Marge bot performs MR approval by impersonating the users who have approved the MR before. This happens when GitLab removes/resets the approval upon rebasing. https://docs.gitlab.com/user/project/merge_requests/approvals/settings/#remove-all-approvals-when-commits-are-added-to-the-source-branch To perform the impersonation, it is necessary to pass [SUDO](https://docs.gitlab.com/api/rest/authentication/#sudo) header to the GitLab API. As part of the change from bare [http requests to python-gitlab](https://gitlab.com/marge-org/marge-bot/-/commit/8a3442a06eb2d0a7dfdd78263d871a0711c32ddf#810fcded4c6d774b0a81e484500354751844d40a_53_35) the headers where not passed to API call which results in 401 errors. This results in Marge bot itself approves the MR first and on the next approval it experiences a 401 Unauthorized. Reason being the SUDO headers are not passed, hence it is like Marge bot trying to approve the same MR again.