@@ -160,20 +160,40 @@ starting with ``symfony/`` to the new major version:
160160 "...": "...",
161161 }
162162
163- composer.json `` file, in the ``extra `` block you can
164- find a data setting for the Symfony version. Make sure to also upgrade
165- this one. For instance, update it to ``7.0.* `` to upgrade to Symfony 7.0:
163+
164+ ``extra.symfony.require `` configuration option in your ``composer.json `` file.
165+ In Symfony applications using :doc: `Symfony Flex </setup/flex >`, this setting
166+ restricts Symfony packages to a single specific version, improving both
167+ dependency management and Composer update performance:
166168
167169.. code-block :: diff
168170
169- "extra": {
170- "symfony": {
171- "allow-contrib": false,
172- - "require": "6.4.*"
173- + "require": "7.0.*"
174- }
171+ {
172+ "...": "...",
173+
174+ "require": {
175+ - "symfony/cache": "7.0.*",
176+ + "symfony/cache": "*",
177+ - "symfony/config": "7.0.*",
178+ + "symfony/config": "*",
179+ - "symfony/console": "7.0.*",
180+ + "symfony/console": "*",
181+ "...": "...",
182+ },
183+ "...": "...",
184+
185+ + "extra": {
186+ + "symfony": {
187+ + "require": "7.0.*"
188+ + }
189+ + }
175190 }
176191
192+ warning ::
193+
194+ Tools like `dependabot `_ may ignore this setting and upgrade Symfony
195+ dependencies. For more details, see this `GitHub issue about dependabot `_.
196+
177197.. tip ::
178198
179199 If a more recent minor version is available (e.g. ``6.4 ``) you can use that
@@ -336,3 +356,5 @@ Classes in the ``vendor/`` directory are always ignored.
336356.. _`PHP CS Fixer` : https://github.com/friendsofphp/php-cs-fixer
337357.. _`Rector` : https://github.com/rectorphp/rector
338358.. _`maintained Symfony versions` : https://symfony.com/releases
359+ .. _`dependabot` : https://docs.github.com/en/code-security/dependabot
360+ .. _`GitHub issue about dependabot` : https://github.com/dependabot/dependabot-core/issues/4631
0 commit comments