This guide will help you upgrade Composer Update Helper to newer versions.
-
Update the package:
composer update nowo-tech/composer-update-helper
-
Review the CHANGELOG: Check CHANGELOG.md for breaking changes and new features.
-
Update your scripts (if needed): The
generate-composer-require.shscript is automatically updated during installation. If you have custom modifications, you may need to reapply them.
Maintainer/CI hygiene only. Package behavior for consumers is unchanged.
- Contributors should run
make setup-hooksonce per clone so.githooks/commit-msgstrips Cursor co-author trailers. - CI enforces clean history via the
git-hygienejob (docs/GITHUB_CI.md).
- Update the package:
composer update nowo-tech/composer-update-helper(optional for consumers; no runtime changes). - Contributors:
make setup-hooksandmake check-no-cursor-coauthor.
No Breaking Changes for package consumers.
- PHP
>=8.1 <8.6required: Upgrade your runtime before updating the package. PHP 7.4 and 8.0 are no longer supported.
-
Wrapper auto-update is opt-in: The plugin no longer silently overwrites a customized
generate-composer-require.shoncomposer update. By default, if your local wrapper differs from the package copy, Composer prints a comment with MD5 hashes and keeps your file.To allow automatic overwrite again, add to your project's
composer.json:{ "extra": { "composer-update-helper": { "auto_update_wrapper": true } } } -
Development tooling: Maintainers and contributors can run
make release-check(PHP-CS-Fixer, Rector dry-run, PHPStan, PHPUnit with coverage).
- Confirm PHP
>=8.1on your machine and CI. - Update the package:
composer update nowo-tech/composer-update-helper. - If you customized
generate-composer-require.sh, decide whether to keep your version or enableauto_update_wrapper. - Review new docs: INSTALLATION.md, SECURITY.md.
| Change | Action |
|---|---|
| PHP >=8.1 required | Upgrade PHP before updating the package |
| Wrapper overwrite opt-in | Set auto_update_wrapper: true if you want silent updates |
This release simplifies command display by removing clickable functionality that wasn't working reliably across all terminals.
Changed:
- Simplified Command Display: Commands now display normally with 📋 icon
- Removed OSC 8 hyperlink codes for better compatibility
- Commands remain fully selectable and copyable
- Works consistently across all terminal emulators
- Updated hint message for clarity
No Breaking Changes: This is a compatibility improvement with no breaking changes.
This release significantly enhances grouped package installation by automatically searching for solutions and providing maintainer contact information when needed. It also improves command copying with clickable links and comprehensive help documentation.
New Features:
- Automatic Solution Search for Grouped Packages: When grouping packages, the system now automatically searches for compatible versions of installed packages that cause conflicts
- Checks if installed packages need updates to support grouped packages
- Searches for newer compatible versions automatically
- Includes compatible versions in grouped commands automatically
- Example: If
a2lix/auto-form-bundle:1.0.0conflicts with grouped packages, searches fora2lix/auto-form-bundle:1.1.0that supports them
- Maintainer Contact Suggestions: When no automatic solution is available, provides maintainer contact information
- Identifies packages needing maintainer updates
- Fetches maintainer emails and repository URLs
- Provides issue creation links when available
- Actionable guidance on contacting maintainers
- Copy-Friendly Command Display: Enhanced command output for easier copying
- 📋 icon indicates copyable commands
- Clickable commands in modern terminals (OSC 8 hyperlink support)
- Helpful hint messages
- Works in all terminals (with fallback for older ones)
- Comprehensive Help Documentation: Updated help files with all features
- Documents 8 conflict resolution features
- Documents 5 output features
- Explains all supported scenarios
Changed:
- Enhanced Grouped Package Resolution: More proactive in finding solutions
- Searches for compatible installed package versions before suggesting grouped commands
- Provides maintainer contact information when needed
- Better success rate for grouped installations
No Breaking Changes:
- No breaking changes in this release
- All existing functionality remains unchanged
- New features are automatically enabled
Migration Steps:
- No migration steps required
- Simply update to the new version and the features will be available
This release adds support for suggesting grouped package installations when multiple packages are filtered by conflicts, helping users discover that installing packages together can sometimes resolve conflicts that individual installations cannot.
New Features:
- Grouped Package Installation Suggestions: When multiple packages are filtered by conflicts, suggests installing them together
- Sometimes Composer can resolve conflicts better when multiple packages are installed simultaneously
- Automatically groups filtered packages (2 or more) into a single
composer requirecommand - Example: When
rector/rector:2.3.4andphpstan/phpstan:2.1.36are both filtered, suggests:🔧 Suggested commands (try installing together - Composer may resolve conflicts better): composer require --dev rector/rector:2.3.4 phpstan/phpstan:2.1.36 --with-all-dependencies - Helps users discover that installing packages together can sometimes resolve conflicts
- Works automatically - no configuration needed
No Breaking Changes:
- No breaking changes in this release
- All existing functionality remains unchanged
- New feature is automatically enabled
Migration Steps:
- No migration steps required
- Simply update to the new version and the feature will be available
This release significantly improves conflict resolution by automatically detecting when dependent packages can be updated to support proposed package updates. It also provides better explanations when no automatic solutions are available.
