Cargo "[patch] ... was not used in the crate graph" in CI
You added a [patch] entry to override a dependency, but Cargo couldn’t apply it because the patched version doesn’t satisfy any requirement in the graph. The patch is silently ignored - or, with a strict CI lint, fails the build.
What this error means
cargo reports patch for X in ... was not used in the crate graph. The original (unpatched) dependency is still used, so your override has no effect - and if CI denies warnings, the build fails on the unused patch.
warning: Patch `serde v1.0.999 (/home/runner/work/app/vendor/serde)` was not used
in the crate graph.
Perhaps you misspelled the source URL being patched.
Or perhaps you meant to use a different version which doesn't match this patch.Common causes
Patched version doesn’t match the requirement
A [patch] only applies when its version satisfies the version requirement already in the graph. If nothing requires a version the patch provides, Cargo can’t slot it in.
Wrong source URL or registry being patched
The [patch.<source>] key must exactly match the source the dependency comes from (e.g. crates-io vs a git URL). A mismatched key patches a source nothing actually uses.
How to fix it
Match the patch version to the requirement
Make the patched crate’s version compatible with what the graph requires, or update the requirement to accept it.
[patch.crates-io]
serde = { git = "https://github.com/serde-rs/serde", branch = "fix" }
# the patched version must satisfy the existing `serde = "1"` requirementVerify the source key and inspect the graph
- Confirm the
[patch.<source>]key matches where the dependency really comes from. - Run
cargo tree -i <crate>to see the version actually required. - Re-run
cargo updateafter editing the patch so the lockfile re-resolves.
How to prevent it
- Keep
[patch]versions compatible with the requirements already in the graph. - Match the
[patch.<source>]key exactly to the dependency’s source. - Run
cargo treeafter adding a patch to confirm it’s actually applied.