Run cargo update to refresh the Cargo.lock file with the latest compatible versions of your dependencies, or use cargo update -p <package> to target a specific crate. If you need to upgrade a dependency to a version that requires changing your Cargo.toml version constraints, update the constraint first and then run cargo update to resolve the new versions.
For a full project refresh, simply execute:
cargo update
This command scans your Cargo.lock against the versions allowed in Cargo.toml and updates the lock file to the newest available versions that satisfy those constraints. It does not automatically change your Cargo.toml files; it only updates the resolved versions in the lock file.
To update a single dependency, specify the package name:
cargo update -p serde
This is useful when you want to avoid a full dependency tree re-resolution or need to test a specific update in isolation. If you need to force an update to a version that is currently blocked by your Cargo.toml constraints (e.g., moving from 1.0 to 2.0), you must first edit Cargo.toml to allow the new version range, then run cargo update.
# Cargo.toml
[dependencies]
# Change this constraint to allow the new major version
serde = "2.0"
After modifying Cargo.toml, run cargo update again to apply the changes. If you encounter breaking changes, cargo check or cargo build will fail, requiring you to update your code to match the new API.
Note that cargo update does not update the Cargo.lock file if your Cargo.toml constraints are already satisfied by the current locked versions. To force a re-evaluation even if versions haven't changed, you can delete Cargo.lock and run cargo update, though this is rarely necessary unless you suspect the lock file is corrupted or you are switching branches.
For development workflows, it is common to run cargo update before committing to ensure you are using the latest patch versions of dependencies, which often contain security fixes. However, in production environments, you might prefer to pin specific versions in Cargo.lock to ensure reproducibility, only updating dependencies after thorough testing.
If you need to see what versions are available without updating, use cargo search <package> or check the crate's page on crates.io. The cargo outdated command (from the cargo-outdated plugin) is also helpful for listing all dependencies that have newer versions available, giving you a clear overview before deciding what to update.
# Install the helper tool if you don't have it
cargo install cargo-outdated
# List outdated dependencies
cargo outdated
This approach keeps your dependency management explicit and controlled, preventing unexpected breakages while ensuring you benefit from upstream improvements.