The likelihood of a minor incompatibility breaking someone is relatively low such that people regularly update all dependencies.
As for not touching Cargo.toml, you might want to catch up on the cargo upgrade discussion as we are looking to make cargo update --save to update all version requirements.