symfony/symfony makes Composer install all Symfony Components in
the same version. But when using the standalone packages, Composer might
install dependencies in a different major version - for example,
is compatible with
This is fine if you don't want to stick strictly to Symfony LTS versions, but it does mean that you could end up using versions of components which no longer receive security updates:
We could manually
composer require every single Symfony component in certain versions, even the ones we don't directly depend on, but that can be a hassle. Instead, I've created a Composer metapackage which prevents Composer from installing those unsupported versions.
Adding it to your project is as simple as running:
composer require --dev colinodell/symfony-lts-or-current:dev-master
Installing colinodell/symfony-lts-or-current package forces Composer to always use an LTS or current version of Symfony Components, regardless of whether they are explicitly listed as a project's dependency or installed transitively:
As of this article's publish date, the
colinodell/symfony-lts-or-current package will only allow these Symfony versions to be installed:
4.0 still receive security updates, they are not current or LTS releases and are therefore excluded)
Astute readers may notice that this metapackage is somewhat similar to
symfony/lts but with one key difference:
symfony/lts forces ALL components to the be SAME version, whereas this allows newer versions to be installed provided they are LTS or current.