Why serde version in Cargo.lock is not the same as in Cargo.toml

I have following dependencies in Cargo.toml:

serde = { version = "1.0.164", features = ["derive", "rc"] }
serde_json = { version = "1.0.85", default-features = false, features = ["preserve_order", "unbounded_depth"] }

but after "cargo build", the serde version is not 1.0.164, it's the newest version:
name = "serde"
version = "1.0.204"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12"
dependencies = [

I don't know why and can't find any paper for it.

By default, Cargo uses caret dependencies, that is, "any semver-compatible version higher or equal with this". If you need for some reason to pin the exact version, you need to specify it as "=x.y.z".


If you are writing a library, it is highly discouraged to pin versions. Doing so will make it impossible to use your crate together with another crate that needs a more recent, but semver compatible, version. And the user will get a pretty confusing error message when that happens.


cargo update -p serde --precise 1.0.164 will give you the specific version.

Cargo.lock is used to store exact versions. Cargo.toml specifies minimum versions, and they are updated to latest compatible when possible.


thanks for your answers.