Update composer dependencies in json file on updating

Question

When I run composer update, a lot of dependencies and my composer.json get updated. But, my composer.json didn't change, so next time I run composer install, I'll get the outdated ones again.

For instance, I have:

"require": {
        "symfony/form": "^4.1",
}

When I run the command It shows:

Updating symfony/dotenv (v4.1.4 => v4.1.5): Loading from cache

But the json line stays the same, and composer install will install the 4.1.4 version.

Is there a way to update the composer.json file when I run composer update?

Thanks in advance!

Answer 1

You should have a composer.lock file after performing composer update. You commit this file to version control and then the next person checks out the code can do composer install to obtain the correct version.

The composer.json file contains the version constraints whereas the composer.lock file contains the specific version.

Take a look at the example you had:

"require": {
        "symfony/form": "^4.1",
}

Here the version constraint for the symfony/form package is ^4.1. This means that it will accept any version 4 build from 4.1, but not version 5 or higher. So it could obtain version 4.1.1, or 4.2.13 or anything higher (but below version 5).

https://getcomposer.org/doc/articles/versions.md#caret-version-range-

here are the docs on lock files https://getcomposer.org/doc/02-libraries.md#lock-file