Disable composer for update?
I made a project in Symfony2 and I am using composer to get all the packages I need.
I got there for example:
"symfony/symfony": "2.5.*",
"knplabs/knp-snappy-bundle": "dev-master",
"knplabs/knp-menu-bundle": "~1.1",
"sonata-project/core-bundle": "*",
It works well, but within a month if the packages are updated then it will break.
What's the best way to block composer to update only current version packages? I know - I can provide the current versions, but where can I get them?
source to share
Your best bet is to fix the versions for your tags so you can be sure you stay with the same code. For example:
"symfony/symfony": "2.5.5"
It can be difficult to set tags for all of your packages. (at least the first time). But for a production app, NEVER rely on dev or master branches. After that, for example, you can update those tags after each symfony release.
To find tags you can use packagist , it will be much faster than Github. For example, for knp-snappy-bundle
:
source to share
I can provide current versions, but where can I find them?
Yes, you really have to provide them. Composer packages (usually) follow what is called semantic versioning .
This is what is the basis for specifying versions in composer.json, which is explained on composer.org:
As you write, you strive for stability, this is problematic:
- DEV-master
- *
Compare with semver, you usually want to stay inside MINOR or PATCH. And only real releases.
Use the command composer show -i
to display installed packages. Then check the packer for available versions if it's unclear with this output yet.
source to share