diff --git a/src/Composer/Installer.php b/src/Composer/Installer.php
index 3172e596f..78ea92c03 100644
--- a/src/Composer/Installer.php
+++ b/src/Composer/Installer.php
@@ -1195,6 +1195,7 @@ class Installer
foreach ($requirePackages as $requirePackage) {
if (isset($skipPackages[$requirePackage->getName()])) {
+ $this->io->writeError('Dependency "' . $requirePackage->getName() . '" is also a root requirement, but is not explicitly whitelisted. Ignoring.');
continue;
}
$packageQueue->enqueue($requirePackage);
diff --git a/tests/Composer/Test/Fixtures/installer/github-issues-4795.test b/tests/Composer/Test/Fixtures/installer/github-issues-4795.test
new file mode 100644
index 000000000..6dc3ced3d
--- /dev/null
+++ b/tests/Composer/Test/Fixtures/installer/github-issues-4795.test
@@ -0,0 +1,47 @@
+--TEST--
+
+See Github issue #4795 ( github.com/composer/composer/issues/4795 ).
+
+Composer\Installer::whitelistUpdateDependencies intentionally ignores root requirements even if said package is also a
+dependency of one the requirements that is whitelisted for update.
+
+--COMPOSER--
+{
+ "repositories": [
+ {
+ "type": "package",
+ "package": [
+ { "name": "a", "version": "1.0.0" },
+ { "name": "a", "version": "1.1.0" },
+ { "name": "b", "version": "1.0.0", "require": { "a": "~1.0" } },
+ { "name": "b", "version": "1.1.0", "require": { "a": "~1.1" } },
+ { "name": "c", "version": "1.0.0", "require": { "a": "~1.0" } }
+ ]
+ }
+ ],
+ "require": {
+ "a": "~1.0",
+ "b": "~1.0",
+ "c": "~1.0"
+ }
+}
+
+--INSTALLED--
+[
+ { "name": "a", "version": "1.0.0" },
+ { "name": "b", "version": "1.0.0", "require": { "a": "~1.0" } },
+ { "name": "c", "version": "1.0.0", "require": { "a": "~1.0" } }
+]
+
+--RUN--
+update B --with-dependencies
+
+--EXPECT-OUTPUT--
+Dependency "a" is also a root requirement, but is not explicitly whitelisted. Ignoring.
+Loading composer repositories with package information
+Updating dependencies (including require-dev)
+Nothing to install or update
+Writing lock file
+Generating autoload files
+
+--EXPECT--