composer install will install whenever stated in the composer.lock file, but composer update will update all the dependencies and create a new composer.lock file based on what is required in composer.json.
So many said only run composer update in development. But my question is doing composer update did replaced the old composer.lock file, if your app is going to break it will break, because there might be conflict with the new updated dependencies.
I came across with a situation where I must do composer update, the issue is related to pcntl extension. The only solution is to do composer update PHP pcntl module installation
I don't understand why people are afraid of running composer update on production.
My Answer:
PHP code as a superuser/root user?
Running PHP code as a superuser/root user can be dangerous because it gives the code full access to the system, allowing it to make changes to critical system files and potentially compromise the security of the entire system. This can lead to unauthorized access, data loss, and other security vulnerabilities. It is always recommended to run PHP code with the least amount of privileges necessary to perform its intended function in order to minimize the risk of security breaches.
Rate this post
4 of 5 based on 3842 votesComments