Automated Dependency Updates for Composer
Renovate supports updating Composer dependencies.
File Matching¶
By default, Renovate will check any files matching the following regular expression: (^|/)([\w-]*)composer\.json$.
For details on how to extend a manager's fileMatch value, please follow this link.
Supported datasources¶
This manager supports extracting the following datasources: git-tags, packagist.
Default config¶
{
"fileMatch": [
"(^|/)([\\w-]*)composer\\.json$"
],
"versioning": "composer"
}
Additional Information¶
Extracts dependencies from composer.json files, and keeps the associated composer.lock file updated too.
If you use VCS repositories then Renovate needs a hint via the name property, which must match the relevant package.
For example, the package acme/foo would need an entry in repositories similar to the following:
{
"name": "acme/foo",
"type": "vcs",
"url": "http://vcs-of-acme.org/acme/foo.git"
}
Open feature requests¶
- Composer/Packagist: support platform compatibility during lookup #2355
- not all symfony packages updated #3558
- Composer: Support stability constraints for packages #4542
- Execute composer config http-basic before run main script #5119
- Support specifying composer options #6295
- Composer local package support #8176
- Support composer packages in repositories with type path #11674
- Composer global configuration #11980
- matchPackageTypes #12839
- Automated updates for
config.platform.phpfield in composer #13676
Open bug reports¶
- lockfile maintenance with composer is broken when config.platform.php is set #4396
- Renovate attempts to downgrade a Composer package #6899
- Composer private repositories not working #10691
- Outdated dependency blocks advertised Composer update #11936
The above list of features and bugs were current when this page was generated on December 08, 2022.