npm - ghost - Versions diffs - 4.15.1 → 4.16.0 - Mend

ghost 4.15.1 → 4.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

package/core/server/services/settings/settings-bread-service.js ADDED Viewed

@@ -0,0 +1,188 @@
+const _ = require('lodash');
+const tpl = require('@tryghost/tpl');
+const {NotFoundError, NoPermissionError, BadRequestError} = require('@tryghost/errors');
+const {obfuscatedSetting, isSecretSetting, hideValueIfSecret} = require('./settings-utils');
+const messages = {
+    problemFindingSetting: 'Problem finding setting: {key}',
+    accessCoreSettingFromExtReq: 'Attempted to access core setting from external request'
+};
+class SettingsBREADService {
+    /**
+     *
+     * @param {Object} options
+     * @param {Object} options.SettingsModel
+     * @param {Object} options.settingsCache - SettingsCache instance
+     */
+    constructor({SettingsModel, settingsCache}) {
+        this.SettingsModel = SettingsModel;
+        this.settingsCache = settingsCache;
+    }
+    /**
+     *
+     * @param {Object} context ghost API context instance
+     * @returns
+     */
+    browse(context) {
+        let settings = this.settingsCache.getAll();
+        // CASE: no context passed (functional call)
+        if (!context) {
+            return Promise.resolve(settings.filter((setting) => {
+                return setting.group === 'site';
+            }));
+        }
+        if (!context.internal) {
+            // CASE: omit core settings unless internal request
+            settings = _.filter(settings, (setting) => {
+                const isCore = setting.group === 'core';
+                return !isCore;
+            });
+            // CASE: omit secret settings unless internal request
+            settings = settings.map(hideValueIfSecret);
+        }
+        return settings;
+    }
+    /**
+     *
+     * @param {String} key setting key
+     * @param {Object} [context] API context instance
+     * @returns {Object} an object with a filled out key that comes in a parameter
+     */
+    read(key, context) {
+        let setting;
+        if (key === 'slack') {
+            const slackURL = this.settingsCache.get('slack_url', {resolve: false});
+            const slackUsername = this.settingsCache.get('slack_username', {resolve: false});
+            setting = slackURL || slackUsername;
+            setting.key = 'slack';
+            setting.value = [{
+                url: slackURL && slackURL.value,
+                username: slackUsername && slackUsername.value
+            }];
+        } else {
+            setting = this.settingsCache.get(key, {resolve: false});
+        }
+        if (!setting) {
+            return Promise.reject(new NotFoundError({
+                message: tpl(messages.problemFindingSetting, {
+                    key: key
+                })
+            }));
+        }
+        // @TODO: handle in settings model permissible fn
+        if (setting.group === 'core' && !(context && context.internal)) {
+            return Promise.reject(new NoPermissionError({
+                message: tpl(messages.accessCoreSettingFromExtReq)
+            }));
+        }
+        setting = hideValueIfSecret(setting);
+        return {
+            [key]: setting
+        };
+    }
+    /**
+     *
+     * @param {Object[]} settings
+     * @param {Object} options
+     * @param {Object} [options.context]
+     * @param {Object} [stripeConnectData]
+     * @returns
+     */
+    async edit(settings, options, stripeConnectData) {
+        const filteredSettings = settings.filter((setting) => {
+            // The `stripe_connect_integration_token` "setting" is only used to set the `stripe_connect_*` settings.
+            return ![
+                'stripe_connect_integration_token',
+                'stripe_connect_publishable_key',
+                'stripe_connect_secret_key',
+                'stripe_connect_livemode',
+                'stripe_connect_account_id',
+                'stripe_connect_display_name'
+            ].includes(setting.key)
+                // Remove obfuscated settings
+                && !(setting.value === obfuscatedSetting && isSecretSetting(setting));
+        });
+        const getSetting = setting => this.settingsCache.get(setting.key, {resolve: false});
+        const firstUnknownSetting = filteredSettings.find(setting => !getSetting(setting));
+        if (firstUnknownSetting) {
+            throw new NotFoundError({
+                message: tpl(messages.problemFindingSetting, {
+                    key: firstUnknownSetting.key
+                })
+            });
+        }
+        if (!(options.context && options.context.internal)) {
+            const firstCoreSetting = filteredSettings.find(setting => getSetting(setting).group === 'core');
+            if (firstCoreSetting) {
+                throw new NoPermissionError({
+                    message: tpl(messages.accessCoreSettingFromExtReq)
+                });
+            }
+        }
+        if (stripeConnectData) {
+            filteredSettings.push({
+                key: 'stripe_connect_publishable_key',
+                value: stripeConnectData.public_key
+            });
+            filteredSettings.push({
+                key: 'stripe_connect_secret_key',
+                value: stripeConnectData.secret_key
+            });
+            filteredSettings.push({
+                key: 'stripe_connect_livemode',
+                value: stripeConnectData.livemode
+            });
+            filteredSettings.push({
+                key: 'stripe_connect_display_name',
+                value: stripeConnectData.display_name
+            });
+            filteredSettings.push({
+                key: 'stripe_connect_account_id',
+                value: stripeConnectData.account_id
+            });
+        }
+        return this.SettingsModel.edit(filteredSettings, options);
+    }
+    /**
+     *
+     * @param {Object} stripeConnectIntegrationToken
+     * @param {Function} getSessionProp sync function fetching property from session store
+     * @param {Function} getStripeConnectTokenData async function retreiving Stripe Connect data for settings
+     * @returns {Promise<Object>} resolves with an object with following keys: public_key, secret_key, livemode, display_name, account_id
+     */
+    async getStripeConnectData(stripeConnectIntegrationToken, getSessionProp, getStripeConnectTokenData) {
+        if (stripeConnectIntegrationToken && stripeConnectIntegrationToken.value) {
+            try {
+                return await getStripeConnectTokenData(stripeConnectIntegrationToken.value, getSessionProp);
+            } catch (err) {
+                throw new BadRequestError({
+                    err,
+                    message: 'The Stripe Connect token could not be parsed.'
+                });
+            }
+        }
+    }
+}
+module.exports = SettingsBREADService;

