My answer doesn't quite describe why it was downgraded, since the algorithms in Composer are quite intensive (that is why update
takes way longer than install
ing with a .lock
). They go through all of your dependencies, all of the potential versions, and what each dependencies' versions' dependencies are. After getting all of this information it tries to come up with a "perfect" match.
Sometimes the slightest change in your dependencies, or a dependency's dependencies, can create drastic changes. Also, you'll sometimes see that it is impossible to resolve your dependencies because one dependency may require symfony/http-foundation ~2.5
and one may require symfony/http-foundation 2.1.*
(this isn't what happened in your case, but it is good to know).
All in all, the moral of the story is you should be as specific as possible with your composer.json
(especially in production). That way, you can always be in control of what version you use rather than letting Composer decide. Worse case, is you run a composer update
and it cannot resolve your dependencies. Then do some research on Packagist to see which versions will happily resolve together.
I suggest using either version ~2.3
(which is the same as >= 2.3
and < 3
) or 2.3.*
. Then Composer won't even try version 2.2.5
. Check Composer's documentation to see how you can express different package versions.