ghost 4.23.0 → 4.24.0

package/core/server/web/admin/controller.js

@@ -1,10 +1,20 @@
 const debug = require('@tryghost/debug')('web:admin:controller');
+const errors = require('@tryghost/errors');
+const tpl = require('@tryghost/tpl');
 const path = require('path');
 const fs = require('fs');
 const crypto = require('crypto');
 const config = require('../../../shared/config');
 const updateCheck = require('../../update-check');
 
+const messages = {
+    templateError: {
+        message: 'Unable to find admin template file {templatePath}',
+        context: 'These template files are generated as part of the build process',
+        help: 'Please see {link}'
+    }
+};
+
 /**
  * @description Admin controller to handle /ghost/ requests.
  *
@@ -23,18 +33,31 @@ module.exports = function adminController(req, res) {
     const templatePath = path.resolve(config.get('paths').adminViews, defaultTemplate);
     const headers = {};
 
-    // Generate our own ETag header
-    //   `sendFile` by default uses filesize+lastmod date to generate an etag.
-    //   That doesn't work for admin templates because the filesize doesn't change between versions
-    //   and `npm pack` sets a fixed lastmod date for every file meaning the default etag never changes
-    const fileBuffer = fs.readFileSync(templatePath);
-    const hashSum = crypto.createHash('md5');
-    hashSum.update(fileBuffer);
-    headers.ETag = hashSum.digest('hex');
+    try {
+        // Generate our own ETag header
+        //   `sendFile` by default uses filesize+lastmod date to generate an etag.
+        //   That doesn't work for admin templates because the filesize doesn't change between versions
+        //   and `npm pack` sets a fixed lastmod date for every file meaning the default etag never changes
+        const fileBuffer = fs.readFileSync(templatePath);
+        const hashSum = crypto.createHash('md5');
+        hashSum.update(fileBuffer);
+        headers.ETag = hashSum.digest('hex');
 
-    if (config.get('adminFrameProtection')) {
-        headers['X-Frame-Options'] = 'sameorigin';
-    }
+        if (config.get('adminFrameProtection')) {
+            headers['X-Frame-Options'] = 'sameorigin';
+        }
 
-    res.sendFile(templatePath, {headers});
+        res.sendFile(templatePath, {headers});
+    } catch (error) {
+        if (error.code === 'ENOENT') {
+            throw new errors.IncorrectUsageError({
+                message: tpl(messages.templateError.message, {templatePath}),
+                context: tpl(messages.templateError.context),
+                help: tpl(messages.templateError.help, {link: 'https://ghost.org/docs/install/source/'}),
+                error: error
+            });
+        } else {
+            throw error;
+        }
+    }
 };

package/core/server/web/admin/middleware/redirect-admin-urls.js

@@ -0,0 +1,15 @@
+const urlUtils = require('../../../../shared/url-utils');
+
+function redirectAdminUrls(req, res, next) {
+    const subdir = urlUtils.getSubdir();
+    const ghostPathRegex = new RegExp(`^${subdir}/ghost/(.+)`);
+    const ghostPathMatch = req.originalUrl.match(ghostPathRegex);
+
+    if (ghostPathMatch) {
+        return res.redirect(urlUtils.urlJoin(urlUtils.urlFor('admin'), '#', ghostPathMatch[1]));
+    }
+
+    next();
+}
+
+module.exports = redirectAdminUrls;

package/core/server/web/admin/views/default-prod.html

@@ -8,7 +8,7 @@
     <title>Ghost Admin</title>
 
     
-<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%224.23%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22emberKeyboard%22%3A%7B%22disableInputsInitializer%22%3Atrue%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
+<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%224.24%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22emberKeyboard%22%3A%7B%22disableInputsInitializer%22%3Atrue%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
 
     <meta name="HandheldFriendly" content="True" />
     <meta name="MobileOptimized" content="320" />
@@ -41,7 +41,7 @@
 
