diff --git a/Cargo.toml b/Cargo.toml
index 0e3f337..af01b08 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "flexiber"
-version = "0.1.2"
+version = "0.1.3"
 authors = ["Nicolas Stalder <n@stalder.io>", "RustCrypto Developers"]
 license = "Apache-2.0 OR MIT"
 edition = "2021"
@@ -13,7 +13,15 @@ documentation = "https://docs.rs/flexiber"
 
 [dependencies]
 delog = "0.1.0"
-flexiber_derive = { version = "0.1", optional = true, path = "derive" }
+flexiber_derive = { version = "0.1.3", optional = true, path = "derive" }
+
+# This cfg cannot be enabled, but it still forces Cargo to keep flexiber_derive's
+# version in lockstep with flexiber's, even if someone depends on the two crates
+# separately with flexiber's "derive" feature disabled. Every flexiber_derive release
+# is compatible with exactly one flexiber release because the generated code
+# can involve nonpublic APIs which are not bound by semver.
+[target.'cfg(any())'.dependencies]
+flexiber_derive = { version = "=0.1.3", path = "derive" }
 
 [dependencies.heapless]
 version = "0.7.0"
diff --git a/derive/Cargo.toml b/derive/Cargo.toml
index 3d4e3d9..17d2ccb 100644
--- a/derive/Cargo.toml
+++ b/derive/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "flexiber_derive"
-version = "0.1.1"
+version = "0.1.3"
 authors = ["Nicolas Stalder <n@stalder.io>", "RustCrypto Developers"]
 license = "Apache-2.0 OR MIT"
 edition = "2021"