diff --git a/.snyk b/.snyk
new file mode 100644
index 00000000..2a8651a8
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,30 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:hoek:20180212':
+    - aegir > karma > log4js > loggly > request > hawk > hoek:
+        patched: '2022-08-24T15:52:37.062Z'
+    - aegir > karma > log4js > loggly > request > hawk > boom > hoek:
+        patched: '2022-08-24T15:52:37.062Z'
+    - aegir > karma > log4js > loggly > request > hawk > sntp > hoek:
+        patched: '2022-08-24T15:52:37.062Z'
+    - interface-ipfs-core > aegir > karma > log4js > loggly > request > hawk > hoek:
+        patched: '2022-08-24T15:52:37.062Z'
+    - aegir > karma > log4js > loggly > request > hawk > cryptiles > boom > hoek:
+        patched: '2022-08-24T15:52:37.062Z'
+    - interface-ipfs-core > aegir > karma > log4js > loggly > request > hawk > boom > hoek:
+        patched: '2022-08-24T15:52:37.062Z'
+    - interface-ipfs-core > aegir > karma > log4js > loggly > request > hawk > sntp > hoek:
+        patched: '2022-08-24T15:52:37.062Z'
+    - interface-ipfs-core > aegir > karma > log4js > loggly > request > hawk > cryptiles > boom > hoek:
+        patched: '2022-08-24T15:52:37.062Z'
+  'npm:lodash:20180130':
+    - ipld > ipld-zcash > zcash-bitcore-lib > lodash:
+        patched: '2022-08-24T15:52:37.062Z'
+  'npm:tunnel-agent:20170305':
+    - aegir > karma > log4js > loggly > request > tunnel-agent:
+        patched: '2022-08-24T15:52:37.062Z'
+    - interface-ipfs-core > aegir > karma > log4js > loggly > request > tunnel-agent:
+        patched: '2022-08-24T15:52:37.062Z'
diff --git a/package.json b/package.json
index 7b3aa922..f2cb80e5 100644
--- a/package.json
+++ b/package.json
@@ -44,7 +44,9 @@
     "release-minor": "aegir release --type minor -t node -t browser",
     "release-major": "aegir release --type major -t node -t browser",
     "coverage": "aegir coverage",
-    "coverage-publish": "aegir-coverage publish"
+    "coverage-publish": "aegir-coverage publish",
+    "prepublish": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "repository": {
     "type": "git",
@@ -59,7 +61,7 @@
   },
   "homepage": "https://github.com/ipfs/js-ipfs#readme",
   "devDependencies": {
-    "aegir": "^15.1.0",
+    "aegir": "^36.2.3",
     "buffer-loader": "~0.0.1",
     "chai": "^4.1.2",
     "delay": "^3.0.0",
@@ -71,9 +73,9 @@
     "expose-loader": "~0.7.5",
     "form-data": "^2.3.2",
     "hat": "0.0.3",
-    "interface-ipfs-core": "~0.78.0",
-    "ipfsd-ctl": "~0.39.1",
-    "mocha": "^5.2.0",
+    "interface-ipfs-core": "~0.153.0",
+    "ipfsd-ctl": "~0.47.0",
+    "mocha": "^6.2.3",
     "ncp": "^2.0.0",
     "nexpect": "~0.5.0",
     "pretty-bytes": "^5.1.0",
@@ -92,11 +94,11 @@
     "boom": "^7.2.0",
     "bs58": "^4.0.1",
     "byteman": "^1.3.5",
-    "cid-tool": "~0.1.0",
+    "cid-tool": "~0.3.0",
     "cids": "~0.5.3",
     "debug": "^3.1.0",
     "err-code": "^1.1.2",
