Fearless composer updates

Updating Composer dependencies in PHP projects all the while avoiding regressions can be daunting. Here's a quick trick I use to ease the process.

For mature packages, I rely on SemVer to test code that uses packages which have had "major" version bumps. Some packages don't strictly adhere to SemVer, so I usually check packages with "minor" version bumps for breaking changes as well.

After updating Composer dependencies in composer.json, I run composer update, which overwrites composer.lock.


Then, I run the following command, which shows only packages which have changed versions:

git diff composer.lock | grep -B1 -E '            "version"'

The output looks like this:


From there, I take a closer look at the changelogs from packages for which a "minor" or "major" version change has occured. If need be, I update my code to reflect those changes so that the website keeps running properly.

Fearless composer updates
Share this