Bump git-lfs version to 3.4.0 (!4296) · Merge requests · GitLab.org / gitlab-runner

Axel von Bertoldi requested to merge avonbertoldi/upgrade-git-lfs into main Aug 16, 2023

This is one in a series of MRs to clean up and reduce actual and potential CVE reports runner fips images:

!4289 (merged)
👉 !4296 (merged)
!4308 (merged)

Version 3.4.0 of git-lfs includes a number of CVE vulnerability fixes, but we won't actually realize some of those fixes until we stop building git-lfs from source and instead install it from the release tarball (!4289 (merged)).

Addresses https://gitlab.com/gitlab-org/gitlab-runner/-/issues/31065#note_1460548929

Edited Aug 23, 2023 by Axel von Bertoldi

Bump git-lfs version to 3.4.0

Merge request reports