From 79b2f5d068a4bfc00f5ee279ff302aa30d98a9d3 Mon Sep 17 00:00:00 2001
From: Kartik Ganesh <gkart@amazon.com>
Date: Mon, 19 Jun 2023 12:45:35 -0700
Subject: [PATCH 1/2] Bump versions of gradle-info-plugin and
 nebula-publishing-plugin

This mitigates downstream dependencies to patch the CVE-2020-13956 vulnerability.

Signed-off-by: Kartik Ganesh <gkart@amazon.com>
---
 buildSrc/build.gradle | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle
index eaa4176e88737..f0e45d11ede0e 100644
--- a/buildSrc/build.gradle
+++ b/buildSrc/build.gradle
@@ -106,8 +106,8 @@ dependencies {
   api 'org.apache.commons:commons-compress:1.21'
   api 'org.apache.ant:ant:1.10.12'
   api 'com.netflix.nebula:gradle-extra-configurations-plugin:3.0.3'
-  api 'com.netflix.nebula:nebula-publishing-plugin:4.6.0'
-  api 'com.netflix.nebula:gradle-info-plugin:7.1.3'
+  api 'com.netflix.nebula:nebula-publishing-plugin:4.7.0'
+  api 'com.netflix.nebula:gradle-info-plugin:8.2.0'
   api 'org.apache.rat:apache-rat:0.13'
   api 'commons-io:commons-io:2.7'
   api "net.java.dev.jna:jna:5.5.0"

From e7a03a936c4ced3f2282f6845079475fc4be87cd Mon Sep 17 00:00:00 2001
From: Kartik Ganesh <gkart@amazon.com>
Date: Mon, 19 Jun 2023 12:52:17 -0700
Subject: [PATCH 2/2] Added changelog entry

Signed-off-by: Kartik Ganesh <gkart@amazon.com>
---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c62d0c4cf7caf..a34ed294ae3cd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Bump `netty` from 4.1.91.Final to 4.1.93.Final ([#7901](https://github.com/opensearch-project/OpenSearch/pull/7901))
 - Bump `spock-core` from 1.3-groovy-2.5 to 2.3-groovy-2.5 ([#8119](https://github.com/opensearch-project/OpenSearch/pull/8119))
 - Bump `com.google.guava:guava` from 31.0.1-jre to 32.0.1-jre ([#8107](https://github.com/opensearch-project/OpenSearch/pull/8107))
+- Bump versions of gradle-info-plugin and nebula-publishing-plugin ([#8150](https://github.com/opensearch-project/OpenSearch/pull/8150))
 
 ### Changed