From 90037960517e4e83ffc34a211ab837336e075573 Mon Sep 17 00:00:00 2001
From: Wilken Rivera <dev@wilkenrivera.com>
Date: Fri, 28 Jun 2024 14:40:26 +0000
Subject: [PATCH 1/2] backport of commit
 04145ac80d48bf750f137b8da06bbce6048a7f2a

---
 CHANGELOG.md | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ff87597c71e..ca23eb5c55c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,30 @@
+## 1.11.1 (Upcoming)
+
+### NOTES:
+* Future Scaffolding: This release contains additional changes that allow
+     Packer core to validate access a HCP Packer bucket before trying to
+     publish to it. If the bucket does not exist and the associated service
+     principle does not have permission to create the bucket Packer will fail
+     the build.[GH-13059](https://github.com/hashicorp/packer/pull/13059)
+
+### IMPROVEMENTS:
+* core/hcl2: The issue is that local variables in templates are evaluated in a
+     non-deterministic order, leading to inconsistent behavior. To fix this,
+     local variables will now build a list of direct dependencies, similar to
+     datasources, and evaluate these dependencies recursively. A caveat is that
+     there's a recursion cap of 10 to prevent infinite recursion; if this limit
+     is reached, an error is returned, prompting the user to fix their template.
+     [GH-13039](https://github.com/hashicorp/packer/pull/13039)
+* core: bump github.com/hashicorp/hcp-sdk-go from 0.96.0 to 0.99.0
+     [GH-13063](https://github.com/hashicorp/packer/pull/13063)
+* core: bump github.com/hashicorp/packer-plugin-sdk from 0.5.3 to 0.5.4
+     [GH-13061](https://github.com/hashicorp/packer/pull/13061)
+
+### BUG FIXES:
+* core/hcp: Change UpsertBucket to call GetBucket to address unauthorized error
+     from ustream API.
+     [GH-13059](https://github.com/hashicorp/packer/pull/13059)
+
 ## 1.11.0 (2024-05-31)
 
 ### NOTES:

From bf0d64beb2fd31c42ddaaec37ff77085c4f78a5c Mon Sep 17 00:00:00 2001
From: Wilken Rivera <dev@wilkenrivera.com>
Date: Fri, 28 Jun 2024 17:59:52 +0000
Subject: [PATCH 2/2] backport of commit
 760fbc2046c12e66de77cd9d385d8b1a46996db3

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ca23eb5c55c..2fba9c8367c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@
      principle does not have permission to create the bucket Packer will fail
      the build.[GH-13059](https://github.com/hashicorp/packer/pull/13059)
 
+### SECURITY:
+* core: Bump github.com/hashicorp/go-retryablehttp to address
+     CVE-2024-6104.[GH-13081](https://github.com/hashicorp/packer/pull/13081)
+
 ### IMPROVEMENTS:
 * core/hcl2: The issue is that local variables in templates are evaluated in a
      non-deterministic order, leading to inconsistent behavior. To fix this,