From 9601d85e499f7e56de229aad560cb460fb1f66d7 Mon Sep 17 00:00:00 2001
From: Stephane Bouchet <sbouchet@redhat.com>
Date: Fri, 3 Apr 2026 12:16:40 +0200
Subject: [PATCH] Fix handlebars vulnerabilities by overriding to 4.7.9

Override handlebars to 4.7.9 in che-api, che-port, che-remote,
che-resource-monitor, and launcher to fix 8 vulnerabilities
including critical JS injection (CVSS 9.8) and multiple high
severity issues affecting versions 4.0.0-4.7.8.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 code/extensions/che-api/package-lock.json              | 6 +++---
 code/extensions/che-api/package.json                   | 3 ++-
 code/extensions/che-port/package-lock.json             | 6 +++---
 code/extensions/che-port/package.json                  | 3 ++-
 code/extensions/che-remote/package-lock.json           | 6 +++---
 code/extensions/che-remote/package.json                | 3 ++-
 code/extensions/che-resource-monitor/package-lock.json | 6 +++---
 code/extensions/che-resource-monitor/package.json      | 3 ++-
 launcher/package-lock.json                             | 6 +++---
 launcher/package.json                                  | 3 ++-
 10 files changed, 25 insertions(+), 20 deletions(-)

diff --git a/code/extensions/che-api/package-lock.json b/code/extensions/che-api/package-lock.json
index f302a8b275f..e60d2cb4478 100644
--- a/code/extensions/che-api/package-lock.json
+++ b/code/extensions/che-api/package-lock.json
@@ -2396,9 +2396,9 @@
       "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ=="
     },
     "node_modules/handlebars": {
-      "version": "4.7.8",
-      "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.8.tgz",
-      "integrity": "sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==",
+      "version": "4.7.9",
+      "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.9.tgz",
+      "integrity": "sha512-4E71E0rpOaQuJR2A3xDZ+GM1HyWYv1clR58tC8emQNeQe3RH7MAzSbat+V0wG78LQBo6m6bzSG/L4pBuCsgnUQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
diff --git a/code/extensions/che-api/package.json b/code/extensions/che-api/package.json
index 9471c8e9773..39d7c3db7c6 100644
--- a/code/extensions/che-api/package.json
+++ b/code/extensions/che-api/package.json
@@ -51,7 +51,8 @@
     "webpack-node-externals": "^3.0.0"
   },
   "overrides": {
-    "minimatch": "^3.1.5"
+    "minimatch": "^3.1.5",
+    "handlebars": "4.7.9"
   },
   "repository": {
     "type": "git",
diff --git a/code/extensions/che-port/package-lock.json b/code/extensions/che-port/package-lock.json
index 7f409d325ed..89bc5e2c708 100644
--- a/code/extensions/che-port/package-lock.json
+++ b/code/extensions/che-port/package-lock.json
@@ -2086,9 +2086,9 @@
       "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ=="
     },
     "node_modules/handlebars": {
-      "version": "4.7.8",
-      "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.8.tgz",
-      "integrity": "sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==",
+      "version": "4.7.9",
+      "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.9.tgz",
+      "integrity": "sha512-4E71E0rpOaQuJR2A3xDZ+GM1HyWYv1clR58tC8emQNeQe3RH7MAzSbat+V0wG78LQBo6m6bzSG/L4pBuCsgnUQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
diff --git a/code/extensions/che-port/package.json b/code/extensions/che-port/package.json
index 838437991ad..a27f6f827c8 100644
--- a/code/extensions/che-port/package.json
+++ b/code/extensions/che-port/package.json
@@ -54,7 +54,8 @@
     "jsdom": {
       "form-data": "3.0.4"
     },
-    "minimatch": "^3.1.5"
+    "minimatch": "^3.1.5",
