Ok, you have installed a Yii 2 basic or advanced app for the first time and completed the post install steps. You have picked up a few extensions to install for the first time as well. You would already see a composer.lock file in your application root folder.

Here are a few tips on using this file to lock your package versions for future composer updates.

Let us consider you want to lock a specific bootstrap version for this package: yiisoft/yii2-bootstrap. It is assumed you already have installed the yiisoft\yii2-bootstrap extension for the first time.

STEP 1: Editing composer.lock

You would see an entry similar to this in your composer.lock file in your Yii 2 app root:

Now, to make the extension dependent on a specific bootstrap version (say 3.0 only), you can now change the following line in your composer.lock file:

STEP 2: Future Composer Updates

You can repeat step 1 for locking dependencies for all your extensions (e.g. kartik-v/yii2-widgets, or any extension). But do a check on extension compatibility for each dependency version though.

The only thing to ensure is that future updates to packages through composer should now be done this way:

The above command installs/updates/removes everything to the state of the composer.lock file.

Info: The difference is you are not using php composer.phar update for updating if you want everything as per your composer.lock settings.

Show more