Bump versions of gradle-info-plugin and nebula-publishing-plugin (#8150)

* Bump versions of gradle-info-plugin and nebula-publishing-plugin This mitigates downstream dependencies to patch the CVE-2020-13956 vulnerability. Signed-off-by: Kartik Ganesh <[email protected]> * Added changelog entry Signed-off-by: Kartik Ganesh <[email protected]> --------- Signed-off-by: Kartik Ganesh <[email protected]>
opensearch-project · Jun 19, 2023 · 8251535 · 8251535
1 parent 420a63c
commit 8251535
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Bump `netty` from 4.1.91.Final to 4.1.93.Final ([#7901](https://github.com/opensearch-project/OpenSearch/pull/7901))
 - Bump `spock-core` from 1.3-groovy-2.5 to 2.3-groovy-2.5 ([#8119](https://github.com/opensearch-project/OpenSearch/pull/8119))
 - Bump `com.google.guava:guava` from 31.0.1-jre to 32.0.1-jre ([#8107](https://github.com/opensearch-project/OpenSearch/pull/8107))
+- Bump versions of gradle-info-plugin and nebula-publishing-plugin ([#8150](https://github.com/opensearch-project/OpenSearch/pull/8150))
 
 ### Changed
 

diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle
@@ -106,8 +106,8 @@ dependencies {
   api 'org.apache.commons:commons-compress:1.21'
   api 'org.apache.ant:ant:1.10.12'
   api 'com.netflix.nebula:gradle-extra-configurations-plugin:3.0.3'
-  api 'com.netflix.nebula:nebula-publishing-plugin:4.6.0'
-  api 'com.netflix.nebula:gradle-info-plugin:7.1.3'
+  api 'com.netflix.nebula:nebula-publishing-plugin:4.7.0'
+  api 'com.netflix.nebula:gradle-info-plugin:8.2.0'
   api 'org.apache.rat:apache-rat:0.13'
   api 'commons-io:commons-io:2.7'
   api "net.java.dev.jna:jna:5.5.0"