diff --git a/.snyk b/.snyk
index a0d672f3d1aaac..d464bd626fec33 100644
--- a/.snyk
+++ b/.snyk
@@ -1,5 +1,5 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.7.0
+version: v1.14.1
 ignore: {}
 # patches apply the minimum changes required to fix a vulnerability
 patch:
@@ -79,3 +79,6 @@ patch:
   'npm:uglify-js:20150824':
     - jade > transformers > uglify-js:
         patched: '2016-07-29T23:00:15.905Z'
+  SNYK-JS-LODASH-567746:
+    - sanitize-html > lodash:
+        patched: '2020-06-04T03:33:31.846Z'
diff --git a/package.json b/package.json
index 33fd31eea96593..a296df78a32ed7 100644
--- a/package.json
+++ b/package.json
@@ -51,7 +51,7 @@
     "express": "^4.13.3",
     "express-flash": "~0.0.2",
     "express-session": "^1.12.1",
-    "express-state": "^1.2.0",
+    "express-state": "^2.0.0",
     "express-validator": "^3.0.0",
     "fetchr": "~0.5.12",
     "frameguard": "^3.0.0",
@@ -114,7 +114,7 @@
     "reselect": "^2.0.2",
     "rx": "^4.0.0",
     "sanitize-html": "^1.11.1",
-    "snyk": "^1.19.1",
+    "snyk": "^1.335.0",
     "store": "https://github.com/berkeleytrue/store.js.git#feature/noop-server",
     "uuid": "^3.0.1",
     "validator": "^6.0.0"