chore(deps): bump the all-dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the all-dependencies group with 8 updates in the / directory:

Package	From	To
async-graphql	8.0.0-rc.3	8.0.0-rc.4
cached	0.56.0	0.58.0
chrono	0.4.43	0.4.44
tracing-subscriber	0.3.22	0.3.23
opentelemetry-otlp	0.31.0	0.31.1
strum	0.27.2	0.28.0
lalrpop-util	0.23.0	0.23.1
lalrpop	0.23.0	0.23.1

Updates async-graphql from 8.0.0-rc.3 to 8.0.0-rc.4

Changelog

Sourced from async-graphql's changelog.

[8.0.0-rc.4] 2026-03-08

• Fix MergedObject/MergedSubscription exceeding compiler recursion limit with 130+ merged types by using balanced binary tree instead of linear chain #1813
• Replace deprecated actix-web-actors with actix-ws in the Actix integration #1811
• Fix InputObject with generics failing to compile when using name_type attribute #1812
• feat: Adds flatten support for generic type params in InputObject #1804

Commits

• See full diff in compare view

Updates cached from 0.56.0 to 0.58.0

Changelog

Sourced from cached's changelog.

[0.58.0]

Added

• Add redis_async_cache feature for Redis client-side caching support via the RESP3 protocol

Changed

• Update redis to 1.0

Removed

[0.57.0 / [cached_proc_macro[0.26.0]]]

Added

• Add parking_lot dependency

Changed

• Switch to parking_lot's Mutex and RwLock in all macros.
• Remove unwrap() calls from lock operations.

Removed

Commits

• See full diff in compare view

Updates chrono from 0.4.43 to 0.4.44

Release notes

Sourced from chrono's releases.

0.4.44

What's Changed

• docs: match MSRV with Cargo.toml contents by @​coryan in chronotope/chrono#1772
• Add track_caller to non-deprecated functions by @​svix-jplatte in chronotope/chrono#1774

Commits

• c14b459 Bump version to 0.4.44
• ea832c5 Add track_caller to non-deprecated functions
• cfae889 Fix panic message in to_rfc2822
• f8900b5 docs: match MSRV with Cargo.toml contents
• See full diff in compare view

Updates tracing-subscriber from 0.3.22 to 0.3.23

Release notes

Sourced from tracing-subscriber's releases.

tracing-subscriber 0.3.23

Fixed

• Allow ansi sanitization to be disabled (#3484)

#3484: tokio-rs/tracing#3484

Commits

• 54ede4d chore: prepare tracing-subscriber 0.3.23 (#3490)
• 37558d5 subscriber: allow ansi sanitization to be disabled (#3484)
• efc690f core: add missing const (#3449)
• 0c32367 core: Use const initializers instead of once_cell
• 9feb241 docs: add arcswap reload crate to related (#3442)
• 2d55f6f chore: prepare tracing 0.1.44 (#3439)
• 10a9e83 chore: prepare tracing-core 0.1.36 (#3440)
• ee82cf9 tracing: fix record_all panic (#3432)
• 9978c36 chore: prepare tracing-mock 0.1.0-beta.3 (#3429)
• See full diff in compare view

Updates opentelemetry-otlp from 0.31.0 to 0.31.1

Release notes

Sourced from opentelemetry-otlp's releases.

opentelemetry-otlp 0.31.1

What's Changed

• feat(OTLP): add tls-ring, tls-aws-lc, and tls-provider-agnostic feature flags [patch release v0.31.1] by @​lalitb in open-telemetry/opentelemetry-rust#3426

Full Changelog: open-telemetry/opentelemetry-rust@v0.31.0...opentelemetry-otlp-0.31.1

Commits

• febe718 feat(OTLP): add tls-ring, tls-aws-lc, and tls-provider-agnostic feature flags...
• See full diff in compare view

Updates strum from 0.27.2 to 0.28.0

Changelog

Sourced from strum's changelog.

0.28.0

• #461: Allow any kind of passthrough attributes on EnumDiscriminants.

  • Previously only list-style attributes (e.g. #[strum_discriminants(derive(...))]) were supported. Now path-only (e.g. #[strum_discriminants(non_exhaustive)]) and name/value (e.g. #[strum_discriminants(doc = "foo")]) attributes are also supported.

• #462: Add missing #[automatically_derived] to generated impls not covered by #444.

• #466: Bump MSRV to 1.71, required to keep up with updated syn and windows-sys dependencies. This is a breaking change if you're on an old version of rust.

• #469: Use absolute paths in generated proc macro code to avoid potential name conflicts.

• #465: Upgrade phf dependency to v0.13.

• #473: Fix cargo fmt / clippy issues and add GitHub Actions CI.

• #477: strum::ParseError now implements core::fmt::Display instead std::fmt::Display to make it #[no_std] compatible. Note the Error trait wasn't available in core until 1.81 so strum::ParseError still only implements that in std.

