When you refer a dependent package in your cargo.toml, your cargo.lock contains packages that the packages you referred in cargo.toml depends upon. I am calling here dependent of dependent package.
My question here is, how you can update these dependent of dependent packages, as these are not referred directly in your cargo.toml and it is also not advisible to update your cargo.lock directly.
To clarify my question further, let me give one example package that is referred in my cargo.locl that I wanted to update.
Dependent of dependent packate name: h2
Curent version in my cargo.loc = 0.3.12
Desired version: 0.3.18
Reason for update: Security vulanribiity
Let me share here the relevant portion of my cargo.lock file as well:
name = "h2"
version = "0.3.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "17f8a914c2987b688368b5138aa05321db91f4090cf26118185672ad588bce21"
dependencies = [