New Features:
- Dependent Package Update Detection: Automatically detects when conflicting dependent packages have newer versions that support the proposed update
- When a package update conflicts with a dependent package, the system now checks if the dependent package has a newer version that supports the proposed update
- If found, both packages are included in the same update command
- Example scenario:
- Trying to update:
zircote/swagger-php:6.0.2 - Conflicts with:
nelmio/api-doc-bundle(installed:5.9.2) requiringzircote/swagger-php:^4.11.1 || ^5.0 - System detects:
nelmio/api-doc-bundle:6.0.0requireszircote/swagger-php:^6.0 - Suggested command:
composer require --with-all-dependencies zircote/swagger-php:6.0.2 nelmio/api-doc-bundle:6.0.0
- Trying to update:
- Reduces manual intervention and provides actionable solutions
- Works automatically - no configuration needed
- Edge Cases Documentation: Comprehensive documentation for scenarios where no compatible versions are available
- New section in
UPDATE_CASES.md(Case #20) explaining edge cases - Documents real-world examples and provides guidance on manual resolution strategies
- Helps users understand when and why automatic solutions aren't available
- New section in
Changed:
- Enhanced Conflict Resolution Flow: Improved conflict resolution strategy with better ordering
- Now checks dependent packages for compatible versions first
- Falls back to searching for compatible older versions if no dependent updates found
- Provides more comprehensive solutions before suggesting alternatives
- Improved Output Messages: Enhanced messages to better explain why no automatic solution is available
- When no compatible versions of dependent packages are found, shows clear explanation
- Displays which dependent packages were checked and what constraints they require
- Explains that all available versions require incompatible constraints
- Example output:
ℹ️ No compatible versions of dependent packages found: - nelmio/api-doc-bundle: No version found that supports zircote/swagger-php:6.0.2 (All available versions require: ^4.11.1 || ^5.0) - Helps users understand why updates are filtered and what they can do about it
- No action required: This is an automatic enhancement to conflict resolution
- Better conflict resolution: You'll now see more actionable suggestions when conflicts occur
- Automatic detection: The system automatically detects compatible dependent package versions - no manual configuration needed
- Clearer explanations: When no automatic solution is available, you'll see detailed explanations about why and what you can do
- Edge cases guidance: See
UPDATE_CASES.mdCase #20 for detailed information about scenarios where no compatible versions exist
- None
This release significantly improves abandoned package detection to provide comprehensive visibility into all abandoned packages in your project.
New Features:
- Comprehensive Abandoned Package Detection: Now detects abandoned packages for ALL installed packages, not just outdated ones
- New section "All abandoned packages installed:" appears before dependency analysis
- Shows all abandoned packages from your
composer.json(bothrequireandrequire-dev) - Includes replacement package information when available
- Separates packages by prod/dev labels for clarity
- Example output:
⚠️ All abandoned packages installed: - old-package:1.0.0 (prod) (⚠️ Package is abandoned, replaced by: new-package/name) - deprecated-lib:2.5.0 (dev) (⚠️ Package is abandoned)
- Enhanced Detection for Outdated Packages: Improved to check ALL outdated packages for abandoned status
- Previously only checked packages with dependency conflicts
- Now checks all outdated packages regardless of conflicts
- Provides more complete picture of package maintenance status
Changed:
- Detection Flow: Restructured to check abandoned status at two points:
- All installed packages (before dependency analysis)
- Outdated packages (during dependency analysis)
- Avoids duplicate detection
- Better organization of information in output
- Fixed save-impact-to-file configuration: When
save-impact-to-file: trueis set in YAML, automatically enablesshow-impact-analysisto ensure data is generated
Fixed:
- Impact analysis file location: Fixed issue where
composer-update-impact.txtwas saved in the current working directory instead of the script's directory- Now saves the file in the same directory where the script is located
- Example: If script is in
/usr/src/app/symfony/generate-composer-require.sh, file is saved to/usr/src/app/symfony/composer-update-impact.txt - Ensures the file is always generated next to the script, regardless of where the command is executed from
- No action required: These are enhancements to existing functionality
- New output section: You'll now see "All abandoned packages installed:" section at the beginning of the output
- More comprehensive information: You'll get visibility into all abandoned packages, not just those with conflicts or updates available
- None
This release adds command-line options configuration in YAML and extends wildcard dependency checking. See CHANGELOG.md for complete details.
