update: report error for non-matching package specs with --breaking

When using `cargo update --breaking <spec>`, package specifications
that don't match any upgradeable dependency are now properly reported
as errors instead of being silently ignored.

The implementation tracks which specs match direct dependencies during
the upgrade process. After processing all workspace members, it
validates that each requested spec either:
1. Matched a direct registry dependency (and was processed), or
2. Exists in the lockfile but cannot be upgraded

Specs that match neither category produce clear error messages:
- "did not match any packages" for completely non-existent packages
- "matched a package... but did not match any direct dependencies"
  for transitive/non-upgradeable packages, with a note explaining
  that --breaking can only upgrade direct dependencies

Multiple errors are collected and reported together for better UX.

This fixes the confusing behavior where users could specify packages
that don't exist without receiving any feedback.

Author: charmitro

src/cargo/ops/cargo_update.rs

@@ -238,6 +238,8 @@ pub fn upgrade_manifests(
     let mut registry = ws.package_registry()?;
     registry.lock_patches();
 
+    let mut matched_specs = HashSet::new();
+
     for member in ws.members_mut().sorted() {
         debug!("upgrading manifest for `{}`", member.name());
 
@@ -252,11 +254,45 @@ pub fn upgrade_manifests(
                     &mut registry,
                     &mut upgrades,
                     &mut upgrade_messages,
+                    &mut matched_specs,
                     d,
                 )
             })?;
     }
 
+    if !to_update.is_empty() {
+        let mut errors = Vec::new();
+        let previous_resolve = ops::load_pkg_lockfile(ws)?;
+
+        for spec in &to_update {
+            if !matched_specs.contains(spec) {
+                let matches_lockfile = if let Some(ref resolve) = previous_resolve {
+                    spec.query(resolve.iter()).is_ok()
+                } else {
+                    false
+                };
+
+                if matches_lockfile {
+                    errors.push(format!(
+                        "package ID specification `{}` matched a package in the dependency graph \
+                         but did not match any direct dependencies that could be upgraded.\n\
+                         Note: `--breaking` can only upgrade direct dependencies of workspace members.",
+                        spec
+                    ));
+                } else {
+                    errors.push(format!(
+                        "package ID specification `{}` did not match any packages",
+                        spec
+                    ));
+                }
+            }
+        }
+
+        if !errors.is_empty() {
+            anyhow::bail!("{}", errors.join("\n\n"));
+        }
+    }
+
     Ok(upgrades)
 }
 
@@ -266,11 +302,18 @@ fn upgrade_dependency(
     registry: &mut PackageRegistry<'_>,
     upgrades: &mut UpgradeMap,
     upgrade_messages: &mut HashSet<String>,
+    matched_specs: &mut HashSet<PackageIdSpec>,
     dependency: Dependency,
 ) -> CargoResult<Dependency> {
     let name = dependency.package_name();
     let renamed_to = dependency.name_in_toml();
 
+    for spec in to_update.iter() {
+        if spec.name() == name.as_str() && dependency.source_id().is_registry() {
+            matched_specs.insert(spec.clone());
+        }
+    }
+
     if name != renamed_to {
         trace!("skipping dependency renamed from `{name}` to `{renamed_to}`");
         return Ok(dependency);

tests/testsuite/update.rs

@@ -2161,10 +2161,25 @@ fn update_breaking_specific_packages_that_wont_update() {
     Package::new("non-semver", "2.0.0").publish();
     Package::new("transitive-incompatible", "2.0.0").publish();
 
-    p.cargo("update -Zunstable-options --breaking compatible renamed-from non-semver transitive-compatible transitive-incompatible")
+    // Test that transitive dependencies produce helpful errors
+    p.cargo("update -Zunstable-options --breaking transitive-compatible transitive-incompatible")
         .masquerade_as_nightly_cargo(&["update-breaking"])
+        .with_status(101)
         .with_stderr_data(str![[r#"
-[UPDATING] `[..]` index
+[ERROR] package ID specification `transitive-compatible` matched a package in the dependency graph but did not match any direct dependencies that could be upgraded.
+Note: `--breaking` can only upgrade direct dependencies of workspace members.
+
+package ID specification `transitive-incompatible` matched a package in the dependency graph but did not match any direct dependencies that could be upgraded.
+Note: `--breaking` can only upgrade direct dependencies of workspace members.
+
+"#]])
+        .run();
+
+    // Test that renamed, non-semver, no-breaking-update dependencies are silently skipped (no errors)
+    p.cargo("update -Zunstable-options --breaking compatible renamed-from non-semver")
+        .masquerade_as_nightly_cargo(&["update-breaking"])
+        .with_stderr_data(str![[r#"
+[UPDATING] `dummy-registry` index
 
 "#]])
         .run();
@@ -2779,21 +2794,30 @@ fn update_breaking_missing_package_error() {
         .add_dep(Dependency::new("transitive", "1.0.0").build())
         .publish();
 
-    // This test demonstrates the current buggy behavior where invalid package
-    // specs are silently ignored instead of reporting an error. A subsequent
-    // commit will fix this behavior and update this test to verify proper
-    // error reporting.
-    
-    // Non-existent package is silently ignored
+    // Non-existent package reports an error
     p.cargo("update -Zunstable-options --breaking no_such_crate")
         .masquerade_as_nightly_cargo(&["update-breaking"])
+        .with_status(101)
         .with_stderr_data(str![[r#"
+[ERROR] package ID specification `no_such_crate` did not match any packages
 
 "#]])
         .run();
 
-    // Valid package processes, invalid package silently ignored
+    // Valid package processes, invalid package reports error
     p.cargo("update -Zunstable-options --breaking bar no_such_crate")
+        .masquerade_as_nightly_cargo(&["update-breaking"])
+        .with_status(101)
+        .with_stderr_data(str![[r#"
+[UPDATING] `dummy-registry` index
+[UPGRADING] bar ^1.0 -> ^2.0
+[ERROR] package ID specification `no_such_crate` did not match any packages
+
+"#]])
+        .run();
+
+    // Successfully upgrade bar to add transitive to lockfile
+    p.cargo("update -Zunstable-options --breaking bar")
         .masquerade_as_nightly_cargo(&["update-breaking"])
         .with_stderr_data(str![[r#"
 [UPDATING] `dummy-registry` index
@@ -2805,10 +2829,28 @@ fn update_breaking_missing_package_error() {
 "#]])
         .run();
 
-    // Transitive dependency is silently ignored (produces no output)
+    // Transitive dependency reports helpful error
     p.cargo("update -Zunstable-options --breaking transitive")
         .masquerade_as_nightly_cargo(&["update-breaking"])
+        .with_status(101)
         .with_stderr_data(str![[r#"
+[ERROR] package ID specification `transitive` matched a package in the dependency graph but did not match any direct dependencies that could be upgraded.
+Note: `--breaking` can only upgrade direct dependencies of workspace members.
+
+"#]])
+        .run();
+
+    // Multiple error types reported together
+    p.cargo("update -Zunstable-options --breaking no_such_crate transitive another_missing")
+        .masquerade_as_nightly_cargo(&["update-breaking"])
+        .with_status(101)
+        .with_stderr_data(str![[r#"
+[ERROR] package ID specification `no_such_crate` did not match any packages
+
+package ID specification `transitive` matched a package in the dependency graph but did not match any direct dependencies that could be upgraded.
+Note: `--breaking` can only upgrade direct dependencies of workspace members.
+
+package ID specification `another_missing` did not match any packages
 
 "#]])
         .run();