Wordpress Version in composer.json is ignored

worldwideweber · August 15, 2023, 2:27pm

The Wordpress Version in composer.json is ignored.

EHLOVader · August 15, 2023, 2:51pm

You will want to re-require the dependency with the new version number. This is required when downgrading or upgrading because of the composer lock file I think.

composer require roots/wordpress:6.1 -W

The -W includes its child dependencies also which will be needed.

worldwideweber · August 16, 2023, 11:57am

currently there is no point in my deploment for composer require, but i will test this.

My expectation is, if in the composer.json “roots/wordpress”: “6.1” is required, that the version 6.1 get installed.

Or im wrong?

MWDelaney · August 16, 2023, 12:12pm

Can you describe your entire process?
Here’s how I would go about downgrading WordPress in Bedrock:

Adjust the version number in composer.json
Run composer update in my Bedrock directory to install and “lock” the new version.

EHLOVader · August 16, 2023, 2:37pm

You wouldn’t run composer require in your deployment, you would run it locally and commit the changes to the composer.lock and json file.

If you want to always install the latest version of what will match the composer.json just omit the lock file from your commits and deployment, but you are rolling the dice imho by doing that.

The lock file ensures that you and your colleagues will be working off of the exact same version of the dependencies whenever they run composer install, and that goes for your live server as well.

I agree that what @MWDelaney suggests would work also if you wanted to give that a try, but I am also wary of composer update run open like that. It may change more than the single dependency you updated, as some new version might match the dependency requirements for other things.

worldwideweber · August 17, 2023, 8:25am

Yes that is exactly my process. I omit the lock file for deployment.

Change the dependency in composer.json to 6.1
Commit - push the changes
Run composer update and install in deployment.
Version 6.3 gets installed.

worldwideweber · August 17, 2023, 8:30am

yes that is my process

EHLOVader · August 17, 2023, 2:16pm

Blockquote

I don’t think you should be omitting your lock file as a standard practice. And if you had at any point committed your lock file, and are not committing the changes to it now without explicitly removing it you will have an old version of things.

As noted in this answer the Composer documentation does recommend it

The composer documentation states on this (with emphasis):

Commit your application’s composer.lock (along with composer.json) into version control.

But I can’t see any reason any different version of WordPress would be installed if no lock file was there and you are using an exact version constraint

Because this is not my experience when testing. It works as expected. Maybe sharing the output of your commands and the exact values in composer.json

You also don’t want to be updating in the deployment as a standard practice either. And I don’t think you need to update and install (it should install everything on update iirc)

via https://stackoverflow.com/a/33052263/704765

When to install and when to update

composer update is mostly used in the ‘development phase’, to upgrade our project packages according to what we have specified in the composer.json file,

composer install is primarily used in the ‘deploying phase’ to install our application on a production server or on a testing environment, using the same dependencies stored in the composer.lock file created by composer update.