Thanks to the ubiquity of Composer, a PHP application may depend on dozens of third-party packages, each of which will define their own dependencies. When an application is deployed and working as expected, it can be difficult to prioritize the development time for package updates with breaking changes, and you might find some dependencies have slipped a few major versions behind their current release. Nevertheless, even if all root dependencies are up to date, some packages inevitably become abandoned, drop version constraints, or add an incompatible dependency. The end result: upgrading to the latest PHP version (or other package) is blocked by a tangled web of interdependent version conflicts and incompatible vendor code.

Luckily for us, Composer is more than just `install`, `require`, and `update`, and we can use some of the lesser known functionality and behavior to untangle the web of conflicts and create forward-friendly migration path. We'll cover:

- Using the `depends`, and `prohibits` commands to understand package relationships
- Using forked repositories and branch aliases to provide a compatible version of a package
- Preventing unnecessary transitive dependencies from being installed and causing conflicts
- Upgrading to the latest version of a package, by using Rector to downgrading it to your PHP version


Comments are closed.

This was super cool to watch this composer / rector magic! Thanks for the live code demo and the use case explanation, I would have never thought of using rector to downgrade to save my bacon during some composer package drama. Amazing!

Joseph Lavin at 15:40 on 4 Nov 2023

Great slides. Great content. Engaging pace. Great job taking something really complicated and distilling it down.

Steve Grunwell at 16:07 on 4 Nov 2023

Putting aside my opinion that Andy’s one of the nicest people in the PHP community, this talk was fantastic. I’m working on a team doing a similar upgrade, and I picked up some new tricks that I can claim credit fo…err, share with my colleagues!

Jack Peterson at 16:52 on 6 Nov 2023

I've seen Andy work through the complex details of the 8.2 upgrade and I'm impressed with how well he articulated this complex process. If you have a large application that needs to be upgraded and you're running into issues getting there -- this is the talk to watch.