1
0
Fork 0
composer/doc/faqs/why-are-unbound-version-con...

1.0 KiB

Why are unbound version constraints a bad idea?

A version constraint without an upper bound such as * or >=3.4 will allow updates to any future version of the dependency. This includes major versions breaking backward compatibility.

Once a release of your package is tagged, you cannot tweak its dependencies anymore in case a dependency breaks BC - you have to do a new release but the previous one stays broken.

The only good alternative is to define an upper bound on your constraints, which you can increase in a new release after testing that your package is compatible with the new major version of your dependency.

For example instead of using >=3.4 you should use ~3.4 which allows all versions up to 3.999 but does not include 4.0 and above. The ~ operator works very well with libraries follow semantic versioning.

Note: As a package maintainer, you can make the life of your users easier by providing an alias version for your development branch to allow it to match bound constraints.