Question about kirby installation via composer

Kirby 4 Solved ✔️
1

Hi,

I have a question about my kirby installation via composer.
When I run composer outdated, I always get an info like this:

claviska/simpleimage      4.0.6   4.1.0   A PHP class that makes working with images as simple as possible.
composer/pcre             3.1.2   3.1.3   PCRE wrapping library that offers type-safe preg_* replacements.
composer/xdebug-handler   3.0.3   3.0.4   Restarts a process without Xdebug.
symfony/polyfill-intl-idn v1.28.0 v1.29.0 Symfony polyfill for intl's idn_to_ascii and idn_to_utf8 functions
symfony/polyfill-mbstring v1.28.0 v1.29.0 Symfony polyfill for the Mbstring extension
symfony/yaml              v6.4.0  v7.0.3  Loads and dumps YAML files

I’m not sure, if they’re all dependencies used by kirby and
my question is, is it safe to update these packages, though there’s no new kirby version available, or should I leave them as they are, as they could then break the current kirby installation?

2

Technically, as long as you only update to newer minor or patch releases (if version is X.Y.Z, only Y and Z should change) it should be backwards compatible. In your list that would be everything except for symfony/yaml, so you should be ok to update the others.

However, as long as there’s no security problem (composer audit) or specific bug you’re running into, there’s not really a reason to do so, and since the Kirby composer.json file mostly requires exact versions, it might also be quite cumbersome to do it (e.g. composer update wouldn’t do anything)

1 Like
3

Thanks a lot for the clarification, Roman!
Now I know, I can lazily run composer update without having to worry that I could break anything.
Until now I always manually updated packages (e.g. plugins) which I found a bit annoying.