使symfony安装相同版本的依赖项

所以，我最近将我的symfony项目更新到4.3版本，由于它引起了问题，我将其降级到4.2.9。 但是尽管我付出了努力，以及作曲家的各种选择，它仍在继续安装 它对 4.3 的依赖(twig、security、yaml...) 即使它的 composer.json 文件清楚地表明它应该使用相同的版本。 我删除了供应商，清除了缓存，删除了composer.lock，symfony.lock使用了--no-cache选项，专门将composer中的symfony版本精确地设置为4.2.9，但它总是安装4.3，这有点令人沮丧。 如果我签出旧的 composer.lock 并进行安装，它可以工作，但更新仍将安装 4.3，即使我在 symfony 的 json 中设置 4.2.9。

有没有出路？谢谢

我正在使用

composer update --no-cache --dry-run

查看我们安装的内容而无需实际安装它

这是我的作曲家.json

{
"type": "project",
"license": "proprietary",
"require": {
"php": "^7.1.3",
"ext-iconv": "*",
"friendsofsymfony/jsrouting-bundle": "^2.3",
"sensio/framework-extra-bundle": "^5.1",
"symfony/console": "^4.0",
"symfony/flex": "^1.0",
"symfony/form": "^4.0",
"symfony/framework-bundle": "4.2.9",
"symfony/lts": "^4@dev",
"symfony/monolog-bundle": "^3.3",
"symfony/orm-pack": "^1.0",
"symfony/security-bundle": "^4.1",
"symfony/translation": "^4.0",
"symfony/twig-bundle": "^4.0",
"symfony/validator": "^4.0",
"symfony/webpack-encore-pack": "^1.0",
"symfony/yaml": "^4.0"
},
"require-dev": {
"doctrine/doctrine-fixtures-bundle": "^3.0",
"sensiolabs/security-checker": "^5.0",
"symfony/debug-bundle": "^4.1",
"symfony/dotenv": "^4.0",
"symfony/maker-bundle": "^1.9",
"symfony/profiler-pack": "^1.0",
"symfony/web-server-bundle": "^4.0"
},
"config": {
"preferred-install": {
"*": "dist"
},
"sort-packages": true
},
"autoload": {
"psr-4": {
"App\": "src/"
}
},
"autoload-dev": {
"psr-4": {
"App\Tests\": "tests/"
}
},
"replace": {
"symfony/polyfill-iconv": "*",
"symfony/polyfill-php71": "*",
"symfony/polyfill-php70": "*",
"symfony/polyfill-php56": "*"
},
"scripts": {
"auto-scripts": {
"cache:clear": "symfony-cmd",
"assets:install --symlink --relative %PUBLIC_DIR%": "symfony-cmd",
"security-checker security:check": "script"
},
"post-install-cmd": [
"@auto-scripts"
],
"post-update-cmd": [
"@auto-scripts"
]
},
"conflict": {
"symfony/symfony": "*"
},
"extra": {
"symfony": {
"allow-contrib": false,
"require": "4.2.9"
}
}
}

注意：我不是在谈论我自己的composer.json的依赖项，而是symfony安装的依赖项，例如http-foundation或http-kernel。