New Features:
- Command-line options configuration in YAML: Configure default values for all command-line options in
generate-composer-require.yaml- Set your preferred defaults once, then override them when needed via command-line arguments
- Available options:
show-release-info,show-release-detail,show-impact-analysis,save-impact-to-file,verbose,debug - Example: Set
show-release-info: truein YAML to always show release info by default - Command-line arguments always override YAML configuration
- See Configuration Guide for complete details
- Wildcard Dependency Checking: Extended dependency conflict detection to support wildcard constraints (
^,~,*)- Previously, dependency checking was skipped for packages with wildcard constraints
- Now properly validates wildcard constraints against dependent package requirements
- Improves conflict detection accuracy for framework constraints and version ranges
Changed:
- Improved type hints: Better type safety with union types in PHPDoc for
ConfigLoader::readConfigValue()- PHPDoc uses
string|int|float|bool|nullunion types for better IDE support - Code remains compatible with PHP 7.4+ (union types only in documentation)
- More specific than generic
mixedtype
- PHPDoc uses
- No action required: These are new features that enhance existing functionality
- YAML configuration for command-line options (optional): You can now set default values for command-line options in your
generate-composer-require.yaml:# Set defaults for command-line options show-release-info: true # Always show release info by default show-impact-analysis: true # Always show impact analysis by default verbose: false # Don't show verbose output by default
- Command-line arguments always override YAML configuration
- Example: If you set
show-release-info: truein YAML but run./generate-composer-require.sh --no-release-info, release info will be disabled for that run
- Wildcard dependency checking: Now works automatically for all constraint types (
^,~,*). No configuration needed.
- None
This release adds several new features to help resolve dependency conflicts and provide better guidance when automatic solutions aren't available. See CHANGELOG.md for complete details.
New Features:
- Command-line options configuration in YAML: Configure default values for all command-line options in
generate-composer-require.yaml- Set your preferred defaults once, then override them when needed via command-line arguments
- Available options:
show-release-info,show-release-detail,show-impact-analysis,save-impact-to-file,verbose,debug - Example: Set
show-release-info: truein YAML to always show release info by default - Command-line arguments always override YAML configuration
- See Configuration Guide for complete details
- Wildcard Dependency Checking: Extended dependency conflict detection to support wildcard constraints (
^,~,*)- Previously, dependency checking was skipped for packages with wildcard constraints
- Now properly validates wildcard constraints against dependent package requirements
- Improves conflict detection accuracy for framework constraints and version ranges
- Conflict Impact Analysis: Analyzes which packages would be affected when updating conflicting packages
- Shows direct and transitive affected packages
- Optional feature: Use
--show-impactor--impactflag to enable (disabled by default to reduce verbosity) - Save to file: Use
--save-impactflag to save analysis tocomposer-update-impact.txt(automatically added to.gitignore) - Provides complete dependency chain visualization
- Outdated packages count: Shows summary of total outdated packages found
- Displays:
✅ Found X outdated package(s) - Automatically shown when packages are found
- Displays:
- Abandoned Package Detection: Automatically detects and warns about abandoned packages
- Detects abandoned packages for all installed packages (not just outdated ones)
- Shows comprehensive list of all abandoned packages before dependency analysis
- Also detects abandoned status for outdated packages during conflict analysis
- Fallback Version Suggestions: Suggests compatible older versions when conflicts are detected
- Alternative Package Suggestions: Suggests alternative packages when updates are blocked
- Maintainer Contact Suggestions: Provides maintainer contact information when manual intervention is needed
- Modular Architecture: Refactored code into modular classes for better maintainability
- No action required: These are new features that enhance existing conflict detection
- YAML configuration for command-line options (optional): You can now set default values for command-line options in your
generate-composer-require.yaml:# Set defaults for command-line options show-release-info: true # Always show release info by default show-impact-analysis: true # Always show impact analysis by default verbose: false # Don't show verbose output by default
- Command-line arguments always override YAML configuration
- Example: If you set
show-release-info: truein YAML but run./generate-composer-require.sh --no-release-info, release info will be disabled for that run
- All new features are automatic and require no configuration (except impact analysis which requires
--show-impactflag) - Abandoned package detection, fallback suggestions, and alternative packages appear automatically when conflicts are detected
- Impact analysis is optional: By default, impact analysis is disabled to reduce output verbosity. Use
--show-impactflag if you need detailed impact information - Save impact to file: Use
--save-impactflag to save impact analysis to a text file for later review or documentation. The filecomposer-update-impact.txtis automatically added to.gitignore - Wildcard dependency checking: Now works automatically for all constraint types (
^,~,*). No configuration needed.
