How do I update a *single* package dependency when I am using lock files?

[tbutler-qontigo]

This is my scenario:

• I want to use package lock files with wildcard matching in my development builds so I can automatically pick up the latest version of a component - e.g. 1.*
• I have two components, Foo v1.2.3 and Bar v4.5.6
• In my CI build of same, I will use -ForceEvaluate to ensure the build uses the latest, and I will check in any changes to the packages.lock.json file
• When it comes to release time and I want a release candidate build, I will use -LockedMode to ensure that the versions never change in my release from what existing at the time the rc was taken.
• Both components Foo and Bar continue to be worked on and have been updated in our nuget repo to v1.2.4 and v4.5.7 respectively => develop branch builds will get these, which is fine.

What happens now if I need to patch the release (or production!) and only update component Bar so I get v4.5.7? I am using -LockedMode so I will always get v1.2.3 and v4.5.6 respectively for the components at the moment.
If I -ForceEvaluate in my release build then both components will be updated rather than just the one that is required for this release fix, which is not what I want.

So how do I only update one package (and I guess potentially it's dependencies if something has had to change there)?

I don't really want to have to mess about with manually editing the lock file(s) and ideally I wouldn't have to for example change the version in the .csproj file to be an explicit one (Which, alone, does not seem to be enough anyway) because then when merging back down to the develop branch I would have to remember to ignore/undo that specific change.

thanks