diff --git a/scripts/code.angularjs.org-firebase/functions/.snyk b/scripts/code.angularjs.org-firebase/functions/.snyk
new file mode 100644
index 000000000000..84f02035aa0e
--- /dev/null
+++ b/scripts/code.angularjs.org-firebase/functions/.snyk
@@ -0,0 +1,10 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.21.5
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:hoek:20180212':
+    - firebase-admin > jsonwebtoken > joi > hoek:
+        patched: '2021-09-01T03:32:15.757Z'
+    - firebase-admin > jsonwebtoken > joi > topo > hoek:
+        patched: '2021-09-01T03:32:15.757Z'
diff --git a/scripts/code.angularjs.org-firebase/functions/package.json b/scripts/code.angularjs.org-firebase/functions/package.json
index 71a68bd6d34a..8abbc8f491b0 100644
--- a/scripts/code.angularjs.org-firebase/functions/package.json
+++ b/scripts/code.angularjs.org-firebase/functions/package.json
@@ -4,7 +4,13 @@
   "dependencies": {
     "@google-cloud/storage": "^1.1.1",
     "firebase-admin": "^4.2.1",
-    "firebase-functions": "^0.5.9"
+    "firebase-functions": "^3.6.2",
+    "@snyk/protect": "latest"
   },
-  "private": true
+  "private": true,
+  "scripts": {
+    "prepublish": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
+  },
+  "snyk": true
 }