- None
Note: For detailed information about all changes, see CHANGELOG.md.
- Update Cases and Scenarios documentation: New comprehensive documentation explaining all update scenarios
- Complete guide to all supported cases (see UPDATE_CASES.md for current count)
- Documentation of partially supported and not-yet-supported scenarios
- Manual intervention guidance for contacting package maintainers
- Implementation Roadmap: Detailed action plan for implementing not-yet-supported features
- Prioritized implementation plan ordered by complexity and feasibility
- Complete timeline and effort estimates for future features
- Translation requirements for all 31 supported languages
Note: The number of fully supported cases has increased to 13 in version 2.0.22+ with the addition of Abandoned Package Detection, Alternative Package Suggestions, and Maintainer Contact Suggestions.
- Improved dependency conflict messages: Enhanced clarity of dependency conflict messages
- Conflict messages now explicitly show which package requires which version constraint
- Example: Instead of
(conflicts with 1 package: lexik/jwt-authentication-bundle (^1.2)), you'll now see(conflicts with 1 package: lexik/jwt-authentication-bundle requires rector/rector ^1.2) - Makes it much easier to understand why a package update is being filtered and what needs to be updated
- No action required: This is a UX improvement with no functional changes
- The conflict detection logic remains the same, only the message format has been improved
- None
- Output alignment in dependency analysis section: Fixed vertical alignment issue in the dependency conflict analysis output
- The "Filtered by dependency conflicts" and "Packages that passed dependency check" header lines now have consistent alignment
- Improved visual consistency across all output sections
- Better readability of dependency analysis results
- No action required: This is a visual formatting fix with no functional changes
- None
- Extended language support: 20 additional languages are now fully implemented (10 high-priority + 10 medium-priority)
- High-priority: Dutch (nl), Czech (cs), Swedish (sv), Norwegian (no), Finnish (fi), Turkish (tr), Chinese (zh), Japanese (ja), Korean (ko), Arabic (ar)
- Medium-priority: Hungarian (hu), Slovak (sk), Ukrainian (uk), Croatian (hr), Bulgarian (bg), Hebrew (he), Hindi (hi), Vietnamese (vi), Indonesian (id), Thai (th)
- Complete translations for PHP scripts, Bash scripts, and help files
- All languages are ready for use in production
- Total of 31 fully supported languages: English (en) 🇬🇧 🇺🇸, Spanish (es) 🇪🇸, Portuguese (pt) 🇵🇹 🇧🇷, Italian (it) 🇮🇹, French (fr) 🇫🇷, German (de) 🇩🇪 🇦🇹, Polish (pl) 🇵🇱, Russian (ru) 🇷🇺, Romanian (ro) 🇷🇴, Greek (el) 🇬🇷, Danish (da) 🇩🇰, Dutch (nl) 🇳🇱 🇧🇪, Czech (cs) 🇨🇿, Swedish (sv) 🇸🇪, Norwegian (no) 🇳🇴, Finnish (fi) 🇫🇮, Turkish (tr) 🇹🇷, Chinese (zh) 🇨🇳 🇹🇼, Japanese (ja) 🇯🇵, Korean (ko) 🇰🇷, Arabic (ar) 🇸🇦 🇪🇬, Hungarian (hu) 🇭🇺, Slovak (sk) 🇸🇰, Ukrainian (uk) 🇺🇦, Croatian (hr) 🇭🇷, Bulgarian (bg) 🇧🇬, Hebrew (he) 🇮🇱, Hindi (hi) 🇮🇳, Vietnamese (vi) 🇻🇳, Indonesian (id) 🇮🇩, Thai (th) 🇹🇭
- Dependency checking feature promoted to production: The
check-dependenciesfeature is now considered production-ready- All "development mode" warnings have been removed
- Feature has been thoroughly tested and is stable
- Recommended for all users (enabled by default)
- Comprehensive dependency conflict detection, including transitive dependencies and
self.versionconstraints - Full support for both
requireandrequire-devdependency detection
- Script architecture refactoring: Main script is now more lightweight
- Created
script-helper.shin vendor to contain complex helper functions - Reduced main script from ~502 lines to ~240 lines (52% reduction)
- All complex logic moved to vendor helper, keeping the main script minimal
- Helper script remains in vendor; only
generate-composer-require.shis copied to project root
- Created
- Improved output formatting: Enhanced dependency conflict display
- Fixed double line break after "Processing packages" message
- Fixed spacing around emoji numbers in filtered packages section
- Enhanced conflict information: now shows the number of packages with conflicts (e.g., "conflicts with 1 package" or "conflicts with 2 packages")
- Better visual formatting for dependency conflict analysis section
- Documentation enhancements: Improved visual presentation of language support
- Added country flag emojis to all language listings in documentation (README.md, CHANGELOG.md, UPGRADING.md, CONFIGURATION.md)
- Languages with multiple countries now display all relevant flags (e.g., English 🇬🇧 🇺🇸 🇨🇦 🇦🇺, Spanish 🇪🇸 🇲🇽 🇦🇷 🇨🇴)
- Makes language selection more intuitive and visually appealing
- All 31 languages are now fully implemented and documented with their respective flags
- Documentation reorganization: Improved README structure and organization
- Reduced README.md from ~700 to 240 lines (66% reduction) for better readability
- Created dedicated documentation files in
docs/directory:CONFIGURATION.md- Complete configuration guide (package configuration, language settings, dependency checking)USAGE.md- Comprehensive usage guide (all options, release information, environment variables)FRAMEWORKS.md- Framework support details (Symfony, Laravel, Yii, CakePHP, Laminas, CodeIgniter, Slim)DEVELOPMENT.md- Development setup and CI/CD guide (Docker, testing, make commands)