package/core/server/services/settings/settings-utils.js ADDED Viewed

@@ -0,0 +1,32 @@
+// The string returned when a setting is set as write-only
+const obfuscatedSetting = '••••••••';
+/**
+ * @description // The function used to decide whether a setting is write-only
+ * @param {Object} setting setting record
+ * @param {String} setting.key
+ * @returns {Boolean}
+ */
+function isSecretSetting(setting) {
+    return /secret/.test(setting.key);
+}
+/**
+ * @description The function that obfuscates a write-only setting
+ * @param {Object} setting setting record
+ * @param {String} setting.value
+ * @param {String} setting.key
+ * @returns {Object} settings record with obfuscated value if it's a secret
+ */
+function hideValueIfSecret(setting) {
+    if (setting.value && isSecretSetting(setting)) {
+        return {...setting, value: obfuscatedSetting};
+    }
+    return setting;
+}
+module.exports = {
+    obfuscatedSetting,
+    isSecretSetting,
+    hideValueIfSecret
+};

package/core/server/services/themes/ThemeStorage.js CHANGED Viewed

@@ -60,8 +60,8 @@ class ThemeStorage extends LocalFileStorage {
     /**
      * Rename a file / folder
      *
-     *
-     * @param String fileName
+     * @param {String} srcName
+     * @param {String} destName
      */
     rename(srcName, destName) {
         let src = path.join(this.getTargetDir(), srcName);
@@ -71,9 +71,10 @@ class ThemeStorage extends LocalFileStorage {
     }
     /**
-     * Rename a file / folder
+     * Remove a file / folder
      *
-     * @param String backupName
+     * @param {String} fileName
+     * @returns {Promise<void>}
      */
     delete(fileName) {
         return fs.remove(path.join(this.getTargetDir(), fileName));

