Automated Dependency Updates for Composer
Renovate supports updating Composer dependencies.
File Matching¶
By default, Renovate will check any files matching the following regular expression: (^|/)([\w-]*)composer\.json$
.
For details on how to extend a manager's fileMatch
value, please follow this link.
Supported datasources¶
This manager supports extracting the following datasources: git-tags
, packagist
.
Additional Information¶
Extracts dependencies from composer.json
files, and keeps the associated composer.lock
file updated too.
If you use VCS repositories then Renovate needs a hint via the name
property, which must match the relevant package.
For example, the package acme/foo
would need an entry in repositories similar to the following:
{
"name": "acme/foo",
"type": "vcs",
"url": "http://vcs-of-acme.org/acme/foo.git"
}
Open feature requests¶
- Composer/Packagist: support platform compatibility during lookup #2355
- not all symfony packages updated #3558
- Composer: Support stability constraints for packages #4542
- Execute composer config http-basic before run main script #5119
- Support specifying composer options #6295
- Composer local package support #8176
- Composer global configuration #11980
- Automated updates for
config.platform.php
field in composer #13676
Open bug reports¶
- lockfile maintenance with composer is broken when config.platform.php is set #4396
- Renovate attempts to downgrade a Composer package #6899
- Composer private repositories not working #10691
- Outdated dependency blocks advertised Composer update #11936
The above list of features and bugs were current when this page was generated on August 15, 2022.