- README.md now focuses on essential information with links to detailed documentation
- Better organization makes it easier to find specific information
- All documentation is now properly categorized and cross-referenced
- i18n synchronization: Fixed help messages and debug messages not synchronizing with language configuration
- Help messages (
--help) now correctly detect and use the language defined ingenerate-composer-require.yaml - Debug messages now correctly synchronize with the configured language
- The system now detects the configuration file before initializing translations
- Ensures consistent language usage across all script output (help, debug, regular messages)
- Help messages (
- Test compatibility: Updated
ScriptTest.phpto match refactored script structure- Updated assertions to check for
PROCESSOR_PATHSinstead ofPROCESSOR_PHP - Updated path assertion to match new script structure
- Updated assertions to check for
- Implicitly nullable parameters: Fixed PHP deprecation warnings
- All nullable parameters are now explicitly declared using
?typeormixed - Improves compatibility with modern PHP static analysis tools
- Eliminates deprecation warnings in IDEs like VS Code with Intelephense
- All nullable parameters are now explicitly declared using
- PHPUnit configuration compatibility: Fixed PHPUnit warnings for PHPUnit 10/11 compatibility
- Removed deprecated
<filter><whitelist>element fromphpunit.xml.dist - Updated schema from PHPUnit 9.6 to PHPUnit 11.5
- Separated PHPUnit configuration into two files:
phpunit.xml.dist: Main configuration without coverage section (used bycomposer test)phpunit.coverage.xml.dist: Configuration with coverage section (used bycomposer test-coverage)
- PHPUnit 11 compatibility: Updated coverage configuration to use modern PHPUnit 11 structure
- Moved
<include>directive from<coverage>to<source>tag (PHPUnit 11 requirement) - Removed deprecated
processUncoveredFilesattribute from both configuration files
- Moved
- Fixed "No filter is configured, code coverage will not be processed" warning
- Tests and coverage now run cleanly in Docker environment without warnings
- Verified: 132 tests passing, 99.58% line coverage (478/480 lines), 90.91% method coverage (20/22 methods)
- Removed deprecated
- Code coverage command: Updated
composer test-coverageto use dedicated configuration file- Now uses
--configuration=phpunit.coverage.xml.distto load coverage-specific configuration - Prevents PHPUnit warnings about missing filter configuration
- Ensures consistent coverage report generation
- Coverage configuration is now isolated in a separate file for better maintainability
- Verified in Docker: Coverage reports generate correctly with HTML and Clover XML formats
- Now uses
- Code quality: Enhanced type safety and modern PHP standards compliance
- Better type hints throughout the codebase
- Improved static analysis compatibility
- No action required: The feature remains enabled by default
- If you previously disabled it due to development mode warnings, you can safely re-enable it
- The feature is now fully supported and recommended for production use
- Language support: All 31 languages are now fully available. You can use any of the supported languages by setting
language: {code}in yourgenerate-composer-require.yamlfile. - i18n usage: To use translations, add
language: es(or other supported code) to yourgenerate-composer-require.yaml:# Language for output messages # Supported: en, es, pt, it, fr, de, pl, ru, ro, el, da, nl, cs, sv, no, fi, tr, zh, ja, ko, ar, hu, sk, uk, hr, bg, he, hi, vi, id, th (31 languages) # If not set, will auto-detect from system (LANG, LC_ALL, LC_MESSAGES) # Default: en (English) # ⚠️ WARNING: i18n feature is currently in DEVELOPMENT MODE language: es
- Debug mode: Use
--debugflag to see detailed i18n information:This will show:./generate-composer-require.sh --debug
- Detected language
- Translation function availability
- Loaded translations count
- Test translations
- i18n synchronization: Help messages (
--help) and debug messages now correctly synchronize with the language defined ingenerate-composer-require.yaml- The system now detects the configuration file before initializing translations
- Help messages will display in the configured language
- Debug messages will use the configured language
- All script output is now consistently translated based on your configuration
- Code coverage: 99.58% line coverage (478/480 lines), 90.91% method coverage (20/22 methods)
- None
- Dependency conflict detection order: Critical fix where the system now correctly verifies dependent package constraints before checking package requirements
- Versions that don't satisfy dependent package constraints are now correctly rejected
- This prevents suggesting incompatible updates that would fail during installation
- Example:
phpdocumentor/reflection-docblock:6.0.0is now correctly filtered when dependent packages require^5.6or^5.0
- Dependency detection in require-dev: Fixed issue where dependencies in
require-devsections were not being detected- The system now finds all dependent packages, regardless of whether they're in production or development dependencies
