Manually updating Symfony2 deps file to get Doctrine 2.2?

Question

Is possible to manually update deps file to get the latest version of Doctrine 2.2? I\'d like to use the new Paginator component. So basically i wa

Answer 1

By removing the deps.lock file you're obviously putting yourself at risk to getting unstable code.

I have used the following steps to minimize the risk of breaking something:

• Write down the current commit hash of the components you'd like to update from deps.lock
• Find the commit hash from GitHub and write it down.
• Navigate to a component's directory and type git checkout [commit] where [commit] is the new hash.
• Clear your cache and verify that the site is still more or less working.
• Paste the new commit hash to deps.lock and run bin/vendors install

Keep in mind that I would strongly advise against this. Should you screw things up, you're pretty much on your own and there's no-one to help you.

Answer 2

In my opinion, all of the work suggested by gilden is unnecessary and over-cautious. Of course you can manually update your deps file with whatever you want. I'm currently running Doctrine\Common (2.2.1), Doctrine\DBAL (2.2.1), and Doctrine (2.2.1) on Symfony 2.0.11 without issues.

It isn't the libraries that you need to worry about (usually), it is the bundles that utilize the libraries that require specific version(s). For example, Symfony2 has no direct dependency on any version of Doctrine -- but the DoctrineBundle does.

Before upgrading a bundle/library, it is usually good to check out their required dependencies on Packagist.org. Search for the package you want to upgrade and see what required dependencies they define. Note: This won't be required on Symfony 2.1 since it will use Composer to manage vendor libraries.

Although, you'll never know if something works with your install or not unless you try it. Of course, don't do anything stupid - but there is no reason to be scared of breaking things by updating vendor libraries. Store your code in Git and you can easily revert your changes. See: How to create and store a Symfony2 project in Git

---

Also, when specifying version=#.#.# in deps - even if you do not have a deps.lock file at all, you will always get the same commit hash because you are specifying the Git tag on the repository.

Some bundles, rather than providing version numbers, will offer various branches for managing compatibility with multiple Symfony versions. So you may see something like version=origin/2.0 which means the vendors script will checkout the latest commit on the branch named 2.0 of the repository. The maintainer will most likely try to keep that branch always compatible with Symfony 2.0.x.