-    "file-type": "^8.1.0",
+    "file-type": "^16.5.4",
     "filesize": "^3.6.1",
     "fnv1a": "^1.0.1",
     "fsm-event": "^2.1.0",
@@ -107,40 +109,40 @@
     "hoek": "^5.0.3",
     "human-to-milliseconds": "^1.0.0",
     "interface-datastore": "~0.5.0",
-    "ipfs-api": "^24.0.0",
-    "ipfs-bitswap": "~0.20.3",
+    "ipfs-api": "^26.0.3",
+    "ipfs-bitswap": "~0.24.1",
     "ipfs-block": "~0.7.1",
     "ipfs-block-service": "~0.14.0",
-    "ipfs-http-response": "~0.1.2",
+    "ipfs-http-response": "~0.6.1",
     "ipfs-mfs": "~0.4.0",
     "ipfs-multipart": "~0.1.0",
-    "ipfs-repo": "~0.24.0",
+    "ipfs-repo": "~0.26.5",
     "ipfs-unixfs": "~0.1.15",
     "ipfs-unixfs-engine": "~0.32.3",
-    "ipld": "~0.17.3",
+    "ipld": "~0.20.2",
     "ipld-dag-cbor": "~0.12.1",
     "ipld-dag-pb": "~0.14.6",
-    "ipns": "~0.2.0",
+    "ipns": "~0.16.0",
     "is-ipfs": "~0.4.2",
     "is-pull-stream": "~0.0.0",
     "is-stream": "^1.1.0",
     "joi": "^13.4.0",
     "joi-browser": "^13.4.0",
     "joi-multiaddr": "^2.0.0",
-    "libp2p": "~0.23.0",
-    "libp2p-bootstrap": "~0.9.3",
-    "libp2p-circuit": "~0.2.0",
-    "libp2p-crypto": "~0.13.0",
-    "libp2p-floodsub": "~0.15.0",
-    "libp2p-kad-dht": "~0.10.1",
+    "libp2p": "~0.35.0",
+    "libp2p-bootstrap": "~0.14.0",
+    "libp2p-circuit": "~0.3.3",
+    "libp2p-crypto": "~0.21.2",
+    "libp2p-floodsub": "~0.23.0",
+    "libp2p-kad-dht": "~0.27.0",
     "libp2p-keychain": "~0.3.1",
-    "libp2p-mdns": "~0.12.0",
+    "libp2p-mdns": "~0.18.0",
     "libp2p-mplex": "~0.8.0",
-    "libp2p-record": "~0.5.1",
-    "libp2p-secio": "~0.10.0",
+    "libp2p-record": "~0.6.0",
+    "libp2p-secio": "~0.11.1",
     "libp2p-tcp": "~0.12.0",
-    "libp2p-webrtc-star": "~0.15.3",
-    "libp2p-websocket-star": "~0.8.1",
+    "libp2p-webrtc-star": "~0.25.0",
+    "libp2p-websocket-star": "~0.10.2",
     "libp2p-websockets": "~0.12.0",
     "lodash": "^4.17.10",
     "mafmt": "^6.0.0",
@@ -152,9 +154,9 @@
     "multihashes": "~0.4.13",
     "once": "^1.4.0",
     "path-exists": "^3.0.0",
-    "peer-book": "~0.8.0",
-    "peer-id": "~0.11.0",
-    "peer-info": "~0.14.1",
+    "peer-book": "~0.9.0",
+    "peer-id": "~0.16.0",
+    "peer-info": "~0.15.0",
     "progress": "^2.0.0",
     "promisify-es6": "^1.0.3",
     "pull-abortable": "^4.1.1",
@@ -174,10 +176,11 @@
     "tar-stream": "^1.6.1",
     "temp": "~0.8.3",
     "through2": "^2.0.3",
-    "update-notifier": "^2.5.0",
-    "yargs": "^12.0.1",
-    "yargs-parser": "^10.1.0",
-    "yargs-promise": "^1.1.0"
+    "update-notifier": "^6.0.0",
+    "yargs": "^13.2.4",
+    "yargs-parser": "^13.1.2",
+    "yargs-promise": "^1.1.0",
+    "@snyk/protect": "latest"
   },
   "optionalDependencies": {
     "prom-client": "^11.1.1",
@@ -282,5 +285,6 @@
     "Łukasz Magiera <magik6k@users.noreply.github.com>",
     "Максим Ильин <negamaxi@gmail.com>",
     "ᴠɪᴄᴛᴏʀ ʙᴊᴇʟᴋʜᴏʟᴍ <victorbjelkholm@gmail.com>"
-  ]
+  ],
+  "snyk": true
 }