In some situations, cargo update can change the version of a dependency, but it won't tell you that it updated it. I would expect that any changes to the lock file are accompanied with updating/removing/adding messages.

Repro:

1. Set up a workspace with the following members and dependencies:

a → bitflags="0.9"
b → bitflags="1.0"
c → bitflags="0.9"

2. cargo update to build the lock file.
3. Edit c's version of bitflags to be "1.0".
4. Run cargo update again. c's dependency will be updated, but there is no output telling you it updated something.