package/core/server/services/themes/activation-bridge.js CHANGED Viewed

@@ -1,5 +1,7 @@
 const debug = require('@tryghost/debug')('themes');
 const bridge = require('../../../bridge');
+const labs = require('../../../shared/labs');
+const customThemeSettings = require('../custom-theme-settings');
 /**
  * These helper methods mean that the bridge is only required in one place
@@ -8,14 +10,26 @@ const bridge = require('../../../bridge');
 module.exports = {
     activateFromBoot: (themeName, theme, checkedTheme) => {
         debug('Activating theme (method A on boot)', themeName);
+        // TODO: probably a better place for this to happen - after successful activation / when reloading site?
+        if (labs.isSet('customThemeSettings')) {
+            customThemeSettings.activateTheme(checkedTheme);
+        }
         bridge.activateTheme(theme, checkedTheme);
     },
     activateFromAPI: (themeName, theme, checkedTheme) => {
         debug('Activating theme (method B on API "activate")', themeName);
+        // TODO: probably a better place for this to happen - after successful activation / when reloading site?
+        if (labs.isSet('customThemeSettings')) {
+            customThemeSettings.activateTheme(checkedTheme);
+        }
         bridge.activateTheme(theme, checkedTheme);
     },
     activateFromAPIOverride: (themeName, theme, checkedTheme) => {
         debug('Activating theme (method C on API "override")', themeName);
+        // TODO: probably a better place for this to happen - after successful activation / when reloading site?
+        if (labs.isSet('customThemeSettings')) {
+            customThemeSettings.activateTheme(checkedTheme);
+        }
         bridge.activateTheme(theme, checkedTheme);
     }
 };

package/core/server/services/themes/validate.js CHANGED Viewed

@@ -2,6 +2,7 @@ const debug = require('@tryghost/debug')('themes');
 const _ = require('lodash');
 const fs = require('fs-extra');
 const config = require('../../../shared/config');
+const labs = require('../../../shared/labs');
 const tpl = require('@tryghost/tpl');
 const errors = require('@tryghost/errors');
@@ -27,12 +28,14 @@ const check = async function check(theme, isZip) {
         debug('zip mode');
         checkedTheme = await gscan.checkZip(theme, {
             keepExtractedDir: true,
-            checkVersion: 'canary'
+            checkVersion: 'canary',
+            labs: labs.getAll()
         });
     } else {
         debug('non-zip mode');
         checkedTheme = await gscan.check(theme.path, {
-            checkVersion: 'canary'
+            checkVersion: 'canary',
+            labs: labs.getAll()
         });
     }

package/core/server/web/admin/views/default-prod.html CHANGED Viewed

@@ -8,7 +8,7 @@
     <title>Ghost Admin</title>
-<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%224.15%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22emberKeyboard%22%3A%7B%22disableInputsInitializer%22%3Atrue%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
+<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%224.16%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22emberKeyboard%22%3A%7B%22disableInputsInitializer%22%3Atrue%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
     <meta name="HandheldFriendly" content="True" />
     <meta name="MobileOptimized" content="320" />
@@ -41,7 +41,7 @@
                 <link rel="stylesheet" href="assets/vendor.min-987af30228885bce50f05c4723fe6f53.css">
-                <link rel="stylesheet" href="assets/ghost.min-7aa074ad556a8455155ac88ceaca03ab.css" title="light">
+                <link rel="stylesheet" href="assets/ghost.min-e7612edfa72b0fe2c201b387923e6fc7.css" title="light">
@@ -59,8 +59,8 @@
 <div id="ember-basic-dropdown-wormhole"></div>
-                <script src="assets/vendor.min-ca33abc718f21a51327841d58f8875d0.js"></script>
-                <script src="assets/ghost.min-e35cfee26d942c364166f57f3dcc9e75.js"></script>
+                <script src="assets/vendor.min-3660ec7864887f1496fe7a27fd23ab76.js"></script>
+                <script src="assets/ghost.min-d1d99f3ed6e0f427874b2a11e7078475.js"></script>
 </body>
 </html>

