From 7232f8cf3898a2144bfacb398a665d5596b77d9d Mon Sep 17 00:00:00 2001 From: Alexis Lefebvre Date: Sat, 7 Sep 2024 17:23:00 +0200 Subject: [PATCH] =?UTF-8?q?[Setup]=20feat:=20add=20section=20about=20`comp?= =?UTF-8?q?oser=20extra.symfony.require=20=E2=80=A6`?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- setup.rst | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/setup.rst b/setup.rst index 1fc65f23856..fccb15b375d 100644 --- a/setup.rst +++ b/setup.rst @@ -281,6 +281,19 @@ create new projects. If you use Composer, you need to tell the exact version: $ composer create-project symfony/skeleton:"6.4.*" my_project_directory +With an already existing project, you can restrict Symfony packages to one +specific version by :doc:`using Symfony Flex in your project ` +and setting the ``extra.symfony.require`` config: + +.. code-block:: terminal + + $ composer config extra.symfony.require "6.4.*" + +.. warning:: + + Tools like `dependabot`_ may ignore this setting and upgrade the Symfony dependencies, + see this `GitHub issue about dependabot`_. + The Symfony Demo application ---------------------------- @@ -315,6 +328,8 @@ Learn More .. _`Install Composer`: https://getcomposer.org/download/ .. _`install the Symfony CLI`: https://symfony.com/download .. _`symfony-cli/symfony-cli GitHub repository`: https://github.com/symfony-cli/symfony-cli +.. _`dependabot`: https://docs.github.com/en/code-security/dependabot +.. _`GitHub issue about dependabot`: https://github.com/dependabot/dependabot-core/issues/4631 .. _`The Symfony Demo Application`: https://github.com/symfony/demo .. _`Symfony Flex`: https://github.com/symfony/flex .. _`PHP security advisories database`: https://github.com/FriendsOfPHP/security-advisories