Managing Drupal Dependencies: Using Composer for Patch-Only Updates
Matt Glaman discusses the challenges of managing Composer dependency updates in Drupal and highlights the importance of restricting updates to patch versions. While performing maintenance, he encounters issues with the Honeypot module when a minor version update (2.1.3 to 2.2.0) causes unaccounted schema changes due to broader constraints (^2.0) in his 'composer.json'
file. He explains the use of the '--patch-only'
flag introduced in Composer 2.8.0, which ensures updates are limited to patch versions regardless of existing constraints. He updates the module from 2.1.3 to 2.1.4 without database conflicts using this flag. Matt plans to adjust his 'composer.json'
constraints by replacing ^
with ~
to restrict updates to specific major and minor versions, allowing only patch updates. He underscores the importance of continuous integration (CI) checks and thorough testing of dependency updates to prevent unexpected issues, referring readers to his related blog post on verifying Drupal configurations.
Source Reference
Disclosure: This content is produced with the assistance of AI.