Disable composer for update?

Question

I made project in Symfony2 and i use composer to get all required bundles.

I got there for example:

"symfony/symfony": "2.5.*",
"knplabs/knp-snappy-bundle": "dev-master",
"knplabs/knp-menu-bundle": "~1.1",
"sonata-project/core-bundle": "*",

It works well, but for the month if bundles will be updated then it breaks down.

How is the best way to blocked composer for update only current version bundles? I know - I can provide the current versions, but where to get them?

Answer 1

The best is to fix versions to tags so you are sure you stay with the same code. For example:

"symfony/symfony": "2.5.5"

It can be a fastidious task to set tags for all your bundles. (at least the very first time). But for an application in production, NEVER rely on dev or master branches. After, for example you can update those tags after each symfony release.

To find the tags you can use packagist, it will be much more quicker than Github. For example for the knp-snappy-bundle:

Answer 2

I can provide the current versions, but where to get them?

Yes you really should provide those. Composer packages (normally) follow so called semantic versioning.

That then is the base for specifying versions in composer.json which is explained on composer.org:

• https://getcomposer.org/doc/01-basic-usage.md#package-versions

As you write you aim for stability, those are problematic:

• dev-master
• *

Compare with semver, you normally want to stay inside MINOR or PATCH. And only real releases.

Use the composer show -i command to display your installed packages. Then check packagist for available versions if it's still unclear with that output.