diff --git a/Gemfile b/Gemfile
index 9f33fc22..698cd133 100644
--- a/Gemfile
+++ b/Gemfile
@@ -21,8 +21,8 @@ gem "simple_form"
 gem "title"
 gem "uglifier"
 gem "unicorn"
-gem "devise", "~> 3.5.2"
-gem "devise_invitable", "~> 1.5.5"
+gem "devise", "~> 4.7.1"
+gem "devise_invitable"
 gem "apartment", "~> 0.26.0"
 gem "pikaday-gem", "~> 1.2.0.0"
 gem "momentjs-rails"
diff --git a/Gemfile.lock b/Gemfile.lock
index 4fc0e0f0..8b40bd71 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -589,7 +589,7 @@ GEM
       aws-sigv4 (~> 1.0)
     aws-sigv2 (1.0.1)
     aws-sigv4 (1.0.2)
-    bcrypt (3.1.11)
+    bcrypt (3.1.13)
     better_errors (2.5.1)
       coderay (>= 1.0.0)
       erubi (>= 1.0.0)
@@ -645,16 +645,15 @@ GEM
     delayed_job_active_record (4.0.3)
       activerecord (>= 3.0, < 5.0)
       delayed_job (>= 3.0, < 4.1)
-    devise (3.5.10)
+    devise (4.7.1)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
-      railties (>= 3.2.6, < 5)
+      railties (>= 4.1.0)
       responders
-      thread_safe (~> 0.1)
       warden (~> 1.2.3)
-    devise_invitable (1.5.5)
-      actionmailer (>= 3.2.6, < 5)
-      devise (>= 3.2.0)
+    devise_invitable (1.7.5)
+      actionmailer (>= 4.1.0)
+      devise (>= 4.0.0)
     diff-lcs (1.3)
     docile (1.1.5)
     dotenv (0.11.1)
@@ -795,15 +794,15 @@ GEM
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     raindrops (0.19.0)
-    rake (12.3.2)
+    rake (13.0.1)
     rbtree3 (0.5.0)
     recipient_interceptor (0.1.2)
       mail
     redcarpet (3.4.0)
     regexp_parser (1.6.0)
-    responders (2.4.0)
-      actionpack (>= 4.2.0, < 5.3)
-      railties (>= 4.2.0, < 5.3)
+    responders (2.4.1)
+      actionpack (>= 4.2.0, < 6.0)
+      railties (>= 4.2.0, < 6.0)
     rspec-core (3.8.0)
       rspec-support (~> 3.8.0)
     rspec-expectations (3.8.2)
@@ -912,8 +911,8 @@ DEPENDENCIES
   dalli
   database_cleaner
   delayed_job_active_record (= 4.0.3)
-  devise (~> 3.5.2)
-  devise_invitable (~> 1.5.5)
+  devise (~> 4.7.1)
+  devise_invitable
   dotenv-rails
   email_spec
   email_validator
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 0bd8fb0c..0b41ff2d 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
@@ -10,8 +12,8 @@ class ApplicationController < ActionController::Base
   protected
 
   def configure_permitted_parameters
-    devise_parameter_sanitizer.for(:accept_invitation).
-      concat([:first_name, :last_name])
+    devise_parameter_sanitizer.permit(:accept_invitation,
+                                      keys: %i[first_name last_name])
   end
 
   def authenticate_inviter!
@@ -27,8 +29,10 @@ def after_invite_path_for(*)
   helper_method :current_subdomain, :current_user_owner?
 
   def current_subdomain
-    @current_subdomain ||=
-      current_account.subdomain unless Hours.single_tenant_mode?
+    unless Hours.single_tenant_mode?
+      @current_subdomain ||=
+        current_account.subdomain
+    end
   end
 
   def current_user_owner?
@@ -40,7 +44,7 @@ def current_account
   end
 
   def load_schema
-    Apartment::Tenant.switch("public")
+    Apartment::Tenant.switch('public')
     return unless request.subdomain.present?
 
     if current_account
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 83b98348..a9e71ce8 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 include TimeSeriesInitializer
 
 class UsersController < ApplicationController
diff --git a/app/views/application/_navbar.html.haml b/app/views/application/_navbar.html.haml
index 35428abf..cb9ab6c8 100644
--- a/app/views/application/_navbar.html.haml
+++ b/app/views/application/_navbar.html.haml
@@ -34,4 +34,4 @@
                       %input#modal-1.modal-state{:type => "checkbox"}/
                       = render 'modal'
                 %li.devider
-                %li= link_to t("sign_out"), destroy_user_session_path
+                %li= link_to t("sign_out"), destroy_user_session_path, method: :delete
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 99d98920..6911255f 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -269,7 +269,7 @@
   # config.navigational_formats = ["*/*", :html]
 
   # The default HTTP method used to sign out a resource. Default is :delete.
-  # config.sign_out_via = :get
+  config.sign_out_via = :delete
 
   # ==> OmniAuth
   # Add a new OmniAuth provider. Check the wiki for more information on setting