Release v1.14.6 contains a few recent bug and security fixes.
What's Changed
- [Backport release-1.14] fix: avoid requiring webhook tls certificate for inactive revisions by @github-actions in #5179
- [Backport release-1.14] chore(deps): bump go-git to v5.11.0 to fix CVE-2023-49568 by @phisco in #5180
- [Backport release-1.14] Ensure ownerRef on objects for inactive package revisions by @github-actions in #5189
- [Backport release-1.14] fix(crank): error out on timeout installing package by @github-actions in #5211
- [Backport release-1.14] fix(functions): restore uid too after FromStructure by @github-actions in #5216
- [Backport release-1.14] Re-add ownership for existing CompositionRevisions after backup/restore by @github-actions in #5220
- [Backport release-1.14] Do not use version when indexing Used resources in Usage Handler by @turkenh in #5355
- [Backport release-1.14] Accept version changes in composed templates by @github-actions in #5370
- [Backport release-1.14] fix(crank/xpkg): push properly retrieve upbound credentials by @phisco in #5381
Renovate
- chore(deps): update module github.com/cloudflare/circl to v1.3.7 [security] (release-1.14) by @renovate in #5202
- chore(deps): update module golang.org/x/crypto to v0.17.0 [security] (release-1.14) by @renovate in #5184
Full Changelog: v1.14.5...v1.14.6