Wordpress Version in composer.json is ignored

The Wordpress Version in composer.json is ignored.

You will want to re-require the dependency with the new version number. This is required when downgrading or upgrading because of the composer lock file I think.

composer require roots/wordpress:6.1 -W

The -W includes its child dependencies also which will be needed.

1 Like

currently there is no point in my deploment for composer require, but i will test this.

My expectation is, if in the composer.json “roots/wordpress”: “6.1” is required, that the version 6.1 get installed.

Or im wrong?

Can you describe your entire process?
Here’s how I would go about downgrading WordPress in Bedrock:

  1. Adjust the version number in composer.json
  2. Run composer update in my Bedrock directory to install and “lock” the new version.
1 Like

You wouldn’t run composer require in your deployment, you would run it locally and commit the changes to the composer.lock and json file.

If you want to always install the latest version of what will match the composer.json just omit the lock file from your commits and deployment, but you are rolling the dice imho by doing that.

The lock file ensures that you and your colleagues will be working off of the exact same version of the dependencies whenever they run composer install, and that goes for your live server as well.

I agree that what @MWDelaney suggests would work also if you wanted to give that a try, but I am also wary of composer update run open like that. It may change more than the single dependency you updated, as some new version might match the dependency requirements for other things.

Yes that is exactly my process. I omit the lock file for deployment.

  1. Change the dependency in composer.json to 6.1
  2. Commit - push the changes
  3. Run composer update and install in deployment.
  4. Version 6.3 gets installed.

yes that is my process


I don’t think you should be omitting your lock file as a standard practice. And if you had at any point committed your lock file, and are not committing the changes to it now without explicitly removing it you will have an old version of things.

As noted in this answer the Composer documentation does recommend it

The composer documentation states on this (with emphasis):

Commit your application’s composer.lock (along with composer.json) into version control.

But I can’t see any reason any different version of WordPress would be installed if no lock file was there and you are using an exact version constraint

Because this is not my experience when testing. It works as expected. Maybe sharing the output of your commands and the exact values in composer.json

You also don’t want to be updating in the deployment as a standard practice either. And I don’t think you need to update and install (it should install everything on update iirc)

via https://stackoverflow.com/a/33052263/704765

When to install and when to update

  • composer update is mostly used in the ‘development phase’, to upgrade our project packages according to what we have specified in the composer.json file,
  • composer install is primarily used in the ‘deploying phase’ to install our application on a production server or on a testing environment, using the same dependencies stored in the composer.lock file created by composer update.
1 Like