Update dependency gitaly to '~> 16.10.1'

This MR contains the following updates:

Package	Update	Change
gitaly	patch	'~> 16.10.0-rc1' -> '~> 16.10.1'

MR created with the help of gitlab-org/frontend/renovate-gitlab-bot

---

Configuration

Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.

Renovate Comment

What are the next steps?

If you have been assigned as a reviewer to this Merge Request, please review this Merge Request with the same scrutiny as any community contribution:

1. Ensure that the dependencies updated meet our standards:

   • Security: Dependencies do not contain malicious code
   • Performance: Dependencies do not bloat the application code or prolong CI times unnecessarily
   • Stability: Pipelines are passing

2. Review the changes introduced by the version upgrade. Consider using https://my.diffend.io to compare the two versions in case the updated dependency is either a Ruby Gem or a Node.js package, for example to compare pg_query 2.1.0 and 2.1.4.

3. Check if bundle install works locally, in the context of GDK.

4. If tests are passing and you've reviewed the updated dependencies, execute pipelines in the context of the main project

   This MR is created from a fork, therefore not all jobs (e.g. Danger) might have been executed. Instead of hitting MWPS right away, you might want to wait until the pipeline you've just triggered finished.

   Note: This might not be available in projects, in that case merging right away is an option

5. Merge away!

Troubleshooting

We have assembled some FAQs to help reviewers of these kind of merge requests.

Improve this message – The JSON comment below is for automation purposes.

{"labels":["maintenance::dependency","type::maintenance","automation:bot-authored","backend","Engineering Productivity"],"assignees":["gitlab-dependency-update-bot"],"reviewers":["ddieulivol","godfat-gitlab","jennli","nao.hashizume","rymai","splattael"]}

mentioned in issue #365045

added Engineering Productivity automation:bot-authored backend maintenancedependency typemaintenance labels

requested review from @jennli

assigned to @gitlab-dependency-update-bot

added 1 commit

• ee27fae0 - Update dependency gitaly to '~> 16.10.0'

Compare with previous version

added 19 commits

• ee27fae0...13706971 - 18 commits from branch gitlab-org:master
• 13e6dbea - Update dependency gitaly to '~> 16.10.0'

Compare with previous version

added 17 commits

• 13e6dbea...c9bc2a57 - 16 commits from branch gitlab-org:master
• cc6cdeb2 - Update dependency gitaly to '~> 16.10.0'

Compare with previous version

Dependency change review report

This automation is under testing, please leave your feedback in the issue.

Modified Dependency: gitaly (16.10.0) Location: Gemfile.lock Version diffs

Checks passed:4/5

• ️ Latest version: 16.10.0 released on: 2024-03-20. URL: https://rubygems.org/gems/gitaly
• Latest version is in use.
• Total downloads: 26857947
• Reverse dependencies: 0
• Total number of releases: 230
• Latest version age (months): 0
• ️ Gem source could not be located in GitHub.
• ️ Maintainer emails are private. Email domain check skipped.

Change in dependency identified, pinging @gitlab-com/gl-security/appsec for review. For review guidelines refer handbook page. Hi Appsec, please resolve this thread once review is completed.

	3 Warnings
	Changing gitaly gem can cause a multi-version incompatibility incident
	The master pipeline status page reported failures in rspec system pg14 17/32 If these jobs fail in your merge request with the same errors, then they are not caused by your changes. Please check for any on-going incidents in the incident issue tracker or in the #master-broken Slack channel.
	This merge request does not refer to an existing milestone.

	1 Message
	CHANGELOG missing: If this merge request needs a changelog entry, add the Changelog trailer to the commit message you want to add to the changelog. If this merge request doesn't need a CHANGELOG entry, feel free to ignore this message.

Changing Gitaly version

This merge request requires coordination with Gitaly deployments. You must assert why this change is safe.

If these two assertions can be made, then this change is safe:

1. No Gitaly definitions that have been removed in the version bump are in use on the Rails side.
2. No Gitaly definitions that are not yet part of a released version become used without a feature flag.

In general, we can ignore the first assertion because the specs will fail as needed. If a GitLab Rails spec exercises a definition that is removed in the new Gitaly version, then that spec will fail.

You must confirm the second assertion. Failing to do so will introduce a non backward compatible change, for example during canary deployment of GitLab.com, which can cause an incident. This type of problem can also impact customers performing zero-downtime upgrades. Some options:

• This change does not cause Rails to use a new definition.
• This change causes Rails to use a new definition, but only behind a feature flag which is disabled by default. This feature flag must only be removed in a subsequent release.

Reviewer roulette

Category	Reviewer	Maintainer
backend	@rcobb (UTC-7)	@mksionek (UTC+2)

Please check reviewer's status!

• Reviewer is available!
• Reviewer is unavailable!

Please refer to documentation page for guidance on how you can benefit from the Reviewer Roulette, or use the GitLab Review Workload Dashboard to find other available reviewers.

Rubygems

This merge request adds, or changes a Rubygems dependency. Please review the Gemfile guidelines.

If needed, you can retry the danger-review job that generated this comment.

Generated by Danger

NON-BLOCKING: This MR has changed Gemfile.checksum. GitLab team members should review the following dependency SAST scans when they finish:

• gitaly-16.10.1-ruby-8f416e71

If there appear to be any true-positive vulnerabilities identified with CRITICAL or HIGH severity, if the report is misconfigured, or if you have questions, reply to this thread and mention @gitlab-com/gl-security/appsec.

Otherwise, this does not require an AppSec review.

Please also review the Gemfile development AppSec guidelines. Thank you for keeping GitLab secure!

Generated by depSASTer. Open an issue to provide feedback.

resolved all threads

changed title from Update dependency gitaly to '~> 16.10.0' to Update dependency gitaly to '~> 16.10.1'

changed the description

added 778 commits

• cc6cdeb2...b3dd2ac0 - 777 commits from branch gitlab-org:master
• 9229fd43 - Update dependency gitaly to '~> 16.10.1'

Compare with previous version

added 490 commits

• 9229fd43...60a0fb8a - 489 commits from branch gitlab-org:master
• 609229cf - Update dependency gitaly to '~> 16.10.1'

Compare with previous version

approved this merge request

added pipeline:mr-approved label

@jennli, thanks for approving this merge request.

This is the first time the merge request has been approved. To ensure we don't only run predictive pipelines, and we don't break master, a new pipeline will be started shortly.

Please wait for the pipeline to start before resolving this discussion and set auto-merge for the new pipeline. See merging a merge request for more details.

resolved all threads