Skip to content

Automated Dependency Updates for Composer

Categories: php

Renovate supports updating Composer dependencies.

File Matching

By default, Renovate will check any files matching the following regular expression: (^|/)([\w-]*)composer\.json$.

For details on how to extend a manager's fileMatch value, please follow this link.

Supported datasources

This manager supports extracting the following datasources: bitbucket-tags, git-tags, packagist.

Default config

{
  "fileMatch": [
    "(^|/)([\\w-]*)composer\\.json$"
  ],
  "versioning": "composer"
}

Additional Information

Extracts dependencies from composer.json files, and keeps the associated composer.lock file updated too.

If you use VCS repositories then Renovate needs a hint via the name property, which must match the relevant package. For example, the package acme/foo would need an entry in repositories similar to the following:

{
  "name": "acme/foo",
  "type": "vcs",
  "url": "http://vcs-of-acme.org/acme/foo.git"
}

Open items

The below list of features and bugs were current when this page was generated on October 12, 2024.

Feature requests

  • Composer: support non-semver versions #28298
  • Support Composer v2 canonical settings #20201
  • Automated updates for config.platform.php field in composer #13676
  • Composer global configuration #11980
  • Support composer packages in repositories with type path #11674
  • Composer local package support #8176

Bug reports

  • Composer: unsupported value if != constraint used #31504