tiflash-proxy-next-gen: support encryption key rotation

[hbisheng]

What problem does this PR solve?

Issue Number: ref #10222

Problem Summary:

What is changed and how it works?

Bump tiflash-proxy-next-gen to the latest head of origin/tiflash-proxy-next-gen-9.0.
    
This keeps TiFlash compatible with encryption config changes such as enabling CMEK or rotating data keys.

Check List

Tests

• Unit test
• Integration test
• Manual test (add detailed scripts or steps below)
  • Tested on a local cluster. Created a table and bound it to TiFlash, then ran workload and enabled CMEK. Verified that TiFlash replication was healthy.
• No code

Side effects

• Performance regression: Consumes more CPU
• Performance regression: Consumes more Memory
• Breaking backward compatibility

Documentation

• Affects user behaviors
• Contains syntax changes
• Contains variable changes
• Contains experimental features
• Changes MySQL compatibility

Release note

None

Summary by CodeRabbit

• Chores
  • Updated internal dependencies to maintain system stability and compatibility.

[ti-chi-bot]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request updates the submodule pointer for contrib/tiflash-proxy-next-gen to a newer commit hash. This is a single-line change affecting the submodule reference without modifying any functional code.

Changes

Cohort / File(s)	Summary
Submodule Update contrib/tiflash-proxy-next-gen	Pointer updated from commit c013b172 to 10e55dcd; submodule reference change only.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• tiflash-proxy-next-gen: bump for CMEK encrypted data #10646: Updates the same contrib/tiflash-proxy-next-gen submodule, pinning it to the previous commit that this PR moves away from.

Suggested reviewers

• CalvinNeo
• JinheLin

Poem

🐰 A tiny hop to the next commit we go,
Proxy-next-gen dancing with the git flow,
One line shifts left, one line shifts right,
Submodules gleaming in the starlight! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main change: updating tiflash-proxy-next-gen to support encryption key rotation, which matches the commit message and PR objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The PR description follows the required template with all major sections populated, including problem statement, changes explanation, test checklist with selections, and release note.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@contrib/tiflash-proxy-next-gen`:
- Line 1: The submodule gitlink was updated to commit
10e55dcd0867f44cc3503b2f23f477a034c37840 for contrib/tiflash-proxy-next-gen;
locally fetch and checkout that commit in the submodule, inspect the changes
(look for CMEK/key-rotation-related files and symbols such as any
kms/keyRotation functions or config keys), run the submodule's unit/integration
checks if available, and confirm the upstream repository's CI passed for that
commit (or obtain CI logs) before merging; if the commit is missing the expected
CMEK/key-rotation changes or CI failures appear, revert the gitlink update and
request the correct upstream commit.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 19842147-b980-4fde-a74a-cee23f793764

📥 Commits

Reviewing files that changed from the base of the PR and between 661e9b5 and e74be0c.

📒 Files selected for processing (1)

• contrib/tiflash-proxy-next-gen

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JaySon-Huang, JinheLin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [JaySon-Huang,JinheLin]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ti-chi-bot]

[LGTM Timeline notifier]

Timeline:

• 2026-03-05 01:33:16.089983543 +0000 UTC m=+408240.668062737: ☑️ agreed by JaySon-Huang.
• 2026-03-05 01:51:17.262213737 +0000 UTC m=+409321.840292930: ☑️ agreed by JinheLin.