0c4687026a3259d"},
 ]
 
 [package.dependencies]
-botocore = ">=1.35.19,<1.36.0"
+botocore = ">=1.34.11,<1.35.0"
 jmespath = ">=0.7.1,<2.0.0"
 s3transfer = ">=0.10.0,<0.11.0"
 
@@ -123,23 +123,23 @@ crt = ["botocore[crt] (>=1.21.0,<2.0a0)"]
 
 [[package]]
 name = "botocore"
-version = "1.35.19"
+version = "1.34.11"
 description = "Low-level, data-driven core of boto 3."
 category = "main"
 optional = false
-python-versions = ">=3.8"
+python-versions = ">= 3.8"
 files = [
-    {file = "botocore-1.35.19-py3-none-any.whl", hash = "sha256:c83f7f0cacfe7c19b109b363ebfa8736e570d24922f16ed371681f58ebab44a9"},
-    {file = "botocore-1.35.19.tar.gz", hash = "sha256:42d6d8db7250cbd7899f786f9861e02cab17dc238f64d6acb976098ed9809625"},
+    {file = "botocore-1.34.11-py3-none-any.whl", hash = "sha256:1ff1398b6ea670e1c01ac67a33af3da854f8e700d3528289c04f319c330d8250"},
+    {file = "botocore-1.34.11.tar.gz", hash = "sha256:51905c3d623c60df5dc5794387de7caf886d350180a01a3dfa762e903edb45a9"},
 ]
 
 [package.dependencies]
 jmespath = ">=0.7.1,<2.0.0"
 python-dateutil = ">=2.1,<3.0.0"
-urllib3 = {version = ">=1.25.4,<2.2.0 || >2.2.0,<3", markers = "python_version >= \"3.10\""}
+urllib3 = {version = ">=1.25.4,<2.1", markers = "python_version >= \"3.10\""}
 
 [package.extras]
-crt = ["awscrt (==0.21.5)"]
+crt = ["awscrt (==0.19.19)"]
 
 [[package]]
 name = "certifi"
@@ -2246,4 +2246,4 @@ anyio = ">=3.0.0"
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.11"
-content-hash = "866fce1557a136bfd1312a19ea6a035d2741ea49fe1c770b5263c05c8dbda406"
+content-hash = "9a1b55b461604ce50fb081f41a061af21134cbb017260cfca16f30181d75a599"
diff --git a/pyproject.toml b/pyproject.toml
index 9b81190c..58bec104 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -43,7 +43,9 @@ django-editorjs = "^0.2.1"
 django-editorjs-fields = "^0.2.7"
 django-mptt = "^0.14.0"
 django-storages = "^1.13.2"
-boto3 = "^1.26.123"
+# TODO: when bumped to 1.35.19, urls are broken with 404s
+boto3 = "1.34.11"
+botocore = "1.34.11"
 dj-database-url = "^2.0.0"
 django-health-check = "^3.17.0"
 django-money = "^3.2.0"
@@ -55,6 +57,7 @@ cryptography = "41.0.7"
 django-admin-relation-links = "^0.2.5"
 django-mailer = "^2.3.1"
 
+
 [tool.poetry.dev-dependencies]
 pre-commit = "^2.17.0"
 pydotplus = "^2.0.2"