In a new post to thePHP.cc blog Sebastian Bergmann talks about Death Star Version constraint and how it could cause issues in your application if your version definitions are too loose.
PHPUnit 6, a new major version of the de-facto standard for testing PHP-based software, was recently released. Soon after, the test suites of developers who did not yet want to upgrade to the new version stopped working. What had happened?In a nutshell, these PHP developers were caught off guard by the consequences of using the "Death Star" version constraint in their composer.json file, the * operator.
He gives an example where a user may have specified "*" in their composer.json
file, leaving it wide open to get whatever the latest version is. He then talks some about semantic versioning and how it should be used in Composer configurations to ensure you're always working with the versions you're expecting. Locking down versions is good, but he also makes a recommendation to "keep dependencies fresh", providing bug fixes, new features and functionality as well as security updates.