Home/ Questions/Q 9134679
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T08:42:23+00:00

I’m using composer (in Symfony2 projects) and often get errors updating libraries. Many libraries

  • 0

I’m using composer (in Symfony2 projects) and often get errors updating libraries.

Many libraries (most to my experience) use dev-master as version for their dependencies (or worse they use * ).

Whenever something is committed to the master branch you get to update the library, and the chances of an API change are higher as time goes by. What today in master is version 1.2.1 tomorrow could be 1.2.7, with no harm, and become later 1.7 or 2.x with sure incompatibilities.

My questions are

  1. how did we get to this point? Is it a practice suggested from high profile sources?
  2. what can I/we do to sensibilize the authors to this subject?

or
am I mad?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You are not mad.

    1. It’s a chicken and egg issue, until people tag more, others can not require tagged releases.
    2. Nag everyone that has no tag or did not tag anything in six months (if the project is actively developed that is). I made an effort to tag all our bundles earlier this week, because I read a similar rant and I got reminded we still had only dev-master versions on most of them.

    The solution really is education, and I will try to help a bit by pushing for best practices in composer docs. Not everyone has much experience with package management and many people don’t realize how problematic this approach can be (until it’s too late), so it’s everyone’s job to help by reminding them.

    • 0