Mgr: composer require. That's all you're allowed to do. I want you to manually go through our word press site, check which ones need an update. And do a composer require in the command line for each to update them.

Me: wouldn't it make more sense to just increment the version in the composer.json and then run update?

Mgr: no, you don't understand how composer works, it's very complicated. Just do require. Don't ever do update.

Me: *does it anyway (reverting later of course) and compares update vs require and their differences in the lock file*

I mean it looks like 'update' is updating important dependencies for each of the packages as well as the package itself... The 'require' just seems to download the package itself but no updates to dependencies for those packages.

But seriously is composer that complicated that I can't just do an 'update'?

I've been reading the composer documentation and it seems to be saying that update is the better way to go...

I'm doubting myself these days...

  • 1
    might be there's some plugin which in older version has some functionality that the newer version doesn't, or the newer does it in a different way, and that functionality is very important to whomever is using the backend.

    i've seen wordpress sites that had updates turned off in multiple ways just to make sure a plugin like that stayed on precisely the version they wanted/needed.
  • 0
    @Midnight-shcode thank you for helping me understand!
  • 1
    @iSwimInTheC no problem. i'm not saying that's the case in your... ehm... case =D, it's just the first (and only) benefit of the doubt kind of reason that i thought of.
  • 1
    The gist is that that require ADDS an package to the lock file. After the package was added, it will be installed or updated. Require offers an CLI to search if no package name is given and interactive mode

    The update command doesn't add a new dependency. It updates either all dependencies or a specific dependency based on the constraints in the composer.json file and updates the lock file accordingly.

    require vendor/package1 -> Add, Install | Update vendor/package1
    update -> update all dependencies
    update vendor/package1 vendor/package2 -> only upgrade specific packages

    Using composer require to just upgrade a package is kinda "wrong".... As the dependency will be installed if not present.

    I must say that the Composer docs are quite clear on this, you should read them:

  • 1
    Wordpress is a dinosaur technology. It still uses JQuery and most of it's popular plugins still uses JQuery. It also doesn't use composer by default, even though it uses PHP as backend. Why does your company still use it?

    Also it's latest version (6.1) still doesn't fully works with PHP 8.0. They call it in "beta support stage". Even though PHP 8.0 was released two years ago.
  • 0
    @daniel-wu they use it because they have like 10,000 articles in it and it would be difficult to get them out, on top of that moving everyone to a new CMS without completely upending all of everyone's workflows and causing the company to lose money is not a good idea.

    The website generates about 90% of the revenue. That shit shuts down for even a moment, it's hell to pay.

    Also it was done by the original team that had no background in tech. So a lot of poor choices super early on.
  • 0
    @IntrusionCM I read the docs, thanks, it just wasn't clear on why require would be a more optimal choice, according to my manager, over update.
  • 1
    @iSwimInTheC my grumpy mood found another victim. :-P 🥞

    The trouble is when upgrade is run without any explicit package name - as you then bump everything, which has a high likelihood of breakage.

    Especially in systems with plugins like WordPress.
  • 0
    @IntrusionCM ah! Gotcha! So as long as I identify the vendor/package during an update, all should go well.
    That would definitely save me time instead of having to explicitly use the version when using composer require.
  • 1
    @iSwimInTheC You can use update / upgrade with a version, then composer only updates it to this version.

    That's the sweet thing about composer imho: It's CLI is pretty powerful, yet simple.

    If you do *not* specify a version, only then the latest release for the package will be taken.

    php composer.phar update vendor/package:1.0.0

    as an example.
  • 1
    Getting the articles out should be as simple as performing "SELECT * FROM wp__posts" though.

    SEO will be the harder one since Google already indexed most of the articles, assuming it's a popular website. But it can solved by making the new web design having the same article url as the old one.
  • 0
    @daniel-wu that is true, but the other problem is the editorial teams high reliance on WordPress. They have a workflow and a method and to change things simply because I'm uncomfortable is not a solid reason. And finally, the development team is all WordPress focused.
Add Comment