Semantic Versioning

Semantic versioning uses major, minor, and patch numbers to communicate compatibility intent. Composer constraints express which releases the project is willing to install.

Working Knowledge

• Treat major updates as potentially breaking.
• Expect minor releases to add backwards-compatible features and patches to contain fixes when packages follow SemVer.
• Understand caret and tilde constraints before editing them.
• Review changelogs and upgrade guides for important updates.
• Do not assume every ecosystem package follows SemVer perfectly.

Read Common Constraints

^3.2     allow compatible releases from 3.2.0 up to, but not including, 4.0.0
~3.2.1   allow patch releases from 3.2.1 up to, but not including, 3.3.0
3.2.1    allow exactly version 3.2.1

For 0.x packages, compatibility rules are narrower because the package is still before 1.0.0. Check Composer's documented constraint behaviour instead of assuming ^0.3 behaves like ^3.0.

Constraints And Lock Files Work Together

The manifest says what Composer may select. The lock file records what the application actually selected and tested.

Changing ^3.2 to ^4.0 is a compatibility decision. Running a targeted update within ^3.2 is still a code change because behaviour can change even when a package follows SemVer carefully.

Review changelogs, migration guides, dependency diffs, and test results.

In Application Work

Constraints are risk decisions. Libraries and applications may choose different update policies, but both need tested, deliberate dependency updates.

What To Check

Before moving on, make sure you can explain caret, tilde, and exact constraints and describe why every resolved update still needs review.