4

Comparing to other package managers like npm, I find that composer has a strange behaviour when updating packages related to a given project.

According also to the documentation, update and upgrade options

Upgrades your dependencies to the latest version according to composer.json, and updates the composer.lock file.

And indeed, composer.lock is correctly updated with new packages version numbers. But composer.json instead is not modified, and lists packages with their old, outdated version numbers.

Why does this happen? Am I doing something wrong, or this is indeed how this is supposed to work? And if this is the case, what is the reasoning behind having one of thw two files up-to-date while the other is not?

Sekhemty
  • 1,222
  • 2
  • 13
  • 33
  • fyi, `npm` uses `package-lock.json` – brombeer Dec 20 '19 at 12:32
  • @kerbholz yes, I know, but `package.json` is updated as well when updating packages. – Sekhemty Dec 20 '19 at 12:33
  • 1
    Are you expecting the versions specified in composer.json to be updated to the latest version when you run `composer update`? If I've specified that I want version `2.1.1` of a package, I don't want this to be changed when version `2.1.2` comes, if I did I would have written `2.1.*` or just `*` – Levi Dec 20 '19 at 12:42
  • My `composer.json` has `"package": "^4.2"` that was automatically added by `composer require`, if I run `composer update` the package is updated from version `4.2.0` to `4.3.0` and `composer.lock` is updated to this new version, but `composer.json` still lists `4.2`. My question is about this difference. – Sekhemty Dec 20 '19 at 12:54
  • Maybe https://stackoverflow.com/questions/16739998/how-to-update-a-single-library-with-composer/54197074#54197074 answers your question – Adam Oct 12 '20 at 12:05

1 Answers1

8

That's the normal behavior.

Composer update looks for updates based on your composer.json file, so here it will look for 4.2 and above (^4.2) If you want your composer.json to require 4.3 and above (^4.3), you can either modify it manually or call composer require once again.

Daniel
  • 807
  • 8
  • 24