From f696406cd307ef8baa169ae0f64123e2fac2f502 Mon Sep 17 00:00:00 2001
From: Kartik Ganesh <gkart@amazon.com>
Date: Mon, 19 Jun 2023 14:33:04 -0700
Subject: [PATCH] Bump versions of gradle-info-plugin and
 nebula-publishing-plugin (#8150)

* Bump versions of gradle-info-plugin and nebula-publishing-plugin

This mitigates downstream dependencies to patch the CVE-2020-13956 vulnerability.

Signed-off-by: Kartik Ganesh <gkart@amazon.com>

* Added changelog entry

Signed-off-by: Kartik Ganesh <gkart@amazon.com>

---------

Signed-off-by: Kartik Ganesh <gkart@amazon.com>
(cherry picked from commit 8251535cddeac7ec22fd619234708650b26eca3c)
---
 CHANGELOG.md          | 1 +
 buildSrc/build.gradle | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a4d8edc93af2c..1a6b54ee0c5cb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Bump `netty` from 4.1.91.Final to 4.1.93.Final ([#7901](https://github.com/opensearch-project/OpenSearch/pull/7901))
 - Bump `spock-core` from 1.3-groovy-2.5 to 2.3-groovy-2.5 ([#8119](https://github.com/opensearch-project/OpenSearch/pull/8119))
 - Bump `com.google.guava:guava` from 31.0.1-jre to 32.0.1-jre ([#8107](https://github.com/opensearch-project/OpenSearch/pull/8107))
+- Bump versions of gradle-info-plugin and nebula-publishing-plugin ([#8150](https://github.com/opensearch-project/OpenSearch/pull/8150))
 
 ### Changed
 ### Deprecated
diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle
index 0133876116283..8eb87ef61f087 100644
--- a/buildSrc/build.gradle
+++ b/buildSrc/build.gradle
@@ -106,8 +106,8 @@ dependencies {
   api 'org.apache.commons:commons-compress:1.21'
   api 'org.apache.ant:ant:1.10.12'
   api 'com.netflix.nebula:gradle-extra-configurations-plugin:3.0.3'
-  api 'com.netflix.nebula:nebula-publishing-plugin:4.6.0'
-  api 'com.netflix.nebula:gradle-info-plugin:7.1.3'
+  api 'com.netflix.nebula:nebula-publishing-plugin:4.7.0'
+  api 'com.netflix.nebula:gradle-info-plugin:8.2.0'
   api 'org.apache.rat:apache-rat:0.13'
   api 'commons-io:commons-io:2.7'
   api "net.java.dev.jna:jna:5.5.0"