chore(deps): update dependency decimal to v3

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
decimal (source)	dev	major	~> 2.0 → ~> 3.0

---

Release Notes

ericmj/decimal (decimal)

v3.1.1

Compare Source

Bug fixes

• Fix Decimal.parse/2 and Decimal.new/2 rejecting inspect output for
  values at the context's full precision with negative exponents (e.g.
  Decimal.new("0.3162277660168379331998893544432719")). The
  :max_digits limit no longer counts non-significant leading zeros.

v3.1.0

Compare Source

Enhancements

• Decimal.new/2 now accepts an optional opts keyword list and
  forwards it to Decimal.parse/2, allowing callers to override
  :max_digits and :max_exponent when constructing a decimal from
  a string.

Bug fixes

• Fix infinite loop in Decimal.to_integer/1 when the coefficient is
  zero and the exponent is negative (e.g. Decimal.new("0.0")). Such
  values now correctly convert to the integer 0.

v3.0.0

Compare Source

Note on the new defaults

The new decimal128 defaults are more than sufficient for currency and
other real-world numeric use cases. With precision: 34 and a scale of
2 (two digits after the decimal point for cents), values from 0.00 up
to roughly 99_999_999_999_999_999_999_999_999_999_999.99 (~10³², 100
nonillion) round-trip without rounding. Most upgrades from 2.x require
no code changes.

Security

• Make the v2.4.0 mitigations for CVE-2026-32686 the default. The
  default Decimal.Context and the public parse, cast, and to_string
  functions now follow IEEE 754 decimal128 limits, rejecting inputs
  such as 1e1000000000 without materializing them.

Breaking changes

• Decimal.Context defaults change from precision 28 and unbounded
  emax/emin to decimal128 values: precision: 34, emax: 6_144,
  emin: -6_143. Operation results whose adjusted exponent leaves that
  band signal overflow or underflow.
• Decimal.parse/1 and Decimal.cast/1 reject inputs whose digit count
  exceeds 34 (decimal128 precision) or whose absolute exponent exceeds
  6_144 (decimal128 emax). Use parse/2 / cast/2 with
  max_digits: :infinity and max_exponent: :infinity to restore
  unbounded behavior.
• Decimal.parse/2 and Decimal.cast/2 default :max_digits to 34
  and :max_exponent to 6_144 when not specified.
• Decimal.to_string/2 and Decimal.to_string/3 raise ArgumentError
  when the rendered output would exceed 6_178 digit characters
  (precision + emax — the worst-case :normal width of any in-range
  decimal128 value). Inspect, String.Chars, and JSON.Encoder
  protocol implementations pass max_digits: :infinity so debug output
  always succeeds.

v2.4.1

Compare Source

Bug fixes

• Fix infinite loop in Decimal.to_integer/1 when the coefficient is
  zero and the exponent is negative (e.g. Decimal.new("0.0")). Such
  values now correctly convert to the integer 0.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: instrumentation/opentelemetry_xandra/mix.lock

Command failed: mix deps.update decimal
** (Mix) Hex dependency resolution failed

[yordis]

we need upstream to be upgraded ASAP