Automated Dependency Updates for Composer
Renovate supports updating Composer dependencies.
File Matching¶
By default, Renovate will check any files matching the following regular expression: (^|/)([\w-]*)composer\.json$.
For details on how to extend a manager's fileMatch value, please follow this link.
Supported datasources¶
This manager supports extracting the following datasources: git-tags, packagist.
References## Default config¶
{
"fileMatch": [
"(^|/)([\\w-]*)composer\\.json$"
],
"versioning": "composer"
}
Additional Information¶
Extracts dependencies from composer.json files, and keeps the associated composer.lock file updated too.
If you use VCS repositories then Renovate needs a hint via the name property, which must match the relevant package.
For example, the package acme/foo would need an entry in repositories similar to the following:
{
"name": "acme/foo",
"type": "vcs",
"url": "http://vcs-of-acme.org/acme/foo.git"
}
Open items¶
The below list of features and bugs were current when this page was generated on March 30, 2023.
Feature requests¶
- Support Composer v2 canonical settings #20201
- Automated updates for
config.platform.phpfield in composer #13676 - matchPackageTypes #12839
- Composer global configuration #11980
- Support composer packages in repositories with type path #11674
- Composer local package support #8176
- Support specifying composer options #6295
- Execute composer config http-basic before run main script #5119
- Composer: Support stability constraints for packages #4542
- not all symfony packages updated #3558