Pin contrib v1.11.3, add docs for RabbitMQ memory leak (#6577)

* Pin contrib v1.11.3, add docs for RabbitMQ memory leak
Signed-off-by: NBernd Verst <github@bernd.dev>

* Replace unlicensed indirect dependencies
Signed-off-by: NBernd Verst <github@bernd.dev>

* Update v1.11.1.md

* Update v1.11.1.md

---------
Signed-off-by: NBernd Verst <github@bernd.dev>
Co-authored-by: NArtur Souza <asouza.pro@gmail.com>

docs/release_notes/v1.11.1.md

 # Dapr 1.11.1
 
-This hotfix release contains 6 bug fixes.
+This hotfix release contains 7 bug fixes.
 
   - [Fixed an issue with Service Invocation on Kubernetes clusters with the permission enforcement admission controller enabled.](#fixed-an-issue-with-service-invocation-on-kubernetes-clusters-with-the-permission-enforcement-admission-controller-enabled)
   - [Fixed a Goroutine leak in Actor reminders and timers.](#fixed-a-goroutine-leak-in-actor-reminders-and-timers)
   - [MongoDB Actor State Store: Fixed an issue with storing Actor Reminders](#mongodb-actor-state-store--fixed-an-issue-with-storing-actor-reminders)
   - [Fixed Dapr being unable to obtain the authentication token when using Managed Identity inside Azure App Service](#fixed-dapr-being-unable-to-obtain-the-authentication-token-when-using-managed-identity-inside-azure-app-service)
   - [Fixed a problem where keys could not be overwritten once set in Microsoft SQL Server (and Azure SQL)](#fixed-a-problem-where-keys-could-not-be-overwritten-once-set-in-microsoft-sql-server--and-azure-sql-)
-  - [Fixed issue with Azure Service Bus binding rejecting messages](#fixed-issue-with-azure-service-bus-binding-rejecting-messages)
+  - [Fixed an issue with the Azure Service Bus binding rejecting certain messages with custom properties](#fixed-an-issue-with-the-azure-service-bus-binding-rejecting-certain-messages-with-custom-properties)
+  - [Fixed a potential memory leak in RabbitMQ components](#fixed-a-potential-memory-leak-in-RabbitMQ-components)
 
 ## Fixed an issue with Service Invocation on Kubernetes clusters with the permission enforcement admission controller enabled.
 
@@ -135,24 +136,40 @@ The runtime code for creating an application channel for non-localhost apps requ
 
 The application port validation was removed.
 
-## Fixed issue with Azure Service Bus binding rejecting messages
+## Fixed an issue with the Azure Service Bus binding rejecting certain messages with custom properties
 
 ### Problem
 
-The following error message is logged by Daprd when using the Azure Service Bus binding, and the message will not be sent to the application.
+Azure Service Bus users who send custom metadata properties (Application Properties) which are not URL safe encounter the following error message in the Daprd logs when using the Azure Service Bus binding, and the message will not be sent to the application:
 
 "App handler returned an error for message xxx on queue xxx: error invoking app: Post "http://127.0.0.1:80/xxx": net/http: invalid header field name"
 
 ### Impact
 
-Since v1.10.4, applications would not receive messages from Azure Service Bus bindings.
+Applications will not receive messages from Azure Service Bus bindings if these messages contain custom attributes that are not URL safe.
 
 ### Root cause
 
-Azure Service Bus supports storing Application Proprieties which are not URL
-safe.
+Azure Service Bus supports storing custom metadata properties, Application Properties, but does not require these to be URL safe. Dapr incorrectly treated these attributes as URL safe.
 
