I'm pretty sure I'm using it wrong, but in my case Cargo doesn't respect the version numbers of dependencies that I have specified. My cargo.toml specifies Rocket v0.3.4 and Cargo still uses v0.3.5 (which is the latest).
The next question is, why do you need to have 0.3.4? The reason for Cargo defaulting to this behavior is that with semver, patchlevel upgrades should be compatible. Is Rocket breaking compatibility in patch versions?
There is a bug is Rocket (not exactly in Rocket, but in one of its
dependencies) that I later found out was due to nightly breakage. I was
trying to see whether it existed in other versions.