Updating Composer dependencies in PHP projects all the while avoiding regressions can be daunting. Here's a quick trick I use to ease the process.
For mature packages, I rely on SemVer to test code that uses packages which have had "major" version bumps. Some packages don't strictly adhere to SemVer, so I usually check packages with "minor" version bumps for breaking changes as well.
After updating Composer dependencies in
composer.json, I run
composer update, which overwrites
Then, I run the following command, which shows only packages which have changed versions:
git diff composer.lock | grep -B1 -E ' "version"'
The output looks like this:
From there, I take a closer look at the changelogs from packages for which a "minor" or "major" version change has occured. If need be, I update my code to reflect those changes so that the website keeps running properly.