I'm using Composer and have recently made a mistake I do not know how to fix.
Version 2.1.0 of my package dropped support for PHP 5.3 and PHP 5.4. However I forgot to change the version requirement in composer.json, which stayed at >=5.3. This release got tagged a few weeks ago. Since then the oversight in composer.json has been fixed, as it now correctly states >=5.5 in release 2.2.0 and later.
The issue here is that people that have PHP 5.3 or PHP 5.4, and install version ~2.0, will now get 2.1.0, as it's the latest (supposedly) matching release, after which their installation is broken.
How can I address this issue in a SemVer compliant manner?
I would remove the tag from both the github repository and packagist.
Removing does not equal modifying. You're not moving the tag which would result in inconsistent repeat-ability.
Removing the tag simply makes it unavailable for any new/future users. Whoever is running it now, either has a broken install, or can safely update to a newer version.