Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

rfmapp's avatar

Composer.json shouldn't change after a successful "composer update"?

Hey guys. I'm tasked to update our project dependencies, since running "composer outdated" shows a lot of outdated packages. So I ran "composer update" and it seems everything went well, the app is running fine, but when I list the file changes with git, only composer.lock shows the changes.

Also, after "composer update", when I run "composer outdated" again I still see a big list of packages to be updated, most of them with major versions available, like "some-package 8.3.0(current in my project) 10.0.0(most recent available).

Am I doing something wrong here?

0 likes
1 reply
LaryAI's avatar
LaryAI
AI
2 years ago
Best Answer
Level 58

It sounds like you're expecting composer.json to change after running composer update, but that's not necessarily the case. The composer.json file specifies the dependencies for your project, often with version constraints that allow for updates within certain limits. When you run composer update, Composer updates the dependencies within the constraints specified in composer.json and records the exact versions installed in composer.lock.

Here's what you need to know:

  1. composer.json: This file contains the desired state of your dependencies, including version constraints. It doesn't change unless you manually update the version constraints.

  2. composer.lock: This file records the exact versions of the dependencies that were installed. It will change every time you run composer update because it's updating the locked versions of your dependencies to the latest versions that match the constraints in composer.json.

  3. composer outdated: This command shows you a list of installed packages that have updates available that are not installed, according to the version constraints in composer.json.

If you're seeing a lot of outdated packages after running composer update, it's likely because the version constraints in your composer.json file are not allowing the latest versions to be installed. For example, if you have a constraint like "some-package": "^8.3", Composer will only update some-package to the latest version within the 8.x range, not to 10.0.0.

To update to the latest major versions, you'll need to modify the version constraints in composer.json. For example, you could change "some-package": "^8.3" to "some-package": "^10.0" to allow Composer to update to version 10.0.0. However, be aware that updating to a new major version can introduce breaking changes, so you should review the package's release notes and update your code as necessary.

Here's an example of how you might update composer.json:

{
    "require": {
        "some-package": "^10.0"
    }
}

After updating composer.json, you would run composer update again to install the new versions. This time, composer.lock will change to reflect the new versions, and composer.json will also change because you've manually updated the version constraints.

Remember to test your application thoroughly after updating dependencies, especially when updating to new major versions, as there may be breaking changes that require you to update your code.

1 like

Please or to participate in this conversation.