update: report error for non-matching package specs with --breaking

When using `cargo update --breaking <spec>`, package specifications
that don't match any upgradeable dependency are now properly reported
as errors instead of being silently ignored.

The implementation tracks which specs match direct dependencies during
the upgrade process. After processing all workspace members, it
validates that each requested spec either:
1. Matched a direct registry dependency (and was processed), or
2. Exists in the lockfile but cannot be upgraded

Specs that match neither category produce clear error messages:
- "did not match any packages" for completely non-existent packages
- "matched a package... but did not match any direct dependencies"
  for transitive/non-upgradeable packages, with a note explaining
  that --breaking can only upgrade direct dependencies

Multiple errors are collected and reported together for better UX.

This fixes the confusing behavior where users could specify packages
that don't exist without receiving any feedback.

Author: charmitro

src/cargo/ops/cargo_update.rs

@@ -17,7 +17,7 @@ use crate::util::{CargoResult, VersionExt};
 use crate::util::{OptVersionReq, style};
 use anyhow::Context as _;
 use cargo_util_schemas::core::PartialVersion;
-use indexmap::IndexMap;
+use indexmap::{IndexMap, IndexSet};
 use itertools::Itertools;
 use semver::{Op, Version, VersionReq};
 use std::cmp::Ordering;
@@ -238,6 +238,8 @@ pub fn upgrade_manifests(
     let mut registry = ws.package_registry()?;
     registry.lock_patches();
 
+    let mut remaining_specs: IndexSet<_> = to_update.iter().cloned().collect();
+
     for member in ws.members_mut().sorted() {
         debug!("upgrading manifest for `{}`", member.name());
 
@@ -252,11 +254,28 @@ pub fn upgrade_manifests(
                     &mut registry,
                     &mut upgrades,
                     &mut upgrade_messages,
+                    &mut remaining_specs,
                     d,
                 )
             })?;
     }
 
+    if !remaining_specs.is_empty() {
+        let mut error_msg = String::from(
+            "package ID specifications did not match any direct dependencies that could be upgraded",
+        );
+
+        for spec in &remaining_specs {
+            error_msg.push_str(&format!("\n  {}", spec));
+        }
+
+        error_msg.push_str(
+            "\nnote: `--breaking` can only upgrade direct dependencies of workspace members",
+        );
+
+        anyhow::bail!("{}", error_msg);
+    }
+
     Ok(upgrades)
 }
 
@@ -266,11 +285,15 @@ fn upgrade_dependency(
     registry: &mut PackageRegistry<'_>,
     upgrades: &mut UpgradeMap,
     upgrade_messages: &mut HashSet<String>,
+    remaining_specs: &mut IndexSet<PackageIdSpec>,
     dependency: Dependency,
 ) -> CargoResult<Dependency> {
     let name = dependency.package_name();
     let renamed_to = dependency.name_in_toml();
 
+    remaining_specs
+        .retain(|spec| !(spec.name() == name.as_str() && dependency.source_id().is_registry()));
+
     if name != renamed_to {
         trace!("skipping dependency renamed from `{name}` to `{renamed_to}`");
         return Ok(dependency);

tests/testsuite/update.rs

@@ -2161,10 +2161,25 @@ fn update_breaking_specific_packages_that_wont_update() {
     Package::new("non-semver", "2.0.0").publish();
     Package::new("transitive-incompatible", "2.0.0").publish();
 
-    p.cargo("update -Zunstable-options --breaking compatible renamed-from non-semver transitive-compatible transitive-incompatible")
+    // Test that transitive dependencies produce helpful errors
+    p.cargo("update -Zunstable-options --breaking transitive-compatible transitive-incompatible")
         .masquerade_as_nightly_cargo(&["update-breaking"])
+        .with_status(101)
         .with_stderr_data(str![[r#"
-[UPDATING] `[..]` index
+[ERROR] package ID specification `transitive-compatible` matched a package in the dependency graph but did not match any direct dependencies that could be upgraded.
+Note: `--breaking` can only upgrade direct dependencies of workspace members.
+
+package ID specification `transitive-incompatible` matched a package in the dependency graph but did not match any direct dependencies that could be upgraded.
+Note: `--breaking` can only upgrade direct dependencies of workspace members.
+
+"#]])
+        .run();
+
+    // Test that renamed, non-semver, no-breaking-update dependencies are silently skipped (no errors)
+    p.cargo("update -Zunstable-options --breaking compatible renamed-from non-semver")
+        .masquerade_as_nightly_cargo(&["update-breaking"])
+        .with_stderr_data(str![[r#"
+[UPDATING] `dummy-registry` index
 
 "#]])
         .run();
@@ -2779,21 +2794,34 @@ fn update_breaking_missing_package_error() {
         .add_dep(Dependency::new("transitive", "1.0.0").build())
         .publish();
 
-    // This test demonstrates the current buggy behavior where invalid package
-    // specs are silently ignored instead of reporting an error. A subsequent
-    // commit will fix this behavior and update this test to verify proper
-    // error reporting.
-    
-    // Non-existent package is silently ignored
+    // Non-existent package reports an error
     p.cargo("update -Zunstable-options --breaking no_such_crate")
         .masquerade_as_nightly_cargo(&["update-breaking"])
+        .with_status(101)
         .with_stderr_data(str![[r#"
+[ERROR] package ID specifications did not match any direct dependencies that could be upgraded
+  no_such_crate
+[NOTE] `--breaking` can only upgrade direct dependencies of workspace members
 
 "#]])
         .run();
 
-    // Valid package processes, invalid package silently ignored
+    // Valid package processes, invalid package reports error
     p.cargo("update -Zunstable-options --breaking bar no_such_crate")
+        .masquerade_as_nightly_cargo(&["update-breaking"])
+        .with_status(101)
+        .with_stderr_data(str![[r#"
+[UPDATING] `dummy-registry` index
+[UPGRADING] bar ^1.0 -> ^2.0
+[ERROR] package ID specifications did not match any direct dependencies that could be upgraded
+  no_such_crate
+[NOTE] `--breaking` can only upgrade direct dependencies of workspace members
+
+"#]])
+        .run();
+
+    // Successfully upgrade bar to add transitive to lockfile
+    p.cargo("update -Zunstable-options --breaking bar")
         .masquerade_as_nightly_cargo(&["update-breaking"])
         .with_stderr_data(str![[r#"
 [UPDATING] `dummy-registry` index
@@ -2805,10 +2833,28 @@ fn update_breaking_missing_package_error() {
 "#]])
         .run();
 
-    // Transitive dependency is silently ignored (produces no output)
+    // Transitive dependency reports helpful error
     p.cargo("update -Zunstable-options --breaking transitive")
         .masquerade_as_nightly_cargo(&["update-breaking"])
+        .with_status(101)
+        .with_stderr_data(str![[r#"
+[ERROR] package ID specifications did not match any direct dependencies that could be upgraded
+  transitive
+[NOTE] `--breaking` can only upgrade direct dependencies of workspace members
+
+"#]])
+        .run();
+
+    // Multiple error types reported together
+    p.cargo("update -Zunstable-options --breaking no_such_crate transitive another_missing")
+        .masquerade_as_nightly_cargo(&["update-breaking"])
+        .with_status(101)
         .with_stderr_data(str![[r#"
+[ERROR] package ID specifications did not match any direct dependencies that could be upgraded
+  no_such_crate
+  transitive
+  another_missing
+[NOTE] `--breaking` can only upgrade direct dependencies of workspace members
 
 "#]])
         .run();