How to Keep Rust Dependencies Up to Date

Use `cargo update` to refresh your `Cargo.lock` file with the latest compatible versions of your dependencies, and run `cargo outdated` to see exactly what can be upgraded.

Use cargo update to refresh your Cargo.lock file with the latest compatible versions of your dependencies, and run cargo outdated to see exactly what can be upgraded. For a more aggressive approach that updates all dependencies to their absolute latest versions regardless of semver constraints, use cargo update --aggressive.

The standard workflow involves running cargo update in your project root. This command checks the Cargo.toml for version constraints (e.g., ^1.0) and updates the Cargo.lock to the highest version satisfying those constraints. It does not modify Cargo.toml itself. If you need to see a detailed list of outdated packages before updating, the cargo-outdated plugin is the industry standard tool.

First, install the helper tool if you haven't already:

cargo install cargo-outdated

Then, run it to see a table of current vs. latest versions:

cargo outdated

This output shows you which crates are behind and whether newer versions are available within your specified constraints.

Once you've reviewed the list, apply the updates:

# Update all dependencies to the latest compatible versions
cargo update

# Update a specific crate only
cargo update -p serde

If you are maintaining a library and want to ensure you are tracking the absolute latest versions of transitive dependencies (even if it means breaking changes), you can use the --aggressive flag. This forces Cargo to ignore semver constraints in Cargo.toml and pull the latest available versions from crates.io. Use this with caution, as it may introduce breaking changes:

cargo update --aggressive

After updating, always run your test suite immediately to catch any breaking changes or API shifts:

cargo test

For CI/CD pipelines, it is best practice to pin your Cargo.lock file in version control and update it periodically (e.g., weekly or monthly) rather than on every commit. This prevents unexpected build failures caused by upstream changes. If you need to update a specific dependency to a version that exceeds your Cargo.toml constraints, you must manually edit Cargo.toml to relax the version requirement (e.g., changing =1.2.0 to ^1.0) before running cargo update.

Keeping Rust dependencies up to date checks the internet for newer versions of your project's external libraries and updates your local list to match. Think of it like checking for app updates on your phone to get new features or bug fixes. You run this whenever you want to ensure your project uses the most recent, stable versions of its tools.