Changed Ghost to use scoped brute-knex

[aileen]

Summary

• replaces the deprecated unscoped brute-knex dependency with @tryghost/brute-knex
• updates Ghost's rate limiter middleware to require the scoped package directly
• adds a DB-backed integration test for the real BruteKnex store contract against Ghost's brute table
• declares the runtime @tryghost/domain-events -> @tryghost/logging package extension so fresh installs link the test bootstrap dependency consistently

Testing

• pnpm test:single test/integration/web/shared/middleware/api/brute-knex-store.test.js
• pnpm test:single test/e2e-api/admin/rate-limiting.test.js
• pnpm test:single test/e2e-api/admin/email-preview-rate-limiter.test.js
• pnpm test:single test/e2e-api/members/send-magic-link.test.js
• pnpm test:single test/e2e-api/webmentions/webmentions.test.js
• pnpm lint from ghost/core
• pnpm install --frozen-lockfile

Audit note

Filtered production audit for Ghost no longer reports the old brute-knex > knex@0.20.15 or brute-knex > knex > uuid@7.0.3 findings. The remaining brute-knex path findings are the existing express-brute@1.0.1 advisory and optional sqlite3 > tar path.

[coderabbitai]

Caution

Review failed

An error occurred during the review process. Please try again later.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands.}

[nx-cloud]

🤖 Nx Cloud AI Fix

Ensure the fix-ci command is configured to always run in your CI pipeline to get automatic fixes in future runs. For more information, please see https://nx.dev/ci/features/self-healing-ci

---

View your CI Pipeline Execution ↗ for commit d63cb4f

Command	Status	Duration	Result
nx run-many --target=build --projects=tag:publi...	✅ Succeeded	1s	View ↗
nx run-many -t test:unit -p ghost,@tryghost/adm...	✅ Succeeded	8m 50s	View ↗
nx run @tryghost/admin-x-settings:test:acceptance	✅ Succeeded	8m 49s	View ↗
nx run ghost:test:ci:integration	✅ Succeeded	2m 40s	View ↗
nx run ghost:test:integration	✅ Succeeded	2m 34s	View ↗
nx run @tryghost/admin:build	✅ Succeeded	4m 39s	View ↗
nx run ghost:test:legacy	✅ Succeeded	2m 57s	View ↗
nx run ghost-admin:test	✅ Succeeded	2m 42s	View ↗
Additional runs (7)	✅ Succeeded	...	View ↗

💡 Verify your cache is correct by running tasks in a sandbox. Read docs ↗

---

☁️ Nx Cloud last updated this comment at 2026-06-26 13:06:25 UTC

[coderabbitai]

Caution

Failed to replace (edit) comment. This is likely due to insufficient permissions or the comment being deleted.

Error details

{"name":"HttpError","status":500,"request":{"method":"PATCH","url":"https://api.github.com/repos/TryGhost/Ghost/issues/comments/4809771069","headers":{"accept":"application/vnd.github.v3+json","user-agent":"octokit.js/0.0.0-development octokit-core.js/7.0.6 Node.js/24","content-type":"application/json; charset=utf-8"},"body":{"body":"<!-- This is an auto-generated comment: summarize by coderabbit.ai -->\n<!-- review_stack_entry_start -->\n\n[![Review Change Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/TryGhost/Ghost/pull/28934?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)\n\n<!-- review_stack_entry_end -->\n<!-- This is an auto-generated comment: review in progress by coderabbit.ai -->\n\n> [!NOTE]\n> Currently processing new changes in this PR. This may take a few minutes, please wait...\n> \n> <details>\n> <summary>⚙️ Run configuration</summary>\n> \n> **Configuration used**: Path: .coderabbit.yaml\n> \n> **Review profile**: CHILL\n> \n> **Plan**: Pro\n> \n> **Run ID**: `d7364c9c-ef54-4750-9a46-9563ce0307de`\n> \n> </details>\n> \n> <details>\n> <summary>📥 Commits</summary>\n> \n> Reviewing files that changed from the base of the PR and between 5da054e9e44e1efd3a531678ee0fe5de5c63a5fc and d63cb4f4338359587d989d6950f2f6ca1ab1fa22.\n> \n> </details>\n> \n> <details>\n> <summary>⛔ Files ignored due to path filters (1)</summary>\n> \n> * `pnpm-lock.yaml` is excluded by `!**/pnpm-lock.yaml`\n> \n> </details>\n> \n> <details>\n> <summary>📒 Files selected for processing (4)</summary>\n> \n> * `ghost/core/core/server/web/shared/middleware/api/spam-prevention.js`\n> * `ghost/core/package.json`\n> * `ghost/core/test/integration/web/shared/middleware/api/brute-knex-store.test.js`\n> * `pnpm-workspace.yaml`\n> \n> </details>\n> \n> ```ascii\n>  _______________________________________________________________________________________________________________________________________________________________\n> < English is just a programming language. Write documents as you would write code: honor the DRY principle, use metadata, MVC, automatic generation, and so on. >\n>  ---------------------------------------------------------------------------------------------------------------------------------------------------------------\n>   \\\n>    \\   \\\n>         \\ /\\\n>         ( )\n>       .( o ).\n> ```\n\n<!-- end of auto-generated comment: review in progress by coderabbit.ai -->\n\n<!-- finishing_touch_checkbox_start -->\n\n<details>\n<summary>✨ Finishing Touches</summary>\n\n<details>\n<summary>🧪 Generate unit tests (beta)</summary>\n\n- [ ] <!-- {\"checkboxId\": \"f47ac10b-58cc-4372-a567-0e02b2c3d479\", \"radioGroupId\": \"utg-output-choice-group-unknown_comment_id\"} -->   Create PR with unit tests\n\n</details>\n\n</details>\n\n<!-- finishing_touch_checkbox_end -->\n<!-- tips_start -->\n\n---\n\n\n\n\n<sub>Comment `@coderabbitai help` to get the list of available commands.</sub>\n\n<!-- tips_end -->"},"request":{"retryCount":3,"signal":{},"retries":3,"retryAfter":16}}}

[codecov]

Codecov Report

❌ Patch coverage is 86.66667% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 74.34%. Comparing base (4e50f5f) to head (d63cb4f).
⚠️ Report is 3 commits behind head on main.

Files with missing lines	Patch %	Lines
...erver/web/shared/middleware/api/spam-prevention.js	86.66%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #28934      +/-   ##
==========================================
- Coverage   74.34%   74.34%   -0.01%     
==========================================
  Files        1559     1559              
  Lines      135051   134924     -127     
  Branches    16410    16387      -23     
==========================================
- Hits       100405   100305     -100     
+ Misses      33626    33599      -27     
  Partials     1020     1020              

Flag	Coverage Δ
admin-tests	55.15% <ø> (ø)
e2e-tests	76.49% <86.66%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.