 ### Solution
 
-Daprd encodes metadata headers before sending messages to applications, so that
-all data is URL safe.
+Daprd encodes Azure Service Bus Application Properties before sending messages to applications, so that all data is URL safe.
+
+##  Fixed a potential memory leak in RabbitMQ components
+
+#### Problem
+
+Use of the RabbitMQ components could result in a memory leak under certain circumstances.
+
+### Impact
+
+Applications may run out of memory when using the RabbitMQ components.
+
+### Root cause
+
+The `rabbitmq/amqp091-go` library used by the Dapr RabbitMQ components introduced a memory leak in version v1.7.0. See https://github.com/rabbitmq/amqp091-go/issues/179 for details.
+
+### Solution
+
+We upgraded the library to version v1.8.1. The memory leak was fixed as of version v1.8.0.

go.mod

@@ -9,7 +9,7 @@ require (
 	github.com/PuerkitoBio/purell v1.2.0
 	github.com/argoproj/argo-rollouts v1.4.1
 	github.com/cenkalti/backoff/v4 v4.2.1
-	github.com/dapr/components-contrib v1.11.2
+	github.com/dapr/components-contrib v1.11.3
 	github.com/dapr/kit v0.11.3
 	github.com/evanphx/json-patch/v5 v5.6.0
 	github.com/fasthttp/router v1.4.18
@@ -327,7 +327,7 @@ require (
 	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
 	github.com/prometheus/statsd_exporter v0.22.7 // indirect
-	github.com/rabbitmq/amqp091-go v1.7.0 // indirect
+	github.com/rabbitmq/amqp091-go v1.8.1 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/rs/zerolog v1.28.0 // indirect
@@ -425,13 +425,18 @@ require (
 replace (
 	// this is a fork which addresses a performance issues due to go routines
 	dubbo.apache.org/dubbo-go/v3 => dubbo.apache.org/dubbo-go/v3 v3.0.3-0.20230118042253-4f159a2b38f3
-	// the following lines are necessary to update to commits with proper licenses
-	github.com/chzyer/logex => github.com/chzyer/logex v1.2.1
 
-	github.com/toolkits/concurrent => github.com/niean/gotools v0.0.0-20151221085310-ff3f51fc5c60
 	gopkg.in/couchbaselabs/gocbconnstr.v1 => github.com/couchbaselabs/gocbconnstr v1.0.5
 )
 
+// the following lines are necessary to update to commits with proper licenses
+replace (
+	github.com/chenzhuoyu/iasm => github.com/chenzhuoyu/iasm v0.9.0
+	github.com/chzyer/logex => github.com/chzyer/logex v1.2.1
+	github.com/gobwas/pool => github.com/gobwas/pool v0.2.1
+	github.com/toolkits/concurrent => github.com/niean/gotools v0.0.0-20151221085310-ff3f51fc5c60
+)
+
 // update retracted indirect dependencies if necessary
 // check for retracted versions: go list -mod=mod -f '{{if .Retracted}}{{.}}{{end}}' -u -m all
 replace github.com/microcosm-cc/bluemonday => github.com/microcosm-cc/bluemonday v1.0.24

