Skip to content

Automated Dependency Updates for Composer

Categories: php

Renovate supports updating Composer dependencies.

File Matching

By default, Renovate will check any files matching the following regular expression: (^|/)([\w-]*)composer\.json$.

For details on how to extend a manager's fileMatch value, please follow this link.

Supported datasources

This manager supports extracting the following datasources: bitbucket-tags, git-tags, packagist.

Default config

  "fileMatch": [
  "versioning": "composer"

Additional Information

Extracts dependencies from composer.json files, and keeps the associated composer.lock file updated too.

If you use VCS repositories then Renovate needs a hint via the name property, which must match the relevant package. For example, the package acme/foo would need an entry in repositories similar to the following:

  "name": "acme/foo",
  "type": "vcs",
  "url": ""

Open items

The below list of features were current when this page was generated on April 12, 2024.

Feature requests

  • Composer: support non-semver versions #28298
  • Support Composer v2 canonical settings #20201
  • Automated updates for config.platform.php field in composer #13676
  • Composer global configuration #11980
  • Support composer packages in repositories with type path #11674
  • Composer local package support #8176