Right now we require specific version of core and related.
That means if you start a project with
composer create-project drupal/recommended-project myproject
Before the update you will have something like
"drupal/core-recommended": "^9.2"
In your composer.json
But after you use auto-updates you will have
"drupal/core-recommended": "9.2.5"
This might not be a big deal but there are other ways that we could handle this.
I am not a composer expert by any means but I think we could do
composer update drupal/core-recommended:9.2.5 --with-all-dependencies
From my testing in the command line this will update Drupal but leave the composer.json file untouched.
Not sure but it seems if we don't have to change the composer.json and can still update Drupal we should. We will have to update composer.lock
Closed: works as designed
2.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
+1 to #2. However, should we retain the caret?
Before the update you will have something like
"drupal/core-recommended": "^9.2"
In your composer.jsonBut after you use auto-updates you will have
"drupal/core-recommended": "9.2.5"
Would it be better if we ended up with ^9.2.5? There might be arguments both for and against that. Should we open a new issue to discuss them?