--TEST-- See GitHub issue #4795 ( github.com/composer/composer/issues/4795 ). Composer\Installer::allowListUpdateDependencies intentionally ignores root requirements even if said package is also a dependency of one the requirements that is allowed for update. --COMPOSER-- { "repositories": [ { "type": "package", "package": [ { "name": "a/a", "version": "1.0.0" }, { "name": "a/a", "version": "1.1.0" }, { "name": "b/b", "version": "1.0.0", "require": { "a/a": "~1.0" } }, { "name": "b/b", "version": "1.1.0", "require": { "a/a": "~1.1" } } ] } ], "require": { "a/a": "~1.0", "b/b": "~1.0" } } --INSTALLED-- [ { "name": "a/a", "version": "1.0.0" }, { "name": "b/b", "version": "1.0.0", "require": { "a/a": "~1.0" } } ] --LOCK-- { "packages": [ { "name": "a/a", "version": "1.0.0" }, { "name": "b/b", "version": "1.0.0", "require": { "a/a": "~1.0" } } ], "packages-dev": [], "aliases": [], "minimum-stability": "dev", "stability-flags": {}, "prefer-stable": false, "prefer-lowest": false, "platform": {}, "platform-dev": {} } --RUN-- update b/b --with-dependencies --EXPECT-OUTPUT-- Loading composer repositories with package information Dependency a/a is also a root requirement. Package has not been listed as an update argument, so keeping locked at old version. Use --with-all-dependencies (-W) to include root dependencies. Updating dependencies Nothing to modify in lock file Writing lock file Installing dependencies from lock file (including require-dev) Nothing to install, update or remove Generating autoload files --EXPECT--