chore(deps): bump tokio from 1.52.1 to 1.52.2

[dependabot]

Bumps tokio from 1.52.1 to 1.52.2.

Release notes

Sourced from tokio's releases.

Tokio v1.52.2

1.52.2 (May 4th, 2026)

This release reverts the LIFO slot stealing change introduced in 1.51.0 (#7431), due to [its performance impact]#8065. (#8100)

#7431: tokio-rs/tokio#7431 #8065: tokio-rs/tokio#8065 #8100: tokio-rs/tokio#8100

Commits

• 4abe9d7 chore: prepare Tokio v1.52.2 (#8115)
• f82bcf3 Merge 'tokio-1.51.2' into 'tokio-1.52.x' (#8114)
• 7db9bc4 test: revert "remove churn() task from lifo_stealable" (#8114)
• 64834ec chore: prepare Tokio v1.51.2 (#8113)
• 967f571 runtime: revert "steal tasks from the LIFO slot" (#8100)
• 9271e3e Merge tokio-1.51.x (for #8101) into tokio-1.52.x (#8106)
• cd1823f Revert "Pin stable to 1.94 for tokio-1.51.x" (#8106)
• a97cf12 Merge tokio-1.47.x (commit 670a907c55c7) into tokio-1.51.x (#8105)
• bde3f20 Pin stable to 1.94 for tokio-1.51.x (#8105)
• 670a907 ci: fix CI on tokio-1.47.x (#8101)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: rust. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[codeant-ai]

Skipping PR review because a bot author is detected.

If you want to trigger CodeAnt AI, comment @codeant-ai review to trigger a manual review.

[kilo-code-bot]

Code Review Summary

Status: Bumps tokio to 1.52.2 but introduces critical windows-sys downgrade | Recommendation: Request Changes

Overview

Severity	Count
CRITICAL	1
WARNING	0
SUGGESTION	1

Issue Details (click to expand)

CRITICAL

File	Line	Issue
Cargo.lock	510, 1553, 1610, 1878, 2442	Downgrade of windows-sys from 0.61.2 to 0.52.0 across multiple transitive dependencies, potentially reintroducing security vulnerabilities fixed in later versions.

SUGGESTION

File	Line	Issue
Cargo.toml	36	Commit message states "bump tokio from 1.52.1 to 1.52.2" but the Cargo.toml constraint was also updated from 1.39 to 1.52. Consider updating the commit message to accurately reflect this broader version range change.

Other Observations (not in diff)

• Ensure quality gates pass before merge: cargo fmt, cargo clippy --workspace -- -D warnings, and cargo test --workspace.
• Investigate the root cause of the windows-sys downgrade and ensure a secure version (>=0.61.2) is used or adjust dependencies accordingly.

Files Reviewed (2 files)

• Cargo.toml (1 suggestion)
• Cargo.lock (1 critical)

---

_{Reviewed by step-3.5-flash · 979,044 tokens}

[dependabot]

Superseded by #60.