What happened?
Description
When installing plugins, Craft also updates to the latest Craft version, as well as updating other plugins with pending updates.
Steps to reproduce
- Have a Craft installation that is not on the latest version, but that was recently updated by Craft (which means Craft and Craft plugins will not have pinned versions in
composer.json, but allowed version ranges).
- Run
craft update to see that there are pending updates, but don't update anything.
- Go to the plugin store and install any plugin.
- Run
craft update again. Craft has unintentionally been updated as well.
Expected behavior
When I install a plugin, I only want to install the plugin. I don't want updates sneaking in, potentially breaking something or requiring adjustments that I miss because I didn't notice this was happening. Installing a plugin should not trigger updates automatically.
I also had at least one case where the plugin installation failed with an unspecified error, possible an issue with order of operations or migrations not being run? Though I didn't dig deeper and can't reproduce it now.
Actual behavior
I think this is a side effect of the recent change to the way the craft update writes dependencies to the composer.json. Since it now uses version ranges with ^, the composer installation might update those packages as a side effect. Not quite sure if that's the full picture, though. Usually, composer require shouldn't perform updates unless a parameter tells it to, not sure what Craft does for the installation.
Craft CMS version
5.9.21
PHP version
No response
Operating system and version
No response
Database type and version
No response
Image driver and version
No response
Installed plugins and versions
What happened?
Description
When installing plugins, Craft also updates to the latest Craft version, as well as updating other plugins with pending updates.
Steps to reproduce
composer.json, but allowed version ranges).craft updateto see that there are pending updates, but don't update anything.craft updateagain. Craft has unintentionally been updated as well.Expected behavior
When I install a plugin, I only want to install the plugin. I don't want updates sneaking in, potentially breaking something or requiring adjustments that I miss because I didn't notice this was happening. Installing a plugin should not trigger updates automatically.
I also had at least one case where the plugin installation failed with an unspecified error, possible an issue with order of operations or migrations not being run? Though I didn't dig deeper and can't reproduce it now.
Actual behavior
I think this is a side effect of the recent change to the way the
craft updatewrites dependencies to thecomposer.json. Since it now uses version ranges with^, the composer installation might update those packages as a side effect. Not quite sure if that's the full picture, though. Usually,composer requireshouldn't perform updates unless a parameter tells it to, not sure what Craft does for the installation.Craft CMS version
5.9.21
PHP version
No response
Operating system and version
No response
Database type and version
No response
Image driver and version
No response
Installed plugins and versions