[RFC] New command to update minimum version in json to lock values

[linaori]

Currently I have a bash script (company internal) that syncs the values from the lock to the json. Say I have ^3.0.1 in my json, but I have actually installed 3.6.10, running this script would sync the value from the lock file, into the json, making it ^3.6.10. There's no point in composer having to check compatibility with versions lower than what I have installed whenever I update packages.

Would it be an idea to implement such a script to composer? If I'm correct, it should improve performance and memory usage, as the list of possible dependencies is smaller. Currently running an update in my symfony application doesn't even break 600MB usage with ~250 packages installed and all scripts running, where as others are reporting up to 1.5GB on memory usage.

[Seldaek]

I think it might be a good thing to have yes, the main problem I see is finding a good name that is clear enough in what it does ;)

[linaori]

As we have composer update --lock, what about a composer update --json?

[stof]

Well, modifying the composer.json file is a totally different work than running update

[localheinz]

Maybe composer synchronize or composer sync, then?

[linaori]

• composer optimize-dependencies
• composer optimize-json-dependencies
• composer optimize-requirements
• composer optimize-requires
• composer sync-minimum-requirements
• composer update-requires

[staabm]

uplift-requirements
uplift-baseline

[linaori]

I would like to add that it would be really nice to have to have a flag to the update command. Right now I have to do this:

$ composer update
$ update-requires # the custom bash script
$ composer update --lock

After the change, it would be:

$ composer update
$ composer <new-command-name>  # would adjust the lock file with the new hash

But it could be reduced to a single command to enhance user experience, perhaps even a setting to always do this, making it a no-brainer to have this behavior:

$ composer update --also-do-<new-command-name>

# or

$ composer config automatically-update-minimum-dependencies true --global 
$ composer update

[Toflar]

I too think it should be yet another composer update flag. It doesn't make sense to have it as a separate command to me. composer update --auto-raise-req?

[rob006]

composer outdated --update-json
composer outdated --update-json --minor-only

[curry684]

I too think it should be yet another composer update flag. It doesn't make sense to have it as a separate command to me.

Disagree, currently it is impossible for update and install to change the composer.json file. I think it should remain so, and definition-altering functionality should remain in directed commands.

composer outdated --update-json

Disagree as well, it's completely different functionality than outdated whose job it is to discover more recent versions of used packages, disregarding whether they could be used in the current setup.

I think it should just be composer optimize, as that's all we can safely do - optimize the constraints to be more restrictive than before on the bottom end, without limiting flexibility on the upper end of the version scale.

I wrote some more thoughts on this over at #7780 (comment)

[linaori]

Would it make sense to add a feature to the sat solving that reserves memory and when it detects an out-of-memory, free that and give the message to try composer optimize?

[curry684]

During SAT the lock is invalid by definition, so what would we base it on?

[linaori]

Simply giving a message to the end user that composer ran out of memory and they should try composer optimize before running the update command again

[curry684]

Ah yes sorry misread, agreed on that.

[curry684]

As demonstrated in #7780 (comment) and the comment below smart constraint optimization can not only reduce memory usage considerably, it can also make Composer over 30 times faster in real world cases.

Given that specific case - it would be awesome if we could also do some sort of detection of packages for which a ridiculous amount of versions had to be considered in the solver.

[Seldaek]

Got an implementation of this ready to try out:

• Add bump 👊🏻 command to bump requirements to the currently installed version #10829

[boesing]

or

$ composer config automatically-update-minimum-dependencies true --global 
$ composer update

I guess, no such option was added to composer.json, right?

I would really love to have this available for each project I am working on. I do not expect that a developer runs composer bump whenever a package is updated. It would feel better that, if composer update whatever/* is being executed, that all the minimum deps are bumped when a config flag is added to the composer.json.

This way, every maintainer can choose whether to add it to his library or to his project which consumes libraries.
I, on my side, would only add it to projects I work on as I would expect libraries to support as many versions as they can unless that means they have to spent too much time in doing so.

@Seldaek as you've implemented the bumper, do you have an idea how complex that would be to have something like this in the update and require commands as well (when called with -W)?

[stof]

@boesing see #10934 (comment)