- Enhanced conflict information: Filtered packages now show which dependent packages cause the conflict
- You'll now see messages like:
package:version (prod) (conflicts with: dependent1 (^1.0), dependent2 (^2.0)) - This makes it much easier to understand why a package is being filtered
- You'll now see messages like:
- Output formatting improvements: Multiple enhancements for better readability
- Standardized spacing before emojis throughout the output
- Consistent indentation across all sections (framework constraints, ignored packages, dependency analysis)
- Visual enhancement: Package counts now use emoji numbers (1️⃣, 2️⃣, 3️⃣, etc.) for better visibility
- Example:
⚠️ 2️⃣ Filtered by dependency conflicts:makes it easier to quickly identify the number of filtered packages
- Debug logging: Added comprehensive debug messages for better troubleshooting
- Includes detailed information about conflict detection and tracking
- Shows which dependent packages cause conflicts for each filtered package
- No action required: These are bug fixes that improve accuracy
- If you notice packages are now being filtered that weren't before, it's because the system is now correctly detecting conflicts
- The enhanced conflict information will help you understand what needs to be updated
- None
- Transitive dependency update suggestions: When packages are filtered due to dependency conflicts, the system now automatically suggests updating the required transitive dependencies
- The system detects when a package requires a newer version of a transitive dependency (e.g.,
spomky-labs/otphp:^11.4when11.3.0is installed) - The system also detects
self.versionconstraints (e.g.,scheb/2fa-emailrequiringscheb/2fa-bundle: self.version) - Suggested commands now include both transitive dependencies and filtered packages in a single command
- This makes it much easier to resolve dependency conflicts
- The system detects when a package requires a newer version of a transitive dependency (e.g.,
- Enhanced output messages: More precise messages explaining why no packages are available for update
- Improved dependency conflict resolution: Commands now automatically include all related packages
- Previously, you might need to update transitive dependencies manually
- Now, the suggested commands include everything needed in one go
- Code improvements: Internal refactoring for better maintainability (no user-facing changes)
- No action required: These are enhancements that improve the dependency conflict resolution workflow
- When you see dependency conflicts, you'll now get actionable commands that include all necessary updates
- Simply run the suggested commands to resolve conflicts
- None
- Code coverage threshold: CI/CD coverage requirement adjusted from 100% to 99%
- This change is internal and does not affect functionality
- Reflects best practices for defensive code that cannot be easily tested
- Dead code elimination: Removed unreachable code paths
- No functional impact
- Improves code maintainability
- No action required: This is an internal improvement with no user-facing changes
- Duplicate command output: Fixed issue where suggested composer commands appeared twice in the output
- Commands now appear only once in the suggested commands section
- This improves output clarity and readability
- No action required: This is a bug fix that improves output clarity
- Existing functionality remains unchanged
- The
--runflag continues to work as expected
- None
- CI/CD coverage threshold: Code coverage requirement lowered from 100% to 90%
- This is a CI/CD configuration change only, no functional changes
- Current coverage: 92.36% (exceeds the new minimum requirement)
- All existing functionality remains unchanged
- No action required: This change only affects CI/CD pipeline validation
- No changes to package functionality or API
- Tests continue to validate code quality
- None
- Migration logic improvement: Migration now correctly preserves user-defined packages in YAML configuration
- If you have both TXT and YAML files with different packages, the YAML will be preserved
- The TXT file will remain until you manually merge the packages or delete it
- This ensures your custom configuration is never overwritten during migration
- No action required: This is a bug fix that improves migration safety
- If you have both TXT and YAML files, the YAML configuration will be preserved
- You can manually merge packages from TXT to YAML if needed, or delete the TXT file
- None
- Output formatting refactored: All output formatting is now done in PHP processor
- Shell script is now even lighter (283 lines vs 396 lines)
- All formatting logic centralized in PHP for better maintainability
- Same output and functionality, just better organized
- No action required: The refactoring is transparent to users
- Output format remains exactly the same
- All features work identically
- None
- Script auto-update: The
generate-composer-require.shscript is now automatically updated when you runcomposer update- Previously, the script was only installed on first installation (
composer install) - Now, the script is compared using MD5 hash and updated if content differs on both
composer installandcomposer update - This ensures you always have the latest version of the script
- Previously, the script was only installed on first installation (