package/core/server/web/admin/views/default.html CHANGED Viewed

@@ -8,7 +8,7 @@
     <title>Ghost Admin</title>
-<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%224.15%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22emberKeyboard%22%3A%7B%22disableInputsInitializer%22%3Atrue%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
+<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%224.16%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22emberKeyboard%22%3A%7B%22disableInputsInitializer%22%3Atrue%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
     <meta name="HandheldFriendly" content="True" />
     <meta name="MobileOptimized" content="320" />
@@ -41,7 +41,7 @@
                 <link rel="stylesheet" href="assets/vendor.min-987af30228885bce50f05c4723fe6f53.css">
-                <link rel="stylesheet" href="assets/ghost.min-7aa074ad556a8455155ac88ceaca03ab.css" title="light">
+                <link rel="stylesheet" href="assets/ghost.min-e7612edfa72b0fe2c201b387923e6fc7.css" title="light">
@@ -59,8 +59,8 @@
 <div id="ember-basic-dropdown-wormhole"></div>
-                <script src="assets/vendor.min-ca33abc718f21a51327841d58f8875d0.js"></script>
-                <script src="assets/ghost.min-e35cfee26d942c364166f57f3dcc9e75.js"></script>
+                <script src="assets/vendor.min-3660ec7864887f1496fe7a27fd23ab76.js"></script>
+                <script src="assets/ghost.min-d1d99f3ed6e0f427874b2a11e7078475.js"></script>
 </body>
 </html>

package/core/server/web/members/app.js CHANGED Viewed

@@ -7,6 +7,7 @@ const urlUtils = require('../../../shared/url-utils');
 const membersService = require('../../services/members');
 const middleware = membersService.middleware;
 const shared = require('../shared');
+const labs = require('../../../shared/labs');
 module.exports = function setupMembersApp() {
     debug('Members App setup start');
@@ -44,6 +45,7 @@ module.exports = function setupMembersApp() {
     membersApp.post('/api/create-stripe-checkout-session', (req, res, next) => membersService.api.middleware.createCheckoutSession(req, res, next));
     membersApp.post('/api/create-stripe-update-session', (req, res, next) => membersService.api.middleware.createCheckoutSetupSession(req, res, next));
     membersApp.put('/api/subscriptions/:id', (req, res, next) => membersService.api.middleware.updateSubscription(req, res, next));
+    membersApp.post('/api/events', labs.enabledMiddleware('membersActivity'), middleware.loadMemberSession, (req, res, next) => membersService.api.middleware.createEvents(req, res, next));
     // API error handling
     membersApp.use('/api', shared.middlewares.errorHandler.resourceNotFound);

package/core/shared/custom-theme-settings-cache.js ADDED Viewed

@@ -0,0 +1,3 @@
+const {Cache: CustomThemeSettingsCache} = require('@tryghost/custom-theme-settings-service');
+module.exports = new CustomThemeSettingsCache();

package/core/shared/labs.js CHANGED Viewed

@@ -27,7 +27,8 @@ const ALPHA_FEATURES = [
     'membersFiltering',
     'emailOnlyPosts',
     'customThemeSettings',
-    'membersActivity'
+    'membersActivity',
+    'offers'
 ];
 module.exports.WRITABLE_KEYS_ALLOWLIST = [...BETA_FEATURES, ...ALPHA_FEATURES];

