Thanks to the ubiquity of Composer, a PHP application may depend on dozens of third-party packages, each of which will define their own dependencies. When an application is deployed and working as expected, it can be difficult to prioritize the development time for package updates with breaking changes, and you might find some dependencies have slipped a few major versions behind their current release. Nevertheless, even if all root dependencies are up to date, some packages inevitably become abandoned, drop version constraints, or add an incompatible dependency. The end result: upgrading to the latest PHP version (or other package) is blocked by a tangled web of interdependent version conflicts and incompatible vendor code.
Luckily for us, Composer is more than just `install`, `require`, and `update`, and we can use some of the lesser known functionality and behavior to untangle the web of conflicts and create forward-friendly migration path. We'll cover:
- Using the `depends`, and `prohibits` commands to understand package relationships
- Using forked repositories and branch aliases to provide a compatible version of a package
- Preventing unnecessary transitive dependencies from being installed and causing conflicts
- Upgrading to the latest version of a package, by using Rector to downgrading it to your PHP version