diff --git a/connect/.snyk b/connect/.snyk
index 76241fea..2b62034f 100644
--- a/connect/.snyk
+++ b/connect/.snyk
@@ -2,9 +2,4 @@
 version: v1.25.0
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
-  SNYK-GOLANG-GITHUBCOMJACKCPGXV4-7416900:
-    - '*':
-        reason: 'Reported upstream in https://github.com/rstudio/connect/issues/27482'
-        expires: 2024-07-31T00:00:00.000Z
-        created: 2024-07-03T13:49:12.040Z
 patch: {}
diff --git a/package-manager/.snyk b/package-manager/.snyk
index e550808b..5f61b6b1 100644
--- a/package-manager/.snyk
+++ b/package-manager/.snyk
@@ -2,11 +2,19 @@
 version: v1.25.0
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
-  SNYK-GOLANG-GITHUBCOMJACKCPGXV4-7416900:
+  SNYK-GOLANG-GOLANGORGXNETHTML-8535262:
     - '*':
-        reason: >-
-          Reported upstream in
-          https://github.com/rstudio/package-manager/issues/13981
-        expires: 2024-10-01T00:00:00.000Z
-        created: 2024-07-03T14:03:16.019Z
+        reason: Patch will be ingested in next release
+        expires: 2025-03-31T00:00:00.000Z
+        created: 2025-01-24T01:05:55.359Z
+  SNYK-GOLANG-GITHUBCOMGOGITGOGITV5PLUMBING-8602520:
+    - '*':
+        reason: Patch will be ingested in next release
+        expires: 2025-03-31T00:00:00.000Z
+        created: 2025-01-24T01:08:04.773Z
+  SNYK-GOLANG-GOLANGORGXCRYPTOSSH-8496611:
+    - '*':
+        reason: Patch will be ingested in next release
+        expires: 2025-03-31T00:00:00.000Z
+        created: 2025-01-24T01:08:19.247Z
 patch: {}
diff --git a/r-session-complete/.snyk b/r-session-complete/.snyk
index 909ad99a..fdda7d7e 100644
--- a/r-session-complete/.snyk
+++ b/r-session-complete/.snyk
@@ -2,19 +2,18 @@
 version: v1.25.0
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
-  SNYK-GOLANG-GITHUBCOMCREWJAMSAML-5971016:
+  SNYK-JS-SEMVER-3247795:
     - '*':
         reason: >-
-          Reported upstream in
-          https://github.com/rstudio/rstudio-pro/issues/6529
-        expires: 2024-08-31T00:00:00.000Z
-        created: 2024-07-02T20:33:30.847Z
-  SNYK-GOLANG-GITHUBCOMGOJOSEGOJOSEV3-6070737:
+          Awaiting upstream patch in jupyterlab, but exploit should not be
+          reachable.
+        expires: 2025-03-31T00:00:00.000Z
+        created: 2025-01-24T01:42:36.788Z
+  SNYK-JS-WS-7266574:
     - '*':
         reason: >-
-          Confirmed fixed upstream in
-          https://github.com/rstudio/rstudio-pro/issues/6635. Patch will be
-          ingested in Workbench 2024.08.0 (expected within 1 week).
-        expires: 2024-08-07T00:00:00.000Z
-        created: 2024-07-31T17:46:24.852Z
+          Awaiting upstream patch in jupyterlab, but Jupyterlab is not using the
+          package component affected.
+        expires: 2025-03-31T00:00:00.000Z
+        created: 2025-01-24T01:58:55.561Z
 patch: {}
diff --git a/workbench-for-google-cloud-workstations/.snyk b/workbench-for-google-cloud-workstations/.snyk
index 557b169d..fdda7d7e 100644
--- a/workbench-for-google-cloud-workstations/.snyk
+++ b/workbench-for-google-cloud-workstations/.snyk
@@ -2,24 +2,18 @@
 version: v1.25.0
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
-  SNYK-GOLANG-GITHUBCOMCREWJAMSAML-5971016:
+  SNYK-JS-SEMVER-3247795:
     - '*':
         reason: >-
-          Reported upstream in
-          https://github.com/rstudio/rstudio-pro/issues/6529
-        expires: 2024-08-31T00:00:00.000Z
-        created: 2024-07-02T20:33:30.847Z
-  SNYK-GOLANG-GITHUBCOMGOJOSEGOJOSEV3-6070737:
+          Awaiting upstream patch in jupyterlab, but exploit should not be
+          reachable.