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "ghost",
-  "version": "4.15.1",
+  "version": "4.16.0",
   "description": "The professional publishing platform",
   "author": "Ghost Foundation",
   "homepage": "https://ghost.org",
@@ -51,50 +51,51 @@
   },
   "dependencies": {
     "@nexes/nql": "0.6.0",
-    "@sentry/node": "6.12.0",
-    "@tryghost/adapter-manager": "0.2.14",
+    "@sentry/node": "6.13.2",
+    "@tryghost/adapter-manager": "0.2.15",
     "@tryghost/admin-api-schema": "2.6.0",
     "@tryghost/bookshelf-plugins": "0.3.1",
-    "@tryghost/bootstrap-socket": "0.2.9",
+    "@tryghost/bootstrap-socket": "0.2.10",
     "@tryghost/color-utils": "0.1.2",
-    "@tryghost/config-url-helpers": "0.1.0",
-    "@tryghost/constants": "0.1.8",
+    "@tryghost/config-url-helpers": "0.1.1",
+    "@tryghost/constants": "0.1.9",
+    "@tryghost/custom-theme-settings-service": "0.0.2",
     "@tryghost/debug": "0.1.5",
-    "@tryghost/email-analytics-provider-mailgun": "1.0.0",
-    "@tryghost/email-analytics-service": "1.0.0",
-    "@tryghost/errors": "0.2.13",
+    "@tryghost/email-analytics-provider-mailgun": "1.0.1",
+    "@tryghost/email-analytics-service": "1.0.1",
+    "@tryghost/errors": "0.2.14",
     "@tryghost/helpers": "1.1.52",
-    "@tryghost/image-transform": "1.0.13",
-    "@tryghost/job-manager": "0.8.7",
+    "@tryghost/image-transform": "1.0.14",
+    "@tryghost/job-manager": "0.8.8",
     "@tryghost/kg-card-factory": "3.0.4",
     "@tryghost/kg-default-atoms": "3.0.0",
     "@tryghost/kg-default-cards": "5.0.7",
     "@tryghost/kg-markdown-html-renderer": "5.0.5",
     "@tryghost/kg-mobiledoc-html-renderer": "5.1.1",
-    "@tryghost/limit-service": "0.6.1",
+    "@tryghost/limit-service": "0.6.2",
     "@tryghost/logging": "0.1.7",
-    "@tryghost/magic-link": "1.0.11",
-    "@tryghost/members-api": "1.32.3",
+    "@tryghost/magic-link": "1.0.12",
+    "@tryghost/members-api": "1.38.1",
     "@tryghost/members-csv": "1.1.6",
     "@tryghost/members-importer": "0.3.2",
-    "@tryghost/members-ssr": "1.0.12",
-    "@tryghost/mw-session-from-token": "0.1.22",
+    "@tryghost/members-ssr": "1.0.13",
+    "@tryghost/mw-session-from-token": "0.1.23",
     "@tryghost/nodemailer": "0.3.2",
-    "@tryghost/package-json": "1.0.2",
-    "@tryghost/promise": "0.1.9",
+    "@tryghost/package-json": "1.0.3",
+    "@tryghost/promise": "0.1.10",
     "@tryghost/request": "0.1.5",
     "@tryghost/root-utils": "0.3.4",
-    "@tryghost/security": "0.2.9",
-    "@tryghost/session-service": "0.1.24",
+    "@tryghost/security": "0.2.10",
+    "@tryghost/session-service": "0.1.25",
     "@tryghost/social-urls": "0.1.26",
     "@tryghost/string": "0.1.20",
-    "@tryghost/tpl": "0.1.3",
+    "@tryghost/tpl": "0.1.4",
     "@tryghost/update-check-service": "0.2.2",
     "@tryghost/url-utils": "2.0.2",
     "@tryghost/validator": "0.1.5",
     "@tryghost/version": "0.1.4",
-    "@tryghost/vhost-middleware": "1.0.15",
-    "@tryghost/zip": "1.1.14",
+    "@tryghost/vhost-middleware": "1.0.16",
+    "@tryghost/zip": "1.1.15",
     "amperize": "0.6.1",
     "analytics-node": "5.1.0",
     "bluebird": "3.7.2",
@@ -118,9 +119,9 @@
     "express-session": "1.17.2",
     "fs-extra": "10.0.0",
     "ghost-storage-base": "0.0.6",
-    "glob": "7.1.7",
+    "glob": "7.2.0",
     "got": "9.6.0",
-    "gscan": "4.2.1",
+    "gscan": "4.3.1",
     "html-to-text": "5.1.1",
     "image-size": "1.0.0",
     "intl": "1.2.5",
@@ -169,7 +170,7 @@
   "devDependencies": {
     "@lodder/grunt-postcss": "3.0.1",
     "c8": "7.9.0",
-    "coffeescript": "2.5.1",
+    "coffeescript": "2.6.0",
     "cssnano": "5.0.8",
     "eslint": "7.32.0",
     "eslint-plugin-ghost": "2.6.0",
@@ -190,7 +191,7 @@
     "mock-knex": "0.4.10",
     "nock": "13.1.3",
     "papaparse": "5.3.1",
-    "postcss": "8.3.6",
+    "postcss": "8.3.7",
     "rewire": "5.0.0",
     "should": "13.2.3",
     "sinon": "11.1.2",