     
                 <link rel="stylesheet" href="assets/vendor.min-987af30228885bce50f05c4723fe6f53.css">
-                <link rel="stylesheet" href="assets/ghost.min-fcf6a0738421f86c47c55f20d00c5ba9.css" title="light">
+                <link rel="stylesheet" href="assets/ghost.min-7f3603dbeb5ebf0ec09e207ae82fb4e3.css" title="light">
             
 
     
@@ -59,8 +59,8 @@
 <div id="ember-basic-dropdown-wormhole"></div>
 
 
-                <script src="assets/vendor.min-c9002845b6c30ac978abdadde9f33d7c.js"></script>
-                <script src="assets/ghost.min-cccc107e881b74c7aaf1a73e1e5e0dee.js"></script>
+                <script src="assets/vendor.min-1a84ac3ef74edf31c6e86810b45221cc.js"></script>
+                <script src="assets/ghost.min-d5595f9c71ebc534ccf9ac78483d357c.js"></script>
             
 </body>
 </html>

package/core/server/web/admin/views/default.html

@@ -8,7 +8,7 @@
     <title>Ghost Admin</title>
 
     
-<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%224.23%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22emberKeyboard%22%3A%7B%22disableInputsInitializer%22%3Atrue%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
+<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%224.24%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22emberKeyboard%22%3A%7B%22disableInputsInitializer%22%3Atrue%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
 
     <meta name="HandheldFriendly" content="True" />
     <meta name="MobileOptimized" content="320" />
@@ -41,7 +41,7 @@
 
     
                 <link rel="stylesheet" href="assets/vendor.min-987af30228885bce50f05c4723fe6f53.css">
-                <link rel="stylesheet" href="assets/ghost.min-fcf6a0738421f86c47c55f20d00c5ba9.css" title="light">
+                <link rel="stylesheet" href="assets/ghost.min-7f3603dbeb5ebf0ec09e207ae82fb4e3.css" title="light">
             
 
     
@@ -59,8 +59,8 @@
 <div id="ember-basic-dropdown-wormhole"></div>
 
 
-                <script src="assets/vendor.min-c9002845b6c30ac978abdadde9f33d7c.js"></script>
-                <script src="assets/ghost.min-cccc107e881b74c7aaf1a73e1e5e0dee.js"></script>
+                <script src="assets/vendor.min-1a84ac3ef74edf31c6e86810b45221cc.js"></script>
+                <script src="assets/ghost.min-d5595f9c71ebc534ccf9ac78483d357c.js"></script>
             
 </body>
 </html>

package/core/server/web/api/canary/admin/app.js

@@ -19,9 +19,6 @@ module.exports = function setupApiApp() {
     // Query parsing
     apiApp.use(boolParser());
 
-    // send 503 json response in case of maintenance
-    apiApp.use(shared.middleware.maintenance);
-
     // Check version matches for API requests, depends on res.locals.safeVersion being set
     // Therefore must come after themeHandler.ghostLocals, for now
     apiApp.use(apiMw.versionMatch);

package/core/server/web/api/canary/content/app.js

@@ -17,9 +17,6 @@ module.exports = function setupApiApp() {
     // Query parsing
     apiApp.use(boolParser());
 
-    // send 503 json response in case of maintenance
-    apiApp.use(shared.middleware.maintenance);
-
     // API shouldn't be cached
     apiApp.use(shared.middleware.cacheControl('private'));
 

package/core/server/web/api/v2/admin/app.js

@@ -19,9 +19,6 @@ module.exports = function setupApiApp() {
     // Query parsing
     apiApp.use(boolParser());
 
-    // send 503 json response in case of maintenance
-    apiApp.use(shared.middleware.maintenance);
-
     // Check version matches for API requests, depends on res.locals.safeVersion being set
     // Therefore must come after themeHandler.ghostLocals, for now
     apiApp.use(apiMw.versionMatch);

package/core/server/web/api/v2/content/app.js

@@ -17,9 +17,6 @@ module.exports = function setupApiApp() {
     // Query parsing
     apiApp.use(boolParser());
 
