chore(deps): bump the all-dependencies group with 2 updates

[dependabot]

Bumps the all-dependencies group with 2 updates: tokio and rust_decimal.

Updates tokio from 1.52.1 to 1.52.2

Release notes

Sourced from tokio's releases.

Tokio v1.52.2

1.52.2 (May 4th, 2026)

This release reverts the LIFO slot stealing change introduced in 1.51.0 (#7431), due to [its performance impact]#8065. (#8100)

#7431: tokio-rs/tokio#7431 #8065: tokio-rs/tokio#8065 #8100: tokio-rs/tokio#8100

Commits

• 4abe9d7 chore: prepare Tokio v1.52.2 (#8115)
• f82bcf3 Merge 'tokio-1.51.2' into 'tokio-1.52.x' (#8114)
• 7db9bc4 test: revert "remove churn() task from lifo_stealable" (#8114)
• 64834ec chore: prepare Tokio v1.51.2 (#8113)
• 967f571 runtime: revert "steal tasks from the LIFO slot" (#8100)
• 9271e3e Merge tokio-1.51.x (for #8101) into tokio-1.52.x (#8106)
• cd1823f Revert "Pin stable to 1.94 for tokio-1.51.x" (#8106)
• a97cf12 Merge tokio-1.47.x (commit 670a907c55c7) into tokio-1.51.x (#8105)
• bde3f20 Pin stable to 1.94 for tokio-1.51.x (#8105)
• 670a907 ci: fix CI on tokio-1.47.x (#8101)
• Additional commits viewable in compare view

Updates rust_decimal from 1.41.0 to 1.42.0

Release notes

Sourced from rust_decimal's releases.

1.42.0

What's Changed

• Optimize core arithmetic operations (+, -, *, /) by @​paupino in paupino/rust-decimal#794
• Add a From for decimal by @​rollo-b2c2 in paupino/rust-decimal#725 (backported via paupino/rust-decimal#796)
• Support scientific notation in Decimal::from_str() by @​kofki in paupino/rust-decimal#781 (backported via paupino/rust-decimal#796)
• ci: pin actions by @​robjtede in paupino/rust-decimal#791 (backported via paupino/rust-decimal#796)

Full Changelog: paupino/rust-decimal@1.41.0...1.42.0

Commits

• e34c2bc Version 1.42.0
• 539ef74 ci: pin actions
• d4efaa9 Support scientific notation in Decimal::from_str() (#781)
• db25461 Add a From<UnpackedDecimal> for decimal
• 85ec1bd Optimize core arithmetic operations (+, -, *, /) (#794)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

---

Note

Medium Risk
Upgrades the async runtime (tokio) and decimal math crate (rust_decimal), which can subtly affect concurrency behavior and numeric parsing/operations. Scope is limited to dependency/version changes with no application code modifications.

Overview
Bumps workspace dependencies to tokio 1.52.x (from 1.48) and rust_decimal 1.42 (from 1.41).

Updates Cargo.lock to the resolved versions (tokio 1.52.3, rust_decimal 1.42.0) and their checksums.

^{Reviewed by Cursor Bugbot for commit 52f8674. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

📊 Performance Report

Commit: 52f8674
Updated: 2026-05-14 08:45:29 UTC

Cala Performance Benchmark Results (non-representative)

Criterion Benchmark Results (single-threaded)

Benchmark	Time per Run	Throughput	% vs Baseline
post_simple_transaction	7.094ms	140 tx/s	0 (baseline)
post_and_recalculate_ec_account_set	18.840ms	53 tx/s	-165.0%
post_and_batch_recalculate_ec_account_set	17.380ms	57 tx/s	-144.0%
post_multi_layer_transaction	8.316ms	120 tx/s	-17.0%
post_simple_transaction_with_effective_balances	11.366ms	87 tx/s	-60.0%
post_simple_transaction_with_skipped_velocity	6.671ms	149 tx/s	+5.0%
post_simple_transaction_with_velocity	9.476ms	105 tx/s	-33.0%
post_simple_transaction_with_hit_velocity	4.158ms	240 tx/s	+41.0%
post_simple_transaction_with_one_account_set	7.720ms	129 tx/s	-8.0%
post_simple_transaction_with_five_account_sets	8.257ms	121 tx/s	-16.0%
post_simple_transaction_with_ec_account_set	6.599ms	151 tx/s	+6.0%

Load Testing Results (parallel-execution)

Scenario	tx/s
1 parallel	86.47
2 parallel	121.47
5 parallel	151.05
10 parallel	155.16
20 parallel	153.65
2 contention	118.44
5 contention	135.28
2 acct_sets	111.04
5 acct_sets	122.45

---

Note: Performance results may vary based on system resources and database state.

Last updated by commit 52f8674