• #476: Breaking Change - EnumString now implements From<&str> (infallible) instead of TryFrom<&str> when the enum has a #[strum(default)] variant. This more accurately reflects that parsing cannot fail in that case. If you need the old TryFrom behavior, you can opt back in using parse_error_ty and parse_error_fn:

  #[derive(EnumString)]
  #[strum(parse_error_ty = strum::ParseError, parse_error_fn = make_error)]
  pub enum Color {
      Red,
      #[strum(default)]
      Other(String),
  }
  fn make_error(x: &str) -> strum::ParseError {
  strum::ParseError::VariantNotFound
  }

• #431: Fix bug where EnumString ignored the parse_err_ty attribute when the enum had a #[strum(default)] variant.

• #474: EnumDiscriminants will now copy default over from the original enum to the Discriminant enum.

  #[derive(Debug, Default, EnumDiscriminants)]
  #[strum_discriminants(derive(Default))] // <- Remove this in 0.28.
  enum MyEnum {
      #[default] // <- Will be the #[default] on the MyEnumDiscriminant
      #[strum_discriminants(default)] // <- Remove this in 0.28
      Variant0,
      Variant1 { a: NonDefault },
  }

... (truncated)

Commits

• 7376771 Peternator7/0.28 (#475)
• 26e63cd Display exists in core (#477)
• 9334c72 Make TryFrom and FromStr infallible if there's a default (#476)
• 0ccbbf8 Honor parse_err_ty attribute when the enum has a default variant (#431)
• 2c9e5a9 Automatically add Default implementation to EnumDiscriminant if it exists on ...
• e241243 Fix existing cargo fmt + clippy issues and add GH actions (#473)
• 639b67f feat: allow any kind of passthrough attributes on EnumDiscriminants (#461)
• 0ea1e2d docs: Fix typo (#463)
• 36c051b Upgrade phf to v0.13 (#465)
• 9328b38 Use absolute paths in proc macro (#469)
• Additional commits viewable in compare view

Updates lalrpop-util from 0.23.0 to 0.23.1

Changelog

Sourced from lalrpop-util's changelog.

0.23.1 (2026-03-11)

Bigfixes

• Fix bug where windows paths were used based on target OS rather than host OS, breaking cross compile scenarios

Commits

• f67f874 Bump versions and add changelog for 0.23.1 (#1119)
• ca69c50 Update to big-set 0.9 (#1120)
• 24cbd36 Handle windows path separators based on build os, not target (#1117)
• 5a43646 Switch sort_by() to sort_by_key() (#1118)
• c80c41a Update to rand 0.10 (#1112)
• See full diff in compare view

Updates lalrpop from 0.23.0 to 0.23.1

Changelog

Sourced from lalrpop's changelog.

0.23.1 (2026-03-11)

Bigfixes

• Fix bug where windows paths were used based on target OS rather than host OS, breaking cross compile scenarios

Commits

• f67f874 Bump versions and add changelog for 0.23.1 (#1119)
• ca69c50 Update to big-set 0.9 (#1120)
• 24cbd36 Handle windows path separators based on build os, not target (#1117)
• 5a43646 Switch sort_by() to sort_by_key() (#1118)
• c80c41a Update to rand 0.10 (#1112)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

---

Note

Medium Risk
This is a dependency-only update but touches core runtime libraries (GraphQL, caching, tracing/OTLP, and parsing), which can introduce subtle compile/runtime behavior changes despite no application code changes.

Overview
Updates workspace dependency versions in Cargo.toml and refreshes Cargo.lock, bumping async-graphql to 8.0.0-rc.4, cached to 0.58, chrono to 0.4.44, tracing-subscriber to 0.3.23, opentelemetry-otlp to 0.31.1, strum to 0.28, and lalrpop/lalrpop-util to 0.23.1.

Lockfile changes include associated transitive updates (e.g., bit-set/bit-vec to 0.9.1, hashbrown to 0.16.1, and additional cached deps like parking_lot) and some windows-sys version shifts.

^{Written by Cursor Bugbot for commit 0a17067. This will update automatically on new commits. Configure here.}

[github-actions]

📊 Performance Report

Commit: 0a17067
Updated: 2026-03-26 21:06:08 UTC

Cala Performance Benchmark Results (non-representative)

Criterion Benchmark Results (single-threaded)

Benchmark	Time per Run	Throughput	% vs Baseline
post_simple_transaction	6.215ms	160 tx/s	0 (baseline)
post_multi_layer_transaction	7.045ms	141 tx/s	-13.0%
post_simple_transaction_with_effective_balances	8.403ms	119 tx/s	-35.0%
post_simple_transaction_with_skipped_velocity	5.976ms	167 tx/s	+3.0%
post_simple_transaction_with_velocity	9.734ms	102 tx/s	-56.0%
post_simple_transaction_with_hit_velocity	3.818ms	261 tx/s	+38.0%
post_simple_transaction_with_one_account_set	6.605ms	151 tx/s	-6.0%
post_simple_transaction_with_five_account_sets	7.528ms	132 tx/s	-21.0%

Load Testing Results (parallel-execution)

Scenario	tx/s
1 parallel	98.17
2 parallel	133.09
5 parallel	172.39
10 parallel	174.59
20 parallel	173.22
2 contention	129.74
5 contention	149.41
2 acct_sets	121.35
5 acct_sets	134.09

---

Note: Performance results may vary based on system resources and database state.

Last updated by commit 0a17067