-    // send 503 json response in case of maintenance
-    apiApp.use(shared.middleware.maintenance);
-
     // API shouldn't be cached
     apiApp.use(shared.middleware.cacheControl('private'));
 

package/core/server/web/api/v3/admin/app.js

@@ -19,9 +19,6 @@ module.exports = function setupApiApp() {
     // Query parsing
     apiApp.use(boolParser());
 
-    // send 503 json response in case of maintenance
-    apiApp.use(shared.middleware.maintenance);
-
     // Check version matches for API requests, depends on res.locals.safeVersion being set
     // Therefore must come after themeHandler.ghostLocals, for now
     apiApp.use(apiMw.versionMatch);

package/core/server/web/api/v3/content/app.js

@@ -17,9 +17,6 @@ module.exports = function setupApiApp() {
     // Query parsing
     apiApp.use(boolParser());
 
-    // send 503 json response in case of maintenance
-    apiApp.use(shared.middleware.maintenance);
-
     // API shouldn't be cached
     apiApp.use(shared.middleware.cacheControl('private'));
 

package/core/server/web/members/app.js

@@ -13,9 +13,6 @@ module.exports = function setupMembersApp() {
     debug('Members App setup start');
     const membersApp = express('members');
 
-    // send 503 json response in case of maintenance
-    membersApp.use(shared.middleware.maintenance);
-
     // Members API shouldn't be cached
     membersApp.use(shared.middleware.cacheControl('private'));
 

package/core/server/web/oauth/app.js

@@ -2,7 +2,6 @@ const debug = require('@tryghost/debug')('web:oauth:app');
 const {URL} = require('url');
 const express = require('../../../shared/express');
 const urlUtils = require('../../../shared/url-utils');
-const shared = require('../shared');
 const settingsCache = require('../../../shared/settings-cache');
 const models = require('../../models');
 const auth = require('../../services/auth');
@@ -24,9 +23,6 @@ module.exports = function setupOAuthApp() {
     }
     oauthApp.use(labsMiddleware);
 
-    // send 503 json response in case of maintenance
-    oauthApp.use(shared.middleware.maintenance);
-
     /**
      * Configure the passport.authenticate middleware
      * We need to configure it on each request because clientId and secret

package/core/server/web/parent/app.js

@@ -5,7 +5,13 @@ const compress = require('compression');
 const mw = require('./middleware');
 const vhost = require('@tryghost/vhost-middleware');
 
-module.exports = function setupParentApp(options = {}) {
+/**
+ * @param {Object} options
+ * @param {Boolean} [options.start]
+ * @param {Boolean} [options.backend]
+ * @param {Boolean} [options.frontend]
+ */
+module.exports = function setupParentApp({start, frontend = true, backend = true}) {
     debug('ParentApp setup start');
     const parentApp = express('parent');
 
@@ -26,14 +32,17 @@ module.exports = function setupParentApp(options = {}) {
 
     // Mount the express apps on the parentApp
 
-    // ADMIN + API
-    const backendApp = require('./backend')();
-    parentApp.use(vhost(config.getBackendMountPath(), backendApp));
-
-    // SITE + MEMBERS
-    const frontendApp = require('./frontend')(options);
-    parentApp.use(vhost(config.getFrontendMountPath(), frontendApp));
+    if (backend) {
+        debug('Mounting bakcend: ADMIN + API');
+        const backendApp = require('./backend')();
+        parentApp.use(vhost(config.getBackendMountPath(), backendApp));
+    }
 
+    if (frontend) {
+        debug('Mounting frontend: SITE + MEMBERS');
+        const frontendApp = require('./frontend')({start});
+        parentApp.use(vhost(config.getFrontendMountPath(), frontendApp));
+    }
     debug('ParentApp setup end');
 
     return parentApp;

package/core/server/web/shared/middleware/error-handler.js

@@ -60,6 +60,32 @@ _private.createHbsEngine = () => {
     return engine.express4();
 };
 