+    "handlebars": "4.7.9"
   },
   "repository": {
     "type": "git",
diff --git a/code/extensions/che-remote/package-lock.json b/code/extensions/che-remote/package-lock.json
index e68219d9a5f..4a497fb1f03 100644
--- a/code/extensions/che-remote/package-lock.json
+++ b/code/extensions/che-remote/package-lock.json
@@ -2754,9 +2754,9 @@
       "dev": true
     },
     "node_modules/handlebars": {
-      "version": "4.7.8",
-      "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.8.tgz",
-      "integrity": "sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==",
+      "version": "4.7.9",
+      "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.9.tgz",
+      "integrity": "sha512-4E71E0rpOaQuJR2A3xDZ+GM1HyWYv1clR58tC8emQNeQe3RH7MAzSbat+V0wG78LQBo6m6bzSG/L4pBuCsgnUQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
diff --git a/code/extensions/che-remote/package.json b/code/extensions/che-remote/package.json
index 64c551df1e1..0a91b859853 100644
--- a/code/extensions/che-remote/package.json
+++ b/code/extensions/che-remote/package.json
@@ -59,7 +59,8 @@
     },
     "lodash": "^4.17.23",
     "ajv": "6.14.0",
-    "minimatch": "^3.1.5"
+    "minimatch": "^3.1.5",
+    "handlebars": "4.7.9"
   },
   "repository": {
     "type": "git",
diff --git a/code/extensions/che-resource-monitor/package-lock.json b/code/extensions/che-resource-monitor/package-lock.json
index f22cdc6c6c0..a4fe60ea1c3 100644
--- a/code/extensions/che-resource-monitor/package-lock.json
+++ b/code/extensions/che-resource-monitor/package-lock.json
@@ -2355,9 +2355,9 @@
       "license": "ISC"
     },
     "node_modules/handlebars": {
-      "version": "4.7.8",
-      "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.8.tgz",
-      "integrity": "sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==",
+      "version": "4.7.9",
+      "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.9.tgz",
+      "integrity": "sha512-4E71E0rpOaQuJR2A3xDZ+GM1HyWYv1clR58tC8emQNeQe3RH7MAzSbat+V0wG78LQBo6m6bzSG/L4pBuCsgnUQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
diff --git a/code/extensions/che-resource-monitor/package.json b/code/extensions/che-resource-monitor/package.json
index aba7d25097f..6a19d7462e2 100644
--- a/code/extensions/che-resource-monitor/package.json
+++ b/code/extensions/che-resource-monitor/package.json
@@ -47,7 +47,8 @@
     "ts-jest": "29.4.5"
   },
   "overrides": {
-    "minimatch": "^3.1.5"
+    "minimatch": "^3.1.5",
+    "handlebars": "4.7.9"
   },
   "repository": {
     "type": "git",
diff --git a/launcher/package-lock.json b/launcher/package-lock.json
index 0735288b52e..fa3190a3111 100644
--- a/launcher/package-lock.json
+++ b/launcher/package-lock.json
@@ -2952,9 +2952,9 @@
       "dev": true
     },
     "node_modules/handlebars": {
-      "version": "4.7.8",
-      "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.8.tgz",
-      "integrity": "sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==",
+      "version": "4.7.9",
+      "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.9.tgz",
+      "integrity": "sha512-4E71E0rpOaQuJR2A3xDZ+GM1HyWYv1clR58tC8emQNeQe3RH7MAzSbat+V0wG78LQBo6m6bzSG/L4pBuCsgnUQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
diff --git a/launcher/package.json b/launcher/package.json
index ab2dab5ed0a..e9c2b2e6750 100644
--- a/launcher/package.json
+++ b/launcher/package.json
@@ -52,7 +52,8 @@
       "ajv": "^8.18.0"
     },
     "ajv": "6.14.0",
-    "minimatch": "^3.1.5"
+    "minimatch": "^3.1.5",
+    "handlebars": "4.7.9"
   },
   "jest": {
     "collectCoverage": true,