Skip to content

Make a useful commit message from Composer Update output

Your PHP applications likely contain many composer dependencies. If you’re like me, you regularly run composer update to install all the available updates to your installed packages. You then commit the updated lock file to your code repository.

But how to you properly document what changed with that commit? Is your commit message just Dependency Update ? If you have an application security team, are they asking for more detail about what was updated between releases?

Today I came across a new (to me) tool that will help me solve exactly this problem.

The composer package runs after each time you run composer update and gives you a list of each updated package, including a link to that package’s change log and release notes.

You can copy and paste that output into your git commit message, into your own release notes, share with your team in documentation, etc.

Screenshot of the output from pyrech/composer-changelogs
Output after running composer update

To install it, run:

composer require --dev "pyrech/composer-changelogs"

The only thing that would make this workflow more complete for me is creating a JIRA ticket and automatically adding this output to the ticket description. Maybe I’ll work on figuring that out next.

What’s the most recent new (or new to you) tool that you’ve discovered?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.