diff --git a/packages/access-control/.npmignore b/packages/access-control/.npmignore
deleted file mode 100644
index 851b108d115..00000000000
--- a/packages/access-control/.npmignore
+++ /dev/null
@@ -1,2 +0,0 @@
-**/*.md
-**/*.test.js
diff --git a/packages/app-graphql/package.json b/packages/app-graphql/package.json
deleted file mode 100644
index a30ab6de729..00000000000
--- a/packages/app-graphql/package.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
-  "name": "@keystone-next/app-graphql-legacy",
-  "description": "KeystoneJS GraphQL App.",
-  "version": "7.0.0",
-  "author": "The KeystoneJS Development Team",
-  "license": "MIT",
-  "engines": {
-    "node": ">=10.0.0"
-  },
-  "dependencies": {
-    "@keystone-next/utils-legacy": "^7.0.0",
-    "graphql": "^15.5.0",
-    "graphql-upload": "^11.0.0",
-    "nanoassert": "^2.0.0"
-  },
-  "peerDependencies": {
-    "express": "^4.17.1"
-  },
-  "devDependencies": {
-    "express": "^4.17.1"
-  },
-  "repository": "https://github.com/keystonejs/keystone/tree/master/packages/app-graphql"
-}
diff --git a/packages/keystone/lib/Keystone/index.js b/packages/keystone/lib/Keystone/index.js
index 2d44d7221bb..cfcb7bf25c0 100644
--- a/packages/keystone/lib/Keystone/index.js
+++ b/packages/keystone/lib/Keystone/index.js
@@ -1,8 +1,5 @@
 const { ApolloServer, gql } = require('apollo-server-express');
-const flattenDeep = require('lodash.flattendeep');
 const memoize = require('micro-memoize');
-const falsey = require('falsey');
-const createCorsMiddleware = require('cors');
 const { execute } = require('graphql');
 const { GraphQLUpload } = require('graphql-upload');
 const { objMerge, flatten, unique, filterValues } = require('@keystone-next/utils-legacy');
@@ -453,48 +450,4 @@ module.exports = class Keystone {
       o => Object.entries(o).length > 0
     );
   }
-
-  async _prepareMiddlewares({ dev, apps, distDir, pinoOptions, cors }) {
-    return flattenDeep([
-      // Used by other middlewares such as authentication strategies. Important
-      // to be first so the methods added to `req` are available further down
-      // the request pipeline.
-      // TODO: set up a session test rig (maybe by wrapping an in-memory store)
-      falsey(process.env.DISABLE_LOGGING) && require('express-pino-logger')(pinoOptions),
-      cors && createCorsMiddleware(cors),
-      ...(await Promise.all(
-        [
-          // Inject any field middlewares (eg; WYSIWIG's static assets)
-          // We do this first to avoid it conflicting with any catch-all routes the
-          // user may have specified
-          ...this.registeredTypes,
-          ...flattenDeep(
-            Object.values(this.auth).map(authStrategies => Object.values(authStrategies))
-          ),
-          ...apps,
-        ]
-          .filter(({ prepareMiddleware } = {}) => !!prepareMiddleware)
-          .map(app => app.prepareMiddleware({ keystone: this, dev, distDir: distDir || 'dist' }))
-      )),
-    ]).filter(middleware => !!middleware);
-  }
-
-  async prepare({
-    dev = false,
-    apps = [],
-    distDir,
-    pinoOptions,
-    cors = { origin: true, credentials: true },
-  } = {}) {
-    this.createApolloServer({ schemaName: 'internal' });
-    const middlewares = await this._prepareMiddlewares({ dev, apps, distDir, pinoOptions, cors });
-    // These function can't be called after prepare(), so make them throw an error from now on.
-    ['createList'].forEach(f => {
-      this[f] = () => {
-        throw new Error(`keystone.${f} must be called before keystone.prepare()`);
-      };
-    });
-
-    return { middlewares };
-  }
 };
diff --git a/packages/keystone/package.json b/packages/keystone/package.json
index b1a5ea2768b..f0d765074bc 100644
--- a/packages/keystone/package.json
+++ b/packages/keystone/package.json
@@ -12,7 +12,6 @@
     "@keystone-next/utils-legacy": "^7.0.0",
     "apollo-errors": "^1.9.0",
     "apollo-server-express": "^2.21.2",
-    "cors": "^2.8.5",
     "cuid": "^2.1.8",
     "ensure-error": "^3.0.1",
     "express": "^4.17.1",
@@ -21,7 +20,6 @@
     "graphql": "^15.5.0",
     "graphql-type-json": "^0.3.2",
     "graphql-upload": "^11.0.0",
-    "lodash.flattendeep": "^4.4.0",
     "micro-memoize": "^4.0.9",
     "p-waterfall": "^2.1.1",
     "pino": "^6.11.2",
diff --git a/yarn.lock b/yarn.lock
index b43eb4cd926..5f02bc22080 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -9152,11 +9152,6 @@ lodash.flatten@^4.4.0:
   resolved "https://registry.yarnpkg.com/lodash.flatten/-/lodash.flatten-4.4.0.tgz#f31c22225a9632d2bbf8e4addbef240aa765a61f"
   integrity sha1-8xwiIlqWMtK7+OSt2+8kCqdlph8=
 
-lodash.flattendeep@^4.4.0:
-  version "4.4.0"
-  resolved "https://registry.yarnpkg.com/lodash.flattendeep/-/lodash.flattendeep-4.4.0.tgz#fb030917f86a3134e5bc9bec0d69e0013ddfedb2"
-  integrity sha1-+wMJF/hqMTTlvJvsDWngAT3f7bI=
-
 lodash.get@4.4.2:
   version "4.4.2"
   resolved "https://registry.yarnpkg.com/lodash.get/-/lodash.get-4.4.2.tgz#2d177f652fa31e939b4438d5341499dfa3825e99"