+_private.updateStack = (err) => {
+    let stackbits = err.stack.split(/\n/g);
+
+    // We build this up backwards, so we always insert at position 1
+
+    if (process.env.NODE_ENV === 'production' || err.statusCode === 404) {
+        // In production mode, remove the stack trace
+        stackbits.splice(1, stackbits.length - 1);
+    } else {
+        // In dev mode, clearly mark the strack trace
+        stackbits.splice(1, 0, `Stack Trace:`);
+    }
+
+    // Add in our custom cotext and help methods
+
+    if (err.help) {
+        stackbits.splice(1, 0, `${err.help}`);
+    }
+
+    if (err.context) {
+        stackbits.splice(1, 0, `${err.context}`);
+    }
+
+    return stackbits.join('\n');
+};
+
 /**
  * Get an error ready to be shown the the user
  *
@@ -79,14 +105,6 @@ _private.prepareError = (err, req, res, next) => {
             err = new errors.NotFoundError({
                 err: err
             });
-        } else if (err.stack.match(/node_modules\/handlebars\//)) {
-            // Temporary handling of theme errors from handlebars
-            // @TODO remove this when #10496 is solved properly
-            err = new errors.IncorrectUsageError({
-                err: err,
-                message: err.message,
-                statusCode: err.statusCode
-            });
         } else {
             err = new errors.GhostError({
                 err: err,
@@ -102,6 +120,8 @@ _private.prepareError = (err, req, res, next) => {
     // alternative for res.status();
     res.statusCode = err.statusCode;
 
+    err.stack = _private.updateStack(err);
+
     // never cache errors
     res.set({
         'Cache-Control': 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0'
@@ -123,6 +143,23 @@ _private.JSONErrorRenderer = (err, req, res, next) => { // eslint-disable-line n
     });
 };
 
+_private.JSONErrorRendererV2 = (err, req, res, next) => { // eslint-disable-line no-unused-vars
+    const userError = _private.prepareUserMessage(err, req);
+
+    res.json({
+        errors: [{
+            message: userError.message || null,
+            context: userError.context || null,
+            type: err.errorType || null,
+            details: err.errorDetails || null,
+            property: err.property || null,
+            help: err.help || null,
+            code: err.code || null,
+            id: err.id || null
+        }]
+    });
+};
+
 _private.prepareUserMessage = (err, res) => {
     const userError = {
         message: err.message,
@@ -169,23 +206,6 @@ _private.prepareUserMessage = (err, res) => {
     return userError;
 };
 
-_private.JSONErrorRendererV2 = (err, req, res, next) => { // eslint-disable-line no-unused-vars
-    const userError = _private.prepareUserMessage(err, req);
-
-    res.json({
-        errors: [{
-            message: userError.message || null,
-            context: userError.context || null,
-            type: err.errorType || null,
-            details: err.errorDetails || null,
-            property: err.property || null,
-            help: err.help || null,
-            code: err.code || null,
-            id: err.id || null
-        }]
-    });
-};
-
 _private.ErrorFallbackMessage = err => `<h1>${tpl(messages.oopsErrorTemplateHasError)}</h1>
      <p>${tpl(messages.encounteredError)}</p>
      <pre>${escapeExpression(err.message || err)}</pre>
@@ -241,39 +261,36 @@ _private.ThemeErrorRenderer = (err, req, res, next) => {
     });
 };
 
