Ok, you have installed a Yii 2 basic or advanced app for the first time and completed the post install steps. You have picked up a few extensions to install for the first time as well. You would already see a composer.lock file in your application root folder.
Here are a few tips on using this file to lock your package versions for future composer updates.
Let us consider you want to lock a specific bootstrap version for this package: yiisoft/yii2-bootstrap. It is assumed you already have installed the yiisoft\yii2-bootstrap extension for the first time.
STEP 1: Editing composer.lock ¶
You would see an entry similar to this in your composer.lock file in your Yii 2 app root:
~~~
{
"name": "yiisoft/yii2-bootstrap",
"version": "dev-master",
"source": {
"type": "git",
"url": "https://github.com/yiisoft/yii2-bootstrap.git",
"reference": "86e22d908151de4fb93f898562afc3cc36ec96c1"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/yiisoft/yii2-bootstrap/zipball/86e22d908151de4fb93f898562afc3cc36ec96c1",
"reference": "86e22d908151de4fb93f898562afc3cc36ec96c1",
"shasum": ""
},
"require": {
"twbs/bootstrap": "3.1.* | 3.0.*",
"yiisoft/yii2": "*"
},
"type": "yii2-extension",
"autoload": {
"psr-4": {
"yii\\bootstrap\\": ""
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD-3-Clause"
],
"authors": [
{
"name": "Qiang Xue",
"email": "qiang.xue@gmail.com",
"homepage": "http://www.yiiframework.com/",
"role": "Founder and project lead"
}
],
"description": "The Twitter Bootstrap extension for the Yii framework",
"keywords": [
"bootstrap",
"yii2"
],
"time": "2014-05-05 12:12:21"
}, ~~~
Now, to make the extension dependent on a specific bootstrap version (say 3.0 only), you can now change the following line in your composer.lock file:
"require": {
"twbs/bootstrap": "3.0.*",
"yiisoft/yii2": "*"
},
STEP 2: Future Composer Updates ¶
You can repeat step 1 for locking dependencies for all your extensions (e.g. kartik-v/yii2-widgets, or any extension). But do a check on extension compatibility for each dependency version though.
The only thing to ensure is that future updates to packages through composer should now be done this way:
php composer.phar install
The above command installs/updates/removes everything to the state of the composer.lock file.
Info: The difference is you are not using
php composer.phar updatefor updating if you want everything as per your composer.lock settings.
If you have any questions, please ask in the forum instead.
Signup or Login in order to comment.