Discover latest versions of Composer packages when dependencies are locked

Question

Let's say I have a composer.json file with locked dependencies:

{
  "require" : {
   "zendframework/zendframework" : "2.4.2"
  },
  "require-dev": {
    "phpunit/phpunit": "4.6.6"
  }
}

I want to do that because would like to update dependencies manually, so I won't be in a situation where my build fails or other developers experience issues I don't have because Composer installed a different version of the package.

Is there a good way to use Composer to list all newer versions of the locked packages, perhaps something like composer discover, where I get output: zendframework/zendframework is locked at version 2.4.2 (or 2.4.* or whatever), but there are versions 2.5.0, 2.5.1, and 2.6.0 available*?

Is any existing command capable of providing that kind of information?

---

Basically, I'm more about the newer versions being shown to me, so I can know what dependency to update manually. Committing the composer.lock isn't really the solution because that won't show me what to update (and my composer.json is locked at specific versions, so composer.lock won't differ anyway).

Answer 1

In order to do what you want, commit the composer.lock file and make sure everyone runs composer install to install the deps. This way, everyone has exact the same version/commit of each package.

You can then run composer update to get newer versions. This will update the packages and the composer.lock file, which you can commit and push, so everyone has the same versions again (after they run composer install).