Disable composer for update?

I made a project in Symfony2 and I am using composer to get all the packages I need.

I got there for example:

"symfony/symfony": "2.5.*",
"knplabs/knp-snappy-bundle": "dev-master",
"knplabs/knp-menu-bundle": "~1.1",
"sonata-project/core-bundle": "*",


It works well, but within a month if the packages are updated then it will break.

What's the best way to block composer to update only current version packages? I know - I can provide the current versions, but where can I get them?


source to share

2 answers

Your best bet is to fix the versions for your tags so you can be sure you stay with the same code. For example:

"symfony/symfony": "2.5.5"


It can be difficult to set tags for all of your packages. (at least the first time). But for a production app, NEVER rely on dev or master branches. After that, for example, you can update those tags after each symfony release.

To find tags you can use packagist , it will be much faster than Github. For example, for knp-snappy-bundle


enter image description here



I can provide current versions, but where can I find them?

Yes, you really have to provide them. Composer packages (usually) follow what is called semantic versioning .

This is what is the basis for specifying versions in composer.json, which is explained on composer.org:

As you write, you strive for stability, this is problematic:

  • DEV-master
  • *

Compare with semver, you usually want to stay inside MINOR or PATCH. And only real releases.

Use the command composer show -i

to display installed packages. Then check the packer for available versions if it's unclear with this output yet.



All Articles