Comparing to other package managers like npm, I find that composer has a strange behaviour when updating packages related to a given project.
According also to the documentation, update and upgrade options
Upgrades your dependencies to the latest version according to composer.json, and updates the composer.lock file.
And indeed, composer.lock is correctly updated with new packages version numbers. But composer.json instead is not modified, and lists packages with their old, outdated version numbers.
Why does this happen? Am I doing something wrong, or this is indeed how this is supposed to work? And if this is the case, what is the reasoning behind having one of thw two files up-to-date while the other is not?
npmusespackage-lock.jsonpackage.jsonis updated as well when updating packages.composer update? If I've specified that I want version2.1.1of a package, I don't want this to be changed when version2.1.2comes, if I did I would have written2.1.*or just*composer.jsonhas"package": "^4.2"that was automatically added bycomposer require, if I runcomposer updatethe package is updated from version4.2.0to4.3.0andcomposer.lockis updated to this new version, butcomposer.jsonstill lists4.2. My question is about this difference.