Podcast
Get Unstuck
I was recently helping someone integrate WorkOS into an existing Laravel application, and we were using the laravel/work-os package.
This package was built as part of a Laravel starter kit, so its focus seemed to be on new applications using WorkOS as the exclusive auth mechanism from day one. While integrating it into an existing application, we ran into a small issue and, like a good open source citizen, I submitted a PR to improve it.
Once the release was tagged, we went back to our application and ran composer update, but the package didn't update.
Our requirement was "laravel/workos": "^0.3", and the new release was 0.4.0, so it should have updated, right?
The caret operator is intended to allow updates that do not break backwards compatability, meaning it should allow updates up until the next major version.
But in semantic versioning, 0.x.y versions are considered to be in "initial development", and Composer becomes more conservative about what updates are allowed.
It treats minor versions as potentially breaking backwards compatibility, and only allows patch version updates.
So ^0.3 would only have allowed updates to 0.3.x, but not to 0.4.0.
It is also important to note that if you have a patch version specified in the constraint, like 0.3.0, it would be locked down completely to that exact version.
Even 0.3.1 would not have been allowed.
The solution was to manually update our requirement to "laravel/workos": "^0.4", and then run composer update again.
Here to help,
Joel
P.S. Would you like help on your project? As you can see, we'll even improve the framework or upstream packages to make your app better. Explore how we can work with you.