I'd expect a tool that upgrades vulnerable dependencies to upgrade them to... poll Assuming both options fix the vulnerability. Hey everyone! I'm working on rewriting cargo audit fix, part of cargo-audit. I'd like to know which behavior users would find less surprising. Hence this poll! There are valid reasons to choose each of them as a default, but I am interested in what your first thought is. If you have a rationale for your choice I'd be happy to hear that as well. Thank you!