go.sum

@@ -324,8 +324,8 @@ github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chebyrash/promise v0.0.0-20220530143319-1123826567d6 h1:AtcTeZIfucJjiqhIeMoOAR292ti2QOyo2aqN3SoWopo=
 github.com/chebyrash/promise v0.0.0-20220530143319-1123826567d6/go.mod h1:4DRxP3p0R7/5msq1uKcI1THYmfWgFXxQqr0DutaIAEk=
-github.com/chenzhuoyu/iasm v0.0.0-20230222070914-0b1b64b0e762 h1:4+00EOUb1t9uxAbgY8VvgfKJKDpim3co4MqsAbelIbs=
-github.com/chenzhuoyu/iasm v0.0.0-20230222070914-0b1b64b0e762/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLIrkAmYog=
+github.com/chenzhuoyu/iasm v0.9.0 h1:9fhXjVzq5hUy2gkhhgHl95zG2cEAhw9OSGs8toWWAwo=
+github.com/chenzhuoyu/iasm v0.9.0/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLIrkAmYog=
 github.com/choleraehyq/pid v0.0.16 h1:1/714sMH9IBlE/aK6xM0acTagGKSzpiR0bDt7l0cG7o=
 github.com/choleraehyq/pid v0.0.16/go.mod h1:uhzeFgxJZWQsZulelVQZwdASxQ9TIPZYL4TPkQMtL/U=
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
@@ -401,8 +401,8 @@ github.com/dancannon/gorethink v4.0.0+incompatible h1:KFV7Gha3AuqT+gr0B/eKvGhbjm
 github.com/dancannon/gorethink v4.0.0+incompatible/go.mod h1:BLvkat9KmZc1efyYwhz3WnybhRZtgF1K929FD8z1avU=
 github.com/danieljoos/wincred v1.1.2 h1:QLdCxFs1/Yl4zduvBdcHB8goaYk9RARS2SgLLRuAyr0=
 github.com/danieljoos/wincred v1.1.2/go.mod h1:GijpziifJoIBfYh+S7BbkdUTU4LfM+QnGqR5Vl2tAx0=
-github.com/dapr/components-contrib v1.11.2 h1:Ekf2cDUYoC/IfRpfdHVbIb+kOK9T3pFAO+QCoAK8Uro=
-github.com/dapr/components-contrib v1.11.2/go.mod h1:prx2ATX6wFnR6Cp1xXGW3J9s5Gyz9AtOrG0xBf7QnHI=
+github.com/dapr/components-contrib v1.11.3 h1:sOuatQ900JVgMdvdLbI2OX0nBqFuUma2oFl2kk4GwJ8=
+github.com/dapr/components-contrib v1.11.3/go.mod h1:brBtlcztHQGPW9tdEt7YWysZ3kJ7fTjxAiDz/YkWb44=
 github.com/dapr/kit v0.11.3 h1:u1X92tE8xsrwXIej7nkcI5Z1t1CFznPwlL18tizNEw4=
 github.com/dapr/kit v0.11.3/go.mod h1:hQA6xOhcLAiccXTj7e3/bzpHwvAJCSCp70p2xg3jB40=
 github.com/dave/jennifer v1.4.0/go.mod h1:fIb+770HOpJ2fmN9EPPKOqm1vMGhB+TwXKMZhrIygKg=
@@ -1358,8 +1358,8 @@ github.com/prometheus/statsd_exporter v0.21.0/go.mod h1:rbT83sZq2V+p73lHhPZfMc3M
 github.com/prometheus/statsd_exporter v0.22.7 h1:7Pji/i2GuhK6Lu7DHrtTkFmNBCudCPT1pX2CziuyQR0=
 github.com/prometheus/statsd_exporter v0.22.7/go.mod h1:N/TevpjkIh9ccs6nuzY3jQn9dFqnUakOjnEuMPJJJnI=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/rabbitmq/amqp091-go v1.7.0 h1:V5CF5qPem5OGSnEo8BoSbsDGwejg6VUJsKEdneaoTUo=
-github.com/rabbitmq/amqp091-go v1.7.0/go.mod h1:wfClAtY0C7bOHxd3GjmF26jEHn+rR/0B3+YV+Vn9/NI=
+github.com/rabbitmq/amqp091-go v1.8.1 h1:RejT1SBUim5doqcL6s7iN6SBmsQqyTgXb1xMlH0h1hA=
+github.com/rabbitmq/amqp091-go v1.8.1/go.mod h1:+jPrT9iY2eLjRaMSRHUhc3z14E/l85kv/f+6luSD3pc=
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM=
 github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
@@ -1656,8 +1656,8 @@ go.uber.org/automaxprocs v1.5.2/go.mod h1:eRbA25aqJrxAbsLO0xy5jVwPt7FQnRgjW+efnw
 go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
 go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
-go.uber.org/goleak v1.2.0/go.mod h1:XJYK+MuIchqpmGmUSAzotztawfKvYLUIgg7guXrwVUo=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
+go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
 go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=