-_private.HTMLErrorRenderer = (err, req, res, next) => { // eslint-disable-line no-unused-vars
-    const data = {
-        message: err.message,
-        statusCode: err.statusCode,
-        errorDetails: err.errorDetails || []
-    };
-
-    // e.g. if you serve the admin /ghost and Ghost returns a 503 because it generates the urls at the moment.
-    // This ensures that no matter what res.render will work here
-    // @TODO: put to prepare error function?
-    if (_.isEmpty(req.app.engines)) {
-        res._template = 'error';
-        req.app.engine('hbs', _private.createHbsEngine());
-        req.app.set('view engine', 'hbs');
-        req.app.set('views', config.get('paths').defaultViews);
-    }
-
-    res.render('error', data, (_err, html) => {
-        if (!_err) {
-            return res.send(html);
-        }
+/**
+ *  Borrowed heavily from finalHandler
+ */
 
-        // re-attach new error e.g. error template has syntax error or misusage
-        req.err = _err;
+const DOUBLE_SPACE_REGEXP = /\x20{2}/g;
+const NEWLINE_REGEXP = /\n/g;
+
+function createHtmlDocument(status, message) {
+    let body = escapeExpression(message)
+        .replace(NEWLINE_REGEXP, '<br>')
+        .replace(DOUBLE_SPACE_REGEXP, ' &nbsp;');
+
+    return `<!DOCTYPE html>\n
+       <html lang="en">\n
+       <head>\n
+       <meta charset="utf-8">\n
+       <title>${status} Error</title>\n
+       </head>\n
+       <body>\n
+       <pre>${status} ${body}</pre>\n
+       </body>\n
+       </html>\n`;
+}
 
-        // And then try to explain things to the user...
-        // Cheat and output the error using handlebars escapeExpression
-        return res.status(500).send(_private.ErrorFallbackMessage(_err));
-    });
+_private.HTMLErrorRenderer = (err, req, res, next) => { // eslint-disable-line no-unused-vars
+    return res.send(createHtmlDocument(res.statusCode, err.stack));
 };
 
 _private.BasicErrorRenderer = (err, req, res, next) => { // eslint-disable-line no-unused-vars
-    return res.send(res.statusCode + ' ' + err.message);
+    return res.send(res.statusCode + ' ' + err.stack);
 };
 
 errorHandler.resourceNotFound = (req, res, next) => {

package/core/server/web/shared/middleware/index.js

@@ -15,10 +15,6 @@ module.exports = {
         return require('./error-handler');
     },
 
-    get maintenance() {
-        return require('./maintenance');
-    },
-
     get prettyUrls() {
         return require('./pretty-urls');
     },

package/core/shared/labs.js

@@ -37,7 +37,12 @@ const ALPHA_FEATURES = [
     'calloutCard',
     'nftCard',
     'accordionCard',
-    'gifsCard'
+    'gifsCard',
+    'fileCard',
+    'audioCard',
+    'videoCard',
+    'productCard',
+    'quoteStyles'
 ];
 
 module.exports.GA_KEYS = [...GA_FEATURES];
@@ -47,7 +52,7 @@ module.exports.getAll = () => {
     const labs = _.cloneDeep(settingsCache.get('labs')) || {};
 
