I am not a lawyer, but as far as I understand, GDPR deals with the processing of personal data — such as Name, Sex, Adresses, E-Mail.
Most of your commits actual payloads (such as bug fixes and code changes) are not personal data.
They will apart from author information such as E-Mail and Name — which might well be covered under GDPR regulations.
For those Article 17 “right to be forgotten” could apply, but most probably would not be applied for the reasons stated here:
Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
(a) for exercising the right of freedom of expression and information;
(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; […]
But bis disclaimer, for actual legal advise talk to a lawyer. https://gdpr-info.eu/art-17-gdpr/