Update git to 2.38.1 and git-lfs to 3.2.0 to address CVE-2022-29187 (!3674) · Merge requests · GitLab.org / gitlab-runner · GitLab

Axel von Bertoldi requested to merge avonbertoldi/29360-update-git-version into main Oct 21, 2022

What does this MR do?

Upgrades git from version 2.30.2 to 2.38.1
Upgrade git-lfs from version 2.13.3 to 3.2.0

Why was this MR needed?

Some of our security scans highlighted these two packages as having vulnerabilities, which necessitates an upgrade.

What's the best way to test this MR?

If the CI pipeline continues to pass I think we're good.

What are the relevant issue numbers?

close https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29360 https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29357

Edited Oct 25, 2022 by Romuald Atchadé