- Refactored architecture: The script has been split into a lightweight wrapper and a PHP processor
- The script in your repo is now lighter (~396 lines vs ~971 lines, 59% reduction)
- Complex logic is now in
vendor/nowo-tech/composer-update-helper/bin/process-updates.php(~622 lines) - The script automatically detects and uses the PHP processor
- No manual configuration needed
- No action required: The script will be automatically updated on your next
composer update - If you have custom modifications to the script, they will be overwritten
- Consider committing your customizations to a separate script or fork if needed
- The refactoring is transparent to users - the script automatically detects the PHP processor in vendor
- If you encounter issues, ensure
composer installhas been run - The script will show a clear error message if the PHP processor is not found
- None - fully backward compatible
- Improved debug messages: Debug and verbose modes now provide clearer messages when no packages are found
- Helps identify when packages are commented out in YAML configuration
- Makes troubleshooting configuration issues easier
- YAML configuration clarification: README now explicitly explains that only uncommented packages are read
- Lines starting with
#are treated as comments and ignored - Examples show the difference between commented and uncommented packages
- Lines starting with
No action required: This is a documentation and messaging improvement. Existing configurations continue to work as before.
- Verbose and Debug modes: New
-v, --verboseand--debugoptions for troubleshooting- Use
--verboseor-vto see detailed information about configuration files and packages - Use
--debugfor very detailed debug information (includes verbose mode) - All debug/verbose output is sent to stderr to avoid interfering with normal output
- Use
- Support for
.ymlextension: You can now use either.yamlor.ymlfor configuration files- Priority:
.yamlfirst, then.yml, then.txt(backward compatibility) - Allows users to use either extension based on their preference
- Priority:
- Configuration file location: Script now searches for configuration files in the current directory (where
composer.jsonis located)- Previously searched in the script's directory (
$(dirname "$0")) - Now searches in the current working directory (where the script is executed)
- This ensures configuration files are found correctly regardless of script location
- Previously searched in the script's directory (
- Release information default behavior: Release information is now disabled by default
- If you were relying on release information being shown automatically, you now need to use
--release-infoor--release-detail - This improves performance by default (no API calls are made)
- Use
--release-infoto show summary with release and changelog links - Use
--release-detailto show full release changelog
- If you were relying on release information being shown automatically, you now need to use
- Configuration file reading: Fixed issue where script couldn't find YAML files in the project directory
- Script now correctly searches in the current directory instead of script directory
- Resolves issues where configuration files weren't being read properly
- Migration verification: Fixed issue where migration verification failed when YAML had packages in
includesection- Migration now correctly compares only
ignoresection with TXT content - TXT file is now properly deleted after successful migration
- Migration now correctly compares only
- No action required: Existing configuration files will continue to work
- File location: If your configuration file is in the script directory, move it to the project root (where
composer.jsonis) - Extension: You can rename
.yamlto.ymlif preferred (both are supported)
- If you use release information: Add
--release-infoor--release-detailflag to your commands- Example:
./generate-composer-require.sh --release-info - Example:
./generate-composer-require.sh --run --release-detail
- Example:
- Verification: Complete verification of YAML include/ignore functionality
- Utility scripts: New utility scripts in
tests/directory for development and testing
- Documentation improvements: Enhanced README.md with better release information documentation
- YAML template: Updated comments for clarity
No action required: This is a documentation and utility scripts release. No configuration changes needed.
- Package inclusion: New
includesection ingenerate-composer-require.yaml- You can now force include packages even if they are in the
ignorelist - The
includesection has priority over theignoresection - Useful for fine-grained control over which packages to update
- You can now force include packages even if they are in the
Example configuration:
ignore:
- symfony/* # Ignore all Symfony packages
include:
- symfony/security-bundle # But force include this one- YAML parsing: Enhanced reading of YAML configuration files
- Better handling of inline comments (e.g.,
- package/name # comment) - Support for different indentation levels
- More robust section detection
- Improved handling of empty lines and comment-only lines
- Better handling of inline comments (e.g.,
No action required: Existing configurations will continue to work. The new include section is optional.
