diff --git a/.snyk b/.snyk
index bc4697fd5..000b064a6 100644
--- a/.snyk
+++ b/.snyk
@@ -1,4 +1,6 @@
-version: v1.5.2
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.1
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
   'npm:minimatch:20160620':
     - node-sass-middleware > node-sass > node-gyp > minimatch:
@@ -17,6 +19,7 @@ ignore:
     - karma > socket.io > engine.io > accepts > negotiator:
         reason: None given
         expires: '2016-08-18T07:45:03.181Z'
+# patches apply the minimum changes required to fix a vulnerability
 patch:
   'npm:minimatch:20160620':
     - node-sass-middleware > node-sass > node-gyp > glob > minimatch:
@@ -64,16 +67,16 @@ patch:
   'npm:ws:20160624':
     - karma > socket.io > socket.io-client > engine.io-client > ws:
         patched: '2016-07-25T08:23:48.823Z'
-      karma > socket.io > engine.io > ws:
-        patched: '2016-10-26T08:01:33.363Z'
     - karma > socket.io > engine.io > ws:
         patched: '2016-07-25T08:23:48.823Z'
-      karma > socket.io > socket.io-client > engine.io-client > ws:
-        patched: '2016-10-26T08:01:33.363Z'
     - socket.io > socket.io-client > engine.io-client > ws:
         patched: '2016-07-25T08:23:48.823Z'
     - socket.io > engine.io > ws:
         patched: '2016-07-25T08:23:48.823Z'
+    - karma > socket.io > engine.io > ws:
+        patched: '2016-10-26T08:01:33.363Z'
+    - karma > socket.io > socket.io-client > engine.io-client > ws:
+        patched: '2016-10-26T08:01:33.363Z'
   'npm:negotiator:20160616':
     - karma > socket.io > engine.io > accepts > negotiator:
         patched: '2016-10-26T08:01:33.363Z'
@@ -82,3 +85,16 @@ patch:
   'npm:tough-cookie:20160722':
     - karma > chokidar > fsevents > node-pre-gyp > request > tough-cookie:
         patched: '2016-10-26T08:01:33.363Z'
+  SNYK-JS-LODASH-567746:
+    - async > lodash:
+        patched: '2020-05-07T03:10:53.518Z'
+    - karma > combine-lists > lodash:
+        patched: '2020-05-07T03:10:53.518Z'
+    - mongoose > async > lodash:
+        patched: '2020-05-07T03:10:53.518Z'
+    - node-sass-middleware > node-sass > lodash:
+        patched: '2020-05-07T03:10:53.518Z'
+    - node-sass-middleware > node-sass > sass-graph > lodash:
+        patched: '2020-05-07T03:10:53.518Z'
+    - node-sass-middleware > node-sass > gaze > globule > lodash:
+        patched: '2020-05-07T03:10:53.518Z'
diff --git a/package.json b/package.json
index 77ad190a3..caa75ba5e 100644
--- a/package.json
+++ b/package.json
@@ -1,94 +1,94 @@
 {
-    "name": "cla-assistant",
-    "author": "https://github.com/cla-assistant",
-    "version": "1.4.0",
-    "homepage": "",
-    "description": "Contributor licencse agreement",
-    "keywords": [
-        "licencse",
-        "contributor",
-        "agreement",
-        "github",
-        "cla"
-    ],
-    "license": "Apache-2.0",
-    "repository": {
-        "type": "git",
-        "url": "https://github.com/cla-assistant/cla-assistant"
-    },
-    "bugs": "https://github.com/cla-assistant/cla-assistant/issues",
-    "contributors": [],
-    "dependencies": {
-        "array-sugar": "^1.2.2",
-        "async": "^2.0.0-rc",
-        "body-parser": "^1.15.2",
-        "bower": "^1.7.9",
-        "bunyan": "^1.8.1",
-        "bunyan-sentry-stream": "^1.0.2",
-        "bunyan-slack": "0.0.10",
-        "colors": "^1.1.2",
-        "cookie-parser": "^1.4.3",
-        "cookie-session": "^2.0.0-alpha.1",
-        "ejs": "^2.4.2",
-        "express": "^4.14.0",
-        "express-session": "^1.13.0",
-        "github": "^7.0.1",
-        "glob": "^7.0.5",
-        "karma": "^1.1.0",
-        "karma-mocha": "^1.1.1",
-        "memory-cache": "^0.1.6",
-        "merge": "^1.2.0",
-        "mongoose": "^4.5.2",
-        "node-sass-middleware": "^0.10.0",
-        "passport": "^0.3.2",
-        "passport-accesstoken": "^0.1.0",
-        "passport-github": "^1.1.0",
-        "q": "^1.4.1",
-        "raven": "^0.12.1",
-        "request": "^2.74.0",
