From bae8adda6c8bcdd58964f7f137fe5db8469a6b5a Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 14 Feb 2026 09:11:50 +0000
Subject: [PATCH 1/2] fix: package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-15274295
- https://snyk.io/vuln/SNYK-JS-QS-15268416
---
 package.json | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/package.json b/package.json
index 197427ce416..7d2f8f3d4a6 100644
--- a/package.json
+++ b/package.json
@@ -29,7 +29,7 @@
     "archiver": "1.2.0",
     "bcryptjs": "2.3.0",
     "bluebird": "3.4.6",
-    "body-parser": "1.15.2",
+    "body-parser": "1.20.4",
     "brute-knex": "https://github.com/cobbspur/brute-knex/tarball/0cb28fa8e3230dcbf6bca8b991dbb340b9fff6cc",
     "bookshelf": "https://github.com/kirrg001/bookshelf/tarball/feature/creating-event-attached-models",
     "bunyan": "1.8.1",
@@ -44,7 +44,7 @@
     "csv-parser": "1.11.0",
     "debug": "2.2.0",
     "downsize": "0.0.8",
-    "express": "4.14.0",
+    "express": "4.22.0",
     "express-brute": "1.0.1",
     "express-hbs": "1.0.3",
     "extract-zip-fork": "1.5.1",
@@ -52,14 +52,14 @@
     "ghost-editor": "0.1.5",
     "ghost-gql": "0.0.5",
     "glob": "5.0.15",
-    "gscan": "0.1.1",
+    "gscan": "0.2.5",
     "html-to-text": "2.1.3",
     "image-size": "0.5.0",
     "intl": "1.2.5",
     "intl-messageformat": "1.3.0",
     "jsonpath": "0.2.7",
     "knex": "0.12.5",
-    "knex-migrator": "0.2.0",
+    "knex-migrator": "3.1.7",
     "lodash": "4.17.2",
     "mobiledoc-html-renderer": "0.3.0",
     "moment": "2.17.0",
@@ -72,7 +72,7 @@
     "nodemailer": "0.7.1",
     "oauth2orize": "1.5.1",
     "passport": "0.3.2",
-    "passport-ghost": "2.2.0",
+    "passport-ghost": "2.2.4",
     "passport-http-bearer": "1.0.1",
     "passport-oauth2-client-password": "0.1.2",
     "path-match": "1.2.4",

From 200c61666d835b502ca68a7a01807fabbc5d37e9 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sun, 15 Feb 2026 13:43:37 +0000
Subject: [PATCH 2/2] fix: package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-15274295
- https://snyk.io/vuln/SNYK-JS-QS-15268416