release-23.1: go.mod: cherry-pick etcd-io/raft#32

[pav-kv]

This dependency upgrade includes a patched PR 32 from etcd-io/raft which fixes an out-of-memory scenario during election with large unapplied Raft logs.

Part of #104402
Epic: none
Release note (bug fix): Fixed a bug in upstream etcd-io/raft which could result in pulling unlimited amount of log into memory, and lead to out-of-memory situations. With the fix, the log scan has a limited memory footprint.
Release justification: fixing a bug after a customer escalation

[blathers-crl]

Thanks for opening a backport.

Please check the backport criteria before merging:

• Patches should only be created for serious issues or test-only changes.
• Patches should not break backwards-compatibility.
• Patches should change as little code as possible.
• Patches should not change on-disk formats or node communication protocols.
• Patches should not add new functionality.
• Patches must not add, edit, or otherwise modify cluster versions; or add version gates.

If some of the basic criteria cannot be satisfied, ensure that the exceptional criteria are satisfied within.

• There is a high priority need for the functionality that cannot wait until the next release and is difficult to address in another way.
• The new functionality is additive-only and only runs for clusters which have specifically “opted in” to it (e.g. by a cluster setting).
• New code is protected by a conditional check that is trivial to verify and ensures that it only runs for opt-in clusters.
• The PM and TL on the team that owns the changed code have signed off that the change obeys the above rules.

Add a brief release justification to the body of your PR to justify this backport.

Some other things to consider:

• What did we do to ensure that a user that doesn’t know & care about this backport, has no idea that it happened?
• Will this work in a cluster of mixed patch versions? Did we test that?
• If a user upgrades a patch version, uses this feature, and then downgrades, what happens?

[cockroach-teamcity]

This change is 

[tbg]

The code looks good, but the commit is not from our fork's release-23.1 branch. Could you switch to that branch, cherry-pick the commit, and then bump to the resulting SHA? That way there won't be danger of someone putting the next cherry-pick on the correct branch and updating, which would drop this fix again.

[pav-kv]

@tbg I was intending to bump the crdb-release-23.1 SHA after merging this PR (or at a point when it's clear that it can be merged). This way the branch won't be pointing at a "maybe broken" state optimistically.

That way there won't be danger of someone putting the next cherry-pick on the correct branch and updating, which would drop this fix again.

This shouldn't happen (at least blindly). If we have concurrent dep upgrades, both will update the SHA in go.mod and conflict, so one will need to be rebased. While doing so, hopefully the rebasing person (and their reviewer) will realize that the base SHA has been updated, so they need to rebase the cherry-pick in the fork accordingly.

Could you switch to that branch, cherry-pick the commit, and then bump to the resulting SHA?

That's what I did, except the last step (yet).

The alternative "optimistic" approach that you're suggesting has the risk of: we update the SHA for the first cherry-pick, the other person cherry-picks another thing on top of it; but we realize that the first cherry-pick is broken. It's too late to update the crdb-release-23.1 SHA now.

[tbg]

This shouldn't happen (at least blindly). If we have concurrent dep upgrades, both will update the SHA in go.mod

Not concurrent - back to back.

I think you're right though, I was missing that release-23.1 is a fast-forward to cherry-pick-pr-32, so LGTM and please push after the merge.