-        "snyk": "^1.17.1",
-        "socket.io": "^1.5.0",
-        "valid-url": "^1.0.9",
-        "x-frame-options": "^1.0.0"
-    },
-    "devDependencies": {
-        "grunt": "^1.0.1",
-        "grunt-cli": "^1.2.0",
-        "grunt-contrib-jshint": "^1.0.0",
-        "grunt-contrib-uglify": "^2.0.0",
-        "grunt-contrib-watch": "^1.0.0",
-        "grunt-coveralls": "1.0.1",
-        "grunt-eslint": "^19.0.0",
-        "grunt-http": "2.2.0",
-        "grunt-karma": "^2.0.0",
-        "grunt-mocha-istanbul": "^5.0.1",
-        "grunt-mocha-test": "^0.13.2",
-        "grunt-scss-lint": "^0.5.0",
-        "istanbul": "^0.4.4",
-        "karma": "^1.0.0",
-        "karma-chrome-launcher": "^2.0.0",
-        "karma-mocha": "^1.0.1",
-        "karma-ng-html2js-preprocessor": "~1.0.0",
-        "karma-phantomjs-launcher": "1.0.2",
-        "load-grunt-tasks": "^3.5.0",
-        "mkdirp": "0.5.1",
-        "mocha": "^3.1.2",
-        "phantomjs-prebuilt": "^2.1.7",
-        "rewire": "^2.5.1",
-        "should": "^11.1.1",
-        "sinon": "^1.17.5",
-        "supertest": "2.0.1"
-    },
-    "engines": {
-        "node": "5.12.0"
-    },
-    "scripts": {
-        "start": "node app.js",
-        "postinstall": "bower install",
-        "test": "grunt test",
-        "snyk-monitor": "snyk auth $SNYK_TOKEN && snyk monitor",
-        "snyk-protect": "snyk protect",
-        "prepublish": "npm run snyk-protect"
-    },
-    "snyk": true
+  "name": "cla-assistant",
+  "author": "https://github.com/cla-assistant",
+  "version": "1.4.0",
+  "homepage": "",
+  "description": "Contributor licencse agreement",
+  "keywords": [
+    "licencse",
+    "contributor",
+    "agreement",
+    "github",
+    "cla"
+  ],
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/cla-assistant/cla-assistant"
+  },
+  "bugs": "https://github.com/cla-assistant/cla-assistant/issues",
+  "contributors": [],
+  "dependencies": {
+    "array-sugar": "^1.2.2",
+    "async": "^2.0.0-rc",
+    "body-parser": "^1.15.2",
+    "bower": "^1.7.9",
+    "bunyan": "^1.8.1",
+    "bunyan-sentry-stream": "^1.0.2",
+    "bunyan-slack": "0.0.10",
+    "colors": "^1.1.2",
+    "cookie-parser": "^1.4.3",
+    "cookie-session": "^2.0.0-alpha.1",
+    "ejs": "^2.4.2",
+    "express": "^4.14.0",
+    "express-session": "^1.13.0",
+    "github": "^7.0.1",
+    "glob": "^7.0.5",
+    "karma": "^1.1.0",
+    "karma-mocha": "^1.1.1",
+    "memory-cache": "^0.1.6",
+    "merge": "^1.2.0",
+    "mongoose": "^4.5.2",
+    "node-sass-middleware": "^0.10.0",
+    "passport": "^0.3.2",
+    "passport-accesstoken": "^0.1.0",
+    "passport-github": "^1.1.0",
+    "q": "^1.4.1",
+    "raven": "^0.12.1",
+    "request": "^2.74.0",
+    "snyk": "^1.319.1",
+    "socket.io": "^1.5.0",
+    "valid-url": "^1.0.9",
+    "x-frame-options": "^1.0.0"
+  },
+  "devDependencies": {
+    "grunt": "^1.0.1",
+    "grunt-cli": "^1.2.0",
+    "grunt-contrib-jshint": "^1.0.0",
+    "grunt-contrib-uglify": "^2.0.0",
+    "grunt-contrib-watch": "^1.0.0",
+    "grunt-coveralls": "1.0.1",
+    "grunt-eslint": "^19.0.0",
+    "grunt-http": "2.2.0",
+    "grunt-karma": "^2.0.0",
+    "grunt-mocha-istanbul": "^5.0.1",
+    "grunt-mocha-test": "^0.13.2",
+    "grunt-scss-lint": "^0.5.0",
+    "istanbul": "^0.4.4",
+    "karma": "^1.0.0",
+    "karma-chrome-launcher": "^2.0.0",
+    "karma-mocha": "^1.0.1",
+    "karma-ng-html2js-preprocessor": "~1.0.0",
+    "karma-phantomjs-launcher": "1.0.2",
+    "load-grunt-tasks": "^3.5.0",
+    "mkdirp": "0.5.1",
+    "mocha": "^3.1.2",
+    "phantomjs-prebuilt": "^2.1.7",
+    "rewire": "^2.5.1",
+    "should": "^11.1.1",
+    "sinon": "^1.17.5",
+    "supertest": "2.0.1"
+  },
+  "engines": {
+    "node": "5.12.0"
+  },
+  "scripts": {
+    "start": "node app.js",
+    "postinstall": "bower install",
+    "test": "grunt test",
+    "snyk-monitor": "snyk auth $SNYK_TOKEN && snyk monitor",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
+  },
+  "snyk": true
 }