+        expires: 2025-03-31T00:00:00.000Z
+        created: 2025-01-24T01:42:36.788Z
+  SNYK-JS-WS-7266574:
     - '*':
         reason: >-
-          Confirmed fixed upstream in
-          https://github.com/rstudio/rstudio-pro/issues/6635. Patch will be
-          ingested in Workbench 2024.08.0 (expected within 1 week).
-        expires: 2024-08-07T00:00:00.000Z
-        created: 2024-07-31T17:46:24.852Z
-  SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285:
-    - '*':
-        reason: Vulnerability in Google Cloud SDK.
-        expires: 2024-09-01T00:00:00.000Z
-        created: 2024-07-31T19:45:25.728Z
+          Awaiting upstream patch in jupyterlab, but Jupyterlab is not using the
+          package component affected.
+        expires: 2025-03-31T00:00:00.000Z
+        created: 2025-01-24T01:58:55.561Z
 patch: {}
diff --git a/workbench-session-init/.snyk b/workbench-session-init/.snyk
new file mode 100644
index 00000000..03172021
--- /dev/null
+++ b/workbench-session-init/.snyk
@@ -0,0 +1,12 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  SNYK-JS-BODYPARSER-7926860:
+    - '*':
+        reason: >-
+          Patched upstream in Positron by upgrading express to 4.19.2. Will be
+          ingested next Workbench release.
+        expires: 2025-03-31T00:00:00.000Z
+        created: 2025-01-24T02:04:47.267Z
+patch: {}
diff --git a/workbench-session/.snyk b/workbench-session/.snyk
new file mode 100644
index 00000000..fdda7d7e
--- /dev/null
+++ b/workbench-session/.snyk
@@ -0,0 +1,19 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  SNYK-JS-SEMVER-3247795:
+    - '*':
+        reason: >-
+          Awaiting upstream patch in jupyterlab, but exploit should not be
+          reachable.
+        expires: 2025-03-31T00:00:00.000Z
+        created: 2025-01-24T01:42:36.788Z
+  SNYK-JS-WS-7266574:
+    - '*':
+        reason: >-
+          Awaiting upstream patch in jupyterlab, but Jupyterlab is not using the
+          package component affected.
+        expires: 2025-03-31T00:00:00.000Z
+        created: 2025-01-24T01:58:55.561Z
+patch: {}
diff --git a/workbench/.snyk b/workbench/.snyk
index 909ad99a..fdda7d7e 100644
--- a/workbench/.snyk
+++ b/workbench/.snyk
@@ -2,19 +2,18 @@
 version: v1.25.0
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
-  SNYK-GOLANG-GITHUBCOMCREWJAMSAML-5971016:
+  SNYK-JS-SEMVER-3247795:
     - '*':
         reason: >-
-          Reported upstream in
-          https://github.com/rstudio/rstudio-pro/issues/6529
-        expires: 2024-08-31T00:00:00.000Z
-        created: 2024-07-02T20:33:30.847Z
-  SNYK-GOLANG-GITHUBCOMGOJOSEGOJOSEV3-6070737:
+          Awaiting upstream patch in jupyterlab, but exploit should not be
+          reachable.
+        expires: 2025-03-31T00:00:00.000Z
+        created: 2025-01-24T01:42:36.788Z
+  SNYK-JS-WS-7266574:
     - '*':
         reason: >-
-          Confirmed fixed upstream in
-          https://github.com/rstudio/rstudio-pro/issues/6635. Patch will be
-          ingested in Workbench 2024.08.0 (expected within 1 week).
-        expires: 2024-08-07T00:00:00.000Z
-        created: 2024-07-31T17:46:24.852Z
+          Awaiting upstream patch in jupyterlab, but Jupyterlab is not using the
+          package component affected.
+        expires: 2025-03-31T00:00:00.000Z
+        created: 2025-01-24T01:58:55.561Z
 patch: {}