Remember to Composer Update for Security and Updates

Laravel updates and updates to various PHP libraries come once in awhile with little notice to your web application, and no notice is shown, no auto update runs – unlike WordPress. Once in awhile a security update comes, so how might you test it?

On a test or staging environment, back up the whole directory with the php project, then:

composer update

then wait awhile for this to run. On local, run

php artisan serve

and check out that all features work.

Now you will see in the composer.lock file, listing the installed /vendor/ folder libraries, an old version, eg

   "name": "laravel/framework",
   "version": "v6.5.1",

will be updated to

  "name": "laravel/framework",
  "version": "v6.20.14",

If your server has a similar environment and PHP version, back its current folder and run the same – “composer update”. It should behave in the same way.

Leave a Reply

Your email address will not be published. Required fields are marked *

÷ two = four