问题
Let's say I have a composer.json file with locked dependencies:
{
"require" : {
"zendframework/zendframework" : "2.4.2"
},
"require-dev": {
"phpunit/phpunit": "4.6.6"
}
}
I want to do that because would like to update dependencies manually, so I won't be in a situation where my build fails or other developers experience issues I don't have because Composer installed a different version of the package.
Is there a good way to use Composer to list all newer versions of the locked packages, perhaps something like composer discover, where I get output: zendframework/zendframework is locked at version 2.4.2 (or 2.4.* or whatever), but there are versions 2.5.0, 2.5.1, and 2.6.0 available*?
Is any existing command capable of providing that kind of information?
Basically, I'm more about the newer versions being shown to me, so I can know what dependency to update manually. Committing the composer.lock isn't really the solution because that won't show me what to update (and my composer.json is locked at specific versions, so composer.lock won't differ anyway).
回答1:
In order to do what you want, commit the composer.lock file and make sure everyone runs composer install to install the deps. This way, everyone has exact the same version/commit of each package.
You can then run composer update to get newer versions. This will update the packages and the composer.lock file, which you can commit and push, so everyone has the same versions again (after they run composer install).
回答2:
The simplest way would probably just to run:
composer outdated
and get a list of the outdated dependencies. The output looks roughly like this:
回答3:
This is not exactly what you are suggesting. But you can run
composer update --dry-run
to see what happens when composer updates your dependencies. This only shows you the latest version a package could be updated to, but not the versions in between:
composer update --dry-run
Loading composer repositories with package information
Updating dependencies (including require-dev)
- Updating symfony/translation (v2.5.5) to symfony/translation (v2.5.11)
- Updating symfony/security-core (v2.5.5) to symfony/security-core (v2.5.11)
- Updating symfony/routing (v2.5.5) to symfony/routing (v2.5.11)
- Updating symfony/process (v2.5.5) to symfony/process (v2.5.11)
- Updating symfony/http-foundation (v2.5.5) to symfony/http-foundation (v2.5.11)
回答4:
As has been said by others, composer does what you tell it, and will only install the versions specified from the .lock file, or update to new versions (as specified within the range of the given version).
There are outside website services that will let you know that packages have been updated though - such as Versioneye.com. You can follow a number of packages, and it will let you know when any of them have been updated, so you can update the composer file as you wish.
回答5:
To show the latest version of the packages, use show with -l/--latest parameter, e.g.
composer show -l
-l,--latestShow the latest version
To see the tree of dependencies, use -t/--tree parameter, e.g.
composer show -t
-t,--treeList the dependencies as a tree
To list all available version for the given package, run:
composer show -a zendframework/zendframework
Note: Change zendframework/zendframework with your package name.
Notes:
- For global, add
globalright aftercomposer. - For help, run:
composer global help show.
来源:https://stackoverflow.com/questions/30277015/discover-latest-versions-of-composer-packages-when-dependencies-are-locked