diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000000000..452d1e96c85da
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,11 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.13.3
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:debug:20170905':
+    - webpack-dashboard > socket.io > socket.io-adapter > socket.io-parser > debug:
+        patched: '2019-04-28T04:41:36.244Z'
+  'npm:ms:20170412':
+    - webpack-dashboard > socket.io > socket.io-adapter > socket.io-parser > debug > ms:
+        patched: '2019-04-28T04:41:36.244Z'
diff --git a/package.json b/package.json
index 2523235fd21f2..2c98180ebad12 100644
--- a/package.json
+++ b/package.json
@@ -36,7 +36,7 @@
     "babel-preset-stage-2": "6.24.1",
     "babel-register": "6.24.1",
     "blob": "0.0.4",
-    "body-parser": "1.17.2",
+    "body-parser": "1.18.2",
     "bounding-client-rect": "1.0.5",
     "browser-filesaver": "1.1.0",
     "chalk": "1.0.0",
@@ -59,7 +59,7 @@
     "d3-scale": "1.0.6",
     "d3-selection": "1.1.0",
     "d3-shape": "1.2.0",
-    "debug": "2.2.0",
+    "debug": "2.6.9",
     "diff": "1.4.0",
     "doctrine": "2.0.0",
     "dom-helpers": "2.4.0",
@@ -71,7 +71,7 @@
     "escape-string-regexp": "1.0.3",
     "events": "1.0.2",
     "exports-loader": "0.6.2",
-    "express": "4.13.3",
+    "express": "4.16.0",
     "express-useragent": "1.0.7",
     "filesize": "3.2.1",
     "flag-icon-css": "2.3.0",
@@ -84,27 +84,27 @@
     "hard-source-webpack-plugin": "0.3.12",
     "hash.js": "1.1.3",
     "he": "0.5.0",
-    "html-loader": "0.4.0",
-    "i18n-calypso": "1.7.3",
+    "html-loader": "0.4.4",
+    "i18n-calypso": "2.0.0",
     "immutable": "3.7.6",
     "imports-loader": "0.6.5",
     "inherits": "2.0.1",
-    "is-my-json-valid": "2.13.1",
+    "is-my-json-valid": "2.17.2",
     "jade": "pugjs/jade#29784fd",
-    "jquery": "1.11.3",
+    "jquery": "3.4.0",
     "json-loader": "0.5.4",
     "json-stable-stringify": "1.0.1",
     "key-mirror": "1.0.1",
     "keymaster": "1.6.2",
     "localforage": "1.4.3",
-    "lodash": "4.15.0",
+    "lodash": "4.17.11",
     "lru": "3.1.0",
     "lunr": "0.5.7",
-    "marked": "0.3.5",
+    "marked": "0.6.2",
     "mkdirp": "0.5.1",
-    "moment": "2.10.6",
-    "morgan": "1.2.0",
-    "ms": "0.7.1",
+    "moment": "2.19.3",
+    "morgan": "1.9.1",
+    "ms": "2.0.0",
     "name-all-modules-plugin": "1.0.1",
     "node-sass": "3.7.0",
     "notifications-panel": "1.2.4",
@@ -114,12 +114,12 @@
     "percentage-regex": "3.0.0",
     "phone": "git+https://github.com/Automattic/node-phone.git#1.0.8",
     "photon": "2.0.0",
-    "postcss-cli": "2.5.1",
+    "postcss-cli": "5.0.0",
     "prismjs": "1.6.0",
     "prop-types": "15.5.10",
     "q": "1.0.1",
     "qrcode.react": "0.6.1",
-    "qs": "4.0.0",
+    "qs": "6.0.4",
     "react": "15.4.0",
     "react-addons-create-fragment": "15.4.0",
     "react-addons-css-transition-group": "15.4.0",
@@ -138,17 +138,17 @@
     "redux-form": "7.0.2",
     "redux-thunk": "1.0.0",
     "rtlcss": "2.0.5",
-    "sanitize-html": "1.11.1",
+    "sanitize-html": "1.11.4",
     "semver": "5.1.0",
     "social-logos": "1.0.1",
-    "socket.io-client": "1.4.5",
+    "socket.io-client": "2.0.2",
     "source-map": "0.1.39",
     "source-map-loader": "0.1.5",
     "source-map-support": "0.3.2",
     "store": "1.3.16",
     "striptags": "2.1.1",
-    "superagent": "2.1.0",
-    "tinymce": "4.6.3",
+    "superagent": "3.8.1",
+    "tinymce": "4.7.12",
     "to-title-case": "0.1.5",
     "tracekit": "0.4.3",
     "tween.js": "16.3.1",
@@ -157,14 +157,15 @@
     "uuid": "2.0.1",
     "valid-url": "1.0.9",
     "walk": "2.3.4",
-    "webpack": "3.4.1",
-    "webpack-dashboard": "0.2.1",
+    "webpack": "4.0.0",
+    "webpack-dashboard": "2.0.0",
     "webpack-dev-middleware": "1.11.0",
     "webpack-hot-middleware": "2.15.0",
-    "wpcom": "5.4.0",
-    "wpcom-oauth": "0.3.3",
-    "wpcom-proxy-request": "4.0.5",
-    "wpcom-xhr-request": "1.1.1"
+    "wpcom": "5.4.2",
+    "wpcom-oauth": "0.3.4",
+    "wpcom-proxy-request": "5.0.1",
+    "wpcom-xhr-request": "1.1.2",
+    "snyk": "^1.153.0"
   },
   "engines": {
     "node": "6.11.2",
@@ -232,7 +233,9 @@
     "test-test": "cross-env NODE_ENV=test NODE_PATH=test:client:client/extensions TEST_ROOT=test node test/runner.js",
     "test-test:watch": "nodemon -e js,jsx --exec npm run -s test-test",
     "translate": "i18n-calypso --format pot --output-file ./calypso-strings.pot -e date \"**/*.js\" \"**/*.jsx\" \"!build/**\" \"!node_modules/**\" \"!public/**\" \"!client/extensions/**\"",
-    "update-deps": "npm run -s rm -- node_modules && npm run -s rm -- npm-shrinkwrap.json && npm install && npm install && npm shrinkwrap --dev"
+    "update-deps": "npm run -s rm -- node_modules && npm run -s rm -- npm-shrinkwrap.json && npm install && npm install && npm shrinkwrap --dev",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "devDependencies": {
     "5to6-codemod": "5to6/5to6-codemod#v1.7.0",
@@ -279,5 +282,6 @@
   },
   "optionalDependencies": {
     "fsevents": "1.1.1"
-  }
+  },
+  "snyk": true
 }