Avoid Unsupported Symfony Component Versions With This Composer Metapackage

composer require --dev colinodell/symfony-lts-or-current

Using symfony/symfony makes Composer install all Symfony Components in the same version. But when using the standalone packages, Composer might install dependencies in a different major version - for example, symfony/validator v2.8 is compatible with symfony/translation v3.0.

The Problem

This is fine if you don't want to stick strictly to Symfony LTS versions, but it does mean that you could end up using versions of components which no longer receive security updates:

Updating packages to unsupported versions

The Solution

We could manually composer require every single Symfony component in certain versions, even the ones we don't directly depend on, but that can be a hassle. Instead, I've created a Composer metapackage which prevents Composer from installing those unsupported versions.

Adding it to your project is as simple as running:

composer require --dev colinodell/symfony-lts-or-current:dev-master

Installing colinodell/symfony-lts-or-current package forces Composer to always use an LTS or current version of Symfony Components, regardless of whether they are explicitly listed as a project's dependency or installed transitively:

Updating packages to support versions

As of this article's publish date, the colinodell/symfony-lts-or-current package will only allow these Symfony versions to be installed:

  • 2.8.x (LTS)
  • 3.4.x (LTS)
  • 4.1.x (current version)

(Although 2.7 and 4.0 still receive security updates, they are not current or LTS releases and are therefore excluded)

Alternative: symfony/lts

Astute readers may notice that this metapackage is somewhat similar to symfony/lts but with one key difference: symfony/lts forces ALL components to the be SAME version, whereas this allows newer versions to be installed provided they are LTS or current.

Enjoy this article?

About Colin O'Dell

Colin O'Dell

Colin O'Dell is a Lead Web Developer & DevOps Engineer at Unleashed Technologies, a web and hosting firm based in Maryland. In addition to being an active member of the PHP League and maintainer of the league/commonmark project, Colin is also a PHP docs contributor, conference speaker, and author of the PHP 7 Migration Guide.