From c5a096bada5dbf614d7aa03ea89cb2f2b3a82c99 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 23 Jan 2026 10:40:19 +0000
Subject: [PATCH] fix: package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TAR-15038581
- https://snyk.io/vuln/SNYK-JS-LODASH-15053838
---
 package.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/package.json b/package.json
index 197427ce416..cdc62000b88 100644
--- a/package.json
+++ b/package.json
@@ -52,15 +52,15 @@
     "ghost-editor": "0.1.5",
     "ghost-gql": "0.0.5",
     "glob": "5.0.15",
-    "gscan": "0.1.1",
+    "gscan": "0.2.1",
     "html-to-text": "2.1.3",
     "image-size": "0.5.0",
     "intl": "1.2.5",
     "intl-messageformat": "1.3.0",
     "jsonpath": "0.2.7",
     "knex": "0.12.5",
-    "knex-migrator": "0.2.0",
-    "lodash": "4.17.2",
+    "knex-migrator": "3.1.7",
+    "lodash": "4.17.23",
     "mobiledoc-html-renderer": "0.3.0",
     "moment": "2.17.0",
     "moment-timezone": "0.5.9",
@@ -72,7 +72,7 @@
     "nodemailer": "0.7.1",
     "oauth2orize": "1.5.1",
     "passport": "0.3.2",
-    "passport-ghost": "2.2.0",
+    "passport-ghost": "2.3.1",
     "passport-http-bearer": "1.0.1",
     "passport-oauth2-client-password": "0.1.2",
     "path-match": "1.2.4",