     ALPHA_FEATURES.forEach((alphaKey) => {
-        if (labs[alphaKey] && !(config.get('enableDeveloperExperiments') || process.env.NODE_ENV.match(/^testing/))) {
+        if (labs[alphaKey] && !(config.get('enableDeveloperExperiments') || process.env.NODE_ENV.startsWith('test'))) {
             delete labs[alphaKey];
         }
     });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ghost",
-  "version": "4.23.0",
+  "version": "4.24.0",
   "description": "The professional publishing platform",
   "author": "Ghost Foundation",
   "homepage": "https://ghost.org",
@@ -70,10 +70,10 @@
     "@tryghost/express-dynamic-redirects": "0.2.1",
     "@tryghost/helpers": "1.1.54",
     "@tryghost/image-transform": "1.0.18",
-    "@tryghost/job-manager": "0.8.12",
+    "@tryghost/job-manager": "0.8.13",
     "@tryghost/kg-card-factory": "3.1.0",
     "@tryghost/kg-default-atoms": "3.1.0",
-    "@tryghost/kg-default-cards": "5.8.3",
+    "@tryghost/kg-default-cards": "5.8.5",
     "@tryghost/kg-markdown-html-renderer": "5.1.0",
     "@tryghost/kg-mobiledoc-html-renderer": "5.2.0",
     "@tryghost/limit-service": "1.0.0",
@@ -94,6 +94,7 @@
     "@tryghost/root-utils": "0.3.7",
     "@tryghost/security": "0.2.13",
     "@tryghost/session-service": "0.1.28",
+    "@tryghost/settings-path-manager": "0.1.2",
     "@tryghost/social-urls": "0.1.27",
     "@tryghost/string": "0.1.21",
     "@tryghost/tpl": "0.1.8",
@@ -104,7 +105,7 @@
     "@tryghost/vhost-middleware": "1.0.19",
     "@tryghost/zip": "1.1.18",
     "amperize": "0.6.1",
-    "analytics-node": "5.1.2",
+    "analytics-node": "6.0.0",
     "bluebird": "3.7.2",
     "body-parser": "1.19.0",
     "bookshelf": "1.2.0",
@@ -129,7 +130,7 @@
     "ghost-storage-base": "1.0.0",
     "glob": "7.2.0",
     "got": "9.6.0",
-    "gscan": "4.11.0",
+    "gscan": "4.13.2",
     "html-to-text": "5.1.1",
     "image-size": "1.0.0",
     "intl": "1.2.5",
@@ -144,15 +145,15 @@
     "lodash": "4.17.21",
     "luxon": "2.1.1",
     "mailgun-js": "0.22.0",
-    "metascraper": "5.25.1",
-    "metascraper-author": "5.25.1",
-    "metascraper-description": "5.25.1",
-    "metascraper-image": "5.25.1",
-    "metascraper-logo": "5.25.1",
-    "metascraper-logo-favicon": "5.25.1",
-    "metascraper-publisher": "5.25.1",
-    "metascraper-title": "5.25.1",
-    "metascraper-url": "5.25.1",
+    "metascraper": "5.25.2",
+    "metascraper-author": "5.25.2",
+    "metascraper-description": "5.25.2",
+    "metascraper-image": "5.25.2",
+    "metascraper-logo": "5.25.2",
+    "metascraper-logo-favicon": "5.25.2",
+    "metascraper-publisher": "5.25.2",
+    "metascraper-title": "5.25.2",
+    "metascraper-url": "5.25.2",
     "moment": "2.24.0",
     "moment-timezone": "0.5.23",
     "multer": "1.4.3",
@@ -165,7 +166,7 @@
     "path-match": "1.2.4",
     "probe-image-size": "5.0.0",
     "rss": "1.2.2",
-    "sanitize-html": "2.5.3",
+    "sanitize-html": "2.6.0",
     "semver": "7.3.5",
     "stoppable": "1.1.0",
     "tough-cookie": "4.0.0",
@@ -173,7 +174,7 @@
     "xml": "1.0.1"
   },
   "optionalDependencies": {
-    "@tryghost/html-to-mobiledoc": "1.3.2",
+    "@tryghost/html-to-mobiledoc": "1.3.4",
     "sqlite3": "5.0.2"
   },
   "devDependencies": {
@@ -182,7 +183,7 @@
     "coffeescript": "2.6.1",
     "cssnano": "5.0.11",
     "eslint": "7.32.0",
-    "eslint-plugin-ghost": "2.7.0",
+    "eslint-plugin-ghost": "2.8.0",
     "grunt": "1.4.1",
     "grunt-bg-shell": "2.3.3",
     "grunt-contrib-clean": "2.0.0",
@@ -200,7 +201,7 @@
     "mock-knex": "0.4.10",
     "nock": "13.2.1",
     "papaparse": "5.3.1",
-    "postcss": "8.3.11",
+    "postcss": "8.4.1",
     "rewire": "5.0.0",
     "should": "13.2.3",
     "sinon": "11.1.2",