Your PHP applications likely contain many composer dependencies. If you’re like me, you regularly run composer update to install all the available updates to your installed packages. You then commit the updated lock file to your code repository.
But how to you properly document what changed with that commit? Is your commit message just Dependency Update ? If you have an application security team, are they asking for more detail about what was updated between releases?
Today I came across a new (to me) tool that will help me solve exactly this problem.
The https://github.com/pyrech/composer-changelogs composer package runs after each time you run composer update and gives you a list of each updated package, including a link to that package’s change log and release notes.
You can copy and paste that output into your git commit message, into your own release notes, share with your team in documentation, etc.
To install it, run:
composer require --dev "pyrech/composer-changelogs"
The only thing that would make this workflow more complete for me is creating a JIRA ticket and automatically adding this output to the ticket description. Maybe I’ll work on figuring that out next.
What’s the most recent new (or new to you) tool that you’ve discovered?