- Migration verification: Migration now verifies that packages were correctly migrated before deleting the old
.ignore.txtfile- Compares packages from TXT and YAML files to ensure data integrity
- Only deletes TXT file if migration is verified as correct
- Shows warning if verification fails and preserves TXT file for safety
.gitignorebehavior:.shand.yamlfiles are no longer added to.gitignore- These files should be committed to the repository for team collaboration
- Plugin now removes old
.ignore.txtentries from.gitignoreif they exist - Plugin also removes
.shand.yamlentries if they were previously added (cleanup)
- Migration is now safer with verification step
- Files should be committed to repository (not ignored)
- Old
.gitignoreentries are automatically cleaned up
- Improved migration logic: Migration now works even if YAML file already exists
- Previously, migration only occurred if YAML didn't exist
- Now migrates if YAML exists but is empty or contains only template (no user packages)
- Prevents data loss: won't overwrite YAML files with user-defined packages
- If you updated to v2.0.1 and migration didn't occur, updating to v2.0.2 will trigger migration
- Safe migration: The plugin detects if YAML is empty or template-only before migrating
- Data protection: If YAML has user-defined packages, migration is skipped to prevent data loss
- Automatic retry: If migration didn't happen in v2.0.1, it will work in v2.0.2
- Automatic cleanup: The old
.ignore.txtfile is now automatically deleted after successful migration to.yamlformat- No manual cleanup required
- Ensures clean migration without leftover files
- Configuration file format changed from TXT to YAML
- Old format:
generate-composer-require.ignore.txt - New format:
generate-composer-require.yaml - This is a breaking change in format, but migration is automatic
- Old format:
- YAML configuration format: More structured and extensible configuration file
- Automatic migration: Existing
.ignore.txtfiles are automatically migrated to.yamlformat - Backward compatibility: The script still supports reading old TXT format if YAML doesn't exist
-
Update the package:
composer update nowo-tech/composer-update-helper
-
Automatic migration: If you have an existing
generate-composer-require.ignore.txtfile, it will be automatically migrated togenerate-composer-require.yamlduring the update.- v2.0.2+: Migration works even if YAML already exists (if YAML is empty or template-only)
- Migration is skipped if YAML has user-defined packages (to prevent data loss)
-
Verify the migration:
# Check that the new YAML file exists cat generate-composer-require.yaml -
Automatic cleanup: The old
.ignore.txtfile is automatically deleted after successful migration (in v2.0.1+) -
The script will now use the YAML file automatically. No changes needed to your workflow.
Old format (TXT):
# Packages to ignore
doctrine/orm
symfony/security-bundleNew format (YAML):
# Composer Update Helper Configuration
ignore:
- doctrine/orm
- symfony/security-bundle- Your existing ignore list is preserved
- The new
.yamlfile is created with your packages migrated (or updated if empty/template-only) - The old
.ignore.txtfile is automatically deleted after successful migration (v2.0.1+) - The script automatically uses the YAML file if it exists
.gitignoreis updated to include the new YAML file and remove the old TXT entry- v2.0.2+: Migration works even if YAML exists, but only if YAML is empty or template-only (protects user data)
- Help option: The script now includes a
--helpor-hflag to display comprehensive usage information- Shows all available options, examples, and framework support details
- Works without requiring Composer to be installed
- Optimized emoji handling: Emojis are now defined as variables at script initialization
- Reduces script size and improves execution performance
- Better maintainability
- None
-
Update the package:
composer update nowo-tech/composer-update-helper
-
Try the new help option:
./generate-composer-require.sh --help
-
No other changes required - the script is fully backward compatible
- Release Information: The script can show GitHub release links and changelogs when requested.
- Use
--release-infoto show summary (package, release link, changelog link) - Use
--release-detailto see full changelog details - Use
--no-release-infoto explicitly skip release information (default behavior) - Note: In v2.0.7+, release information is disabled by default for better performance
- Use
- None
-
Update the package:
composer update nowo-tech/composer-update-helper
-
Test the new release information feature:
./generate-composer-require.sh
-
If you want to skip release information (old behavior):
./generate-composer-require.sh --no-release-info
- PHPUnit updated to 11.0
-
Update the package:
composer update nowo-tech/composer-update-helper
-
Update your test suites to be compatible with PHPUnit 11.0
- Multi-framework support added
- Framework version constraints are now automatically detected
-
Update the package:
composer update nowo-tech/composer-update-helper
-
The script will automatically detect your framework and respect version constraints
-
No manual configuration needed
If the script is missing after upgrading:
composer installThis will reinstall the script files.
If you get permission errors:
chmod +x generate-composer-require.shIf you've modified the script and it conflicts with the new version:
-
Backup your custom script:
cp generate-composer-require.sh generate-composer-require.sh.backup
-
Reinstall the package:
composer reinstall nowo-tech/composer-update-helper
-
Reapply your custom modifications if needed
If you encounter issues during upgrade: