diff --git a/Cargo.toml b/Cargo.toml
index 300b064..bcef951 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -9,7 +9,7 @@ homepage = "https://github.com/rustls/webpki-roots"
 repository = "https://github.com/rustls/webpki-roots"
 
 [dependencies]
-pki-types = { package = "rustls-pki-types", version = "0.2", default-features = false }
+pki-types = { package = "rustls-pki-types", version = "0.2.2", git = "https://github.com/rustls/pki-types", rev = "f5691e203714613cf0ff3316bad17523cd41b105", default-features = false }
 
 [dev-dependencies]
 chrono = { version = "0.4.26", default-features = false, features = ["clock"] }
@@ -20,9 +20,9 @@ percent-encoding = "2.3"
 rcgen = "0.11.1"
 reqwest = { version = "0.11", features = ["rustls-tls-manual-roots"] }
 ring = "0.17.0"
-rustls-pemfile = "2.0.0-alpha.1"
+rustls-pemfile = { version = "=2.0.0-alpha.2", git = "https://github.com/rustls/pemfile", rev = "cb401aa4f1153d85c7f5a26f7fd40acbb22cfefe" }
 serde = { version = "1.0.183", features = ["derive"] }
 tokio = { version = "1", features = ["macros", "rt-multi-thread"] }
-webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.6" }
+webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.7", git = "https://github.com/rustls/webpki", rev = "5d67b622685ed4a9eff05856de0ee621fa57b7ae", features = ["alloc"] }
 x509-parser = "0.15.1"
 yasna = "0.5.2"
diff --git a/tests/codegen.rs b/tests/codegen.rs
index 704e8ef..38ce893 100644
--- a/tests/codegen.rs
+++ b/tests/codegen.rs
@@ -9,7 +9,7 @@ use num_bigint::BigUint;
 use pki_types::CertificateDer;
 use ring::digest;
 use serde::Deserialize;
-use webpki::extract_trust_anchor;
+use webpki::anchor_from_trusted_cert;
 use x509_parser::prelude::AttributeTypeAndValue;
 use x509_parser::x509::X509Name;
 
@@ -92,7 +92,7 @@ async fn new_generated_code_is_fresh() {
         assert_eq!(calculated_fp.as_ref(), metadata_fp.as_slice());
 
         let ta_der = CertificateDer::from(der.as_ref());
-        let ta = extract_trust_anchor(&ta_der).expect("malformed trust anchor der");
+        let ta = anchor_from_trusted_cert(&ta_der).expect("malformed trust anchor der");
         subject.clear();
         for &b in ta.subject.as_ref() {
             write!(&mut subject, "{}", escape_default(b)).unwrap();
diff --git a/tests/verify.rs b/tests/verify.rs
index ba56e99..57a6cec 100644
--- a/tests/verify.rs
+++ b/tests/verify.rs
@@ -1,9 +1,9 @@
 use core::time::Duration;
 use std::convert::TryFrom;
 
-use pki_types::{CertificateDer, SignatureVerificationAlgorithm, UnixTime};
+use pki_types::{CertificateDer, SignatureVerificationAlgorithm, UnixTime, ServerName};
 use rcgen::{BasicConstraints, Certificate, CertificateParams, DnType, IsCa, KeyUsagePurpose};
-use webpki::{extract_trust_anchor, EndEntityCert, Error, KeyUsage, SubjectNameRef};
+use webpki::{anchor_from_trusted_cert, EndEntityCert, Error, KeyUsage};
 use x509_parser::extensions::{GeneralName, NameConstraints as X509ParserNameConstraints};
 use x509_parser::prelude::FromDer;
 
@@ -17,7 +17,7 @@ fn name_constraints() {
     {
         let time = UnixTime::since_unix_epoch(Duration::from_secs(0x40000000)); // Time matching rcgen default.
         let test_case = ConstraintTest::new(name_constraints.as_ref());
-        let trust_anchors = &[extract_trust_anchor(&test_case.trust_anchor).unwrap()];
+        let trust_anchors = &[anchor_from_trusted_cert(&test_case.trust_anchor).unwrap()];
 
         // Each permitted EE should verify without error.
         for permitted_ee in test_case.permitted_certs {
@@ -165,7 +165,7 @@ fn tubitak_name_constraint_works() {
     let inter = CertificateDer::from(&include_bytes!("data/tubitak/inter.der")[..]);
     let subj = CertificateDer::from(&include_bytes!("data/tubitak/subj.der")[..]);
 
-    let roots = [extract_trust_anchor(&root).unwrap().to_owned()];
+    let roots = [anchor_from_trusted_cert(&root).unwrap().to_owned()];
     let now = UnixTime::since_unix_epoch(Duration::from_secs(1493668479));
     let cert = EndEntityCert::try_from(&subj).unwrap();
     cert.verify_for_usage(
@@ -179,8 +179,8 @@ fn tubitak_name_constraint_works() {
     )
     .unwrap();
 
-    let subject = SubjectNameRef::try_from_ascii_str("testssl.kamusm.gov.tr").unwrap();
-    cert.verify_is_valid_for_subject_name(subject).unwrap();
+    let subject = ServerName::try_from("testssl.kamusm.gov.tr").unwrap();
+    cert.verify_is_valid_for_subject_name(&subject).unwrap();
 }
 
 static ALL_ALGORITHMS: &[&dyn SignatureVerificationAlgorithm] = &[