dependency-updates

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Dependency Updates for Drupal with Composer

使用Composer进行Drupal依赖更新

Use when:

Checking which packages are outdated
Updating Drupal core to a newer minor or patch release
Updating contrib modules or libraries
Resolving composer version conflicts after an update

适用场景：

检查哪些包已过时
将Drupal核心更新至较新的次要版本或补丁版本
更新contrib模块或库
更新后解决Composer版本冲突

Before You Start — Create a Branch

开始之前——创建分支

This step is mandatory. Do not run any composer commands until a new branch is created and confirmed. Never update packages directly on
main
or
master
.

Check the current branch first:

bash

git branch --show-current

If the user is on

main

master

, or any protected branch, stop and ask: "What would you like to name the new branch for these updates?"

Suggest a default if they are unsure (e.g.,

deps/drupal-updates-YYYY-MM-DD

bash

git checkout -b <branch-name>

Confirm the new branch is active before proceeding:

bash

git branch --show-current

Only continue to the next step once the output confirms a non-protected branch.

此步骤为必填项。在创建并确认新分支之前，请勿运行任何Composer命令。 切勿直接在
main
或
master
分支上更新包。

首先检查当前分支：

bash

git branch --show-current

如果用户处于

main

、

master

或任何受保护分支，请停止操作并询问："您希望为这些更新命名新分支的名称是什么？"

如果用户不确定，可提供默认建议（例如：

deps/drupal-updates-YYYY-MM-DD

）。

bash

git checkout -b <branch-name>

继续下一步之前，请确认新分支已激活：

bash

git branch --show-current

只有当输出确认当前为非受保护分支时，才可继续。

Check for Outdated Packages

检查过时包

bash

composer outdated

Shows all packages with newer versions available. Columns: current version → latest available.

bash

composer outdated

显示所有有可用新版本的包。列内容为：当前版本 → 最新可用版本。

Check only direct dependencies

仅检查直接依赖

bash

composer outdated --direct

bash

composer outdated --direct

Check a specific package

检查特定包

bash

composer outdated drupal/core-recommended

bash

composer outdated drupal/core-recommended

Update a Specific Package

更新特定包

bash

composer update drupal/package --with-all-dependencies

bash

composer update drupal/package --with-all-dependencies

Update multiple packages at once

同时更新多个包

bash

composer update drupal/package1 drupal/package2 --with-all-dependencies

bash

composer update drupal/package1 drupal/package2 --with-all-dependencies

Update Drupal Core (Minor or Patch)

更新Drupal核心（次要版本或补丁）

Drupal core is split across multiple packages. Update all together:

bash

composer update drupal/core-recommended drupal/core-composer-scaffold drupal/core-project-message --with-all-dependencies

Note: Minor upgrades (e.g., 10.2 → 10.3) may require relaxing the version constraint in
composer.json
first:
json
"drupal/core-recommended": "^10.3"
Then run the update command above.

Drupal核心分为多个包，需一起更新：

bash

composer update drupal/core-recommended drupal/core-composer-scaffold drupal/core-project-message --with-all-dependencies

注意： 次要版本升级（例如：10.2 → 10.3）可能需要先放宽
composer.json
中的版本约束：
json
"drupal/core-recommended": "^10.3"
然后运行上述更新命令。

Verify the installed version

验证已安装版本

bash

composer show drupal/core | grep versions

bash

composer show drupal/core | grep versions

Update All Packages

更新所有包

Update everything within existing

composer.json

constraints:

bash

composer update

This updates
composer.lock
but will not change version constraints in
composer.json
. Packages pinned to an older major will not cross that boundary.

在现有

composer.json

约束范围内更新所有内容：

bash

composer update

此命令会更新
composer.lock
，但不会修改
composer.json
中的版本约束。固定为旧主版本的包不会跨版本更新。

Update All Drupal Contrib Modules

更新所有Drupal Contrib模块

bash

composer update "drupal/*" --with-all-dependencies

bash

composer update "drupal/*" --with-all-dependencies

Resolving Conflicts

解决冲突

"Your requirements could not be resolved"

"无法满足您的需求"

Find what is blocking the update:

bash

undefined

查找阻碍更新的因素：

bash

undefined

What requires the package you're trying to update?

哪些包依赖您尝试更新的包？

composer why drupal/package

What prevents the target version?

哪些因素阻止目标版本的安装？

composer why-not drupal/package 2.x


Adjust the conflicting constraint in `composer.json` and retry.

composer why-not drupal/package 2.x


调整`composer.json`中的冲突约束后重试。

Conflict between two contrib modules

两个contrib模块之间的冲突

bash

undefined

bash

undefined

Check full dependency chain

检查完整依赖链

composer depends drupal/module-a composer depends drupal/module-b


Update both together to let composer find a compatible set:

```bash
composer update drupal/module-a drupal/module-b --with-all-dependencies

composer depends drupal/module-a composer depends drupal/module-b


同时更新两个模块，让Composer找到兼容的版本组合：

```bash
composer update drupal/module-a drupal/module-b --with-all-dependencies

Revert a bad update

回滚错误更新

composer update

introduced a regression, restore the previous lock file from version control and reinstall:

bash

git checkout composer.lock
composer install

如果

composer update

引入了问题，从版本控制中恢复之前的锁文件并重新安装：

bash

git checkout composer.lock
composer install

Verify the Update

验证更新

bash

undefined

bash

undefined

Confirm installed versions

确认已安装版本

composer show drupal/core-recommended composer show --outdated


Run `composer audit` after any update to confirm no new advisories were introduced:

```bash
composer audit

After verification, always ask the user these questions in order:

1. "Do you want to commit these changes?"
If yes:
bash
git add composer.json composer.lock
git commit -m "Update Drupal dependencies"
If no → remind the user that
composer.json
and
composer.lock
are uncommitted before proceeding.
2. "Do you want to deploy these changes to an Acquia environment?"

If yes → follow the Drupal Update and Deploy playbook to push code, switch the environment, and optionally trigger a pipeline build.

If no → done.

composer show drupal/core-recommended composer show --outdated


更新后运行`composer audit`，确认未引入新的安全警告：

```bash
composer audit

验证完成后，请按顺序询问用户以下问题：

1. "您是否要提交这些更改？"
如果是：
bash
git add composer.json composer.lock
git commit -m "Update Drupal dependencies"
如果否 → 在继续操作前提醒用户
composer.json
和
composer.lock
存在未提交更改。
2. "您是否要将这些更改部署到Acquia环境？"

如果是 → 遵循**Drupal更新与部署手册**推送代码、切换环境，并可选择触发流水线构建。

如果否 → 操作完成。

Troubleshooting

故障排除

Problem	Command
Update ignored — package still old	Check constraint in `composer.json` ; relax if needed
`composer install` fails after update	Run `composer why-not package version` to find conflict
Unexpected packages changed	Review `git diff composer.lock` before committing
Memory limit error	`COMPOSER_MEMORY_LIMIT=-1 composer update`

问题	解决命令/方法
更新被忽略——包版本仍为旧版	检查 `composer.json` 中的约束；必要时放宽约束
更新后 `composer install` 失败	运行 `composer why-not package version` 查找冲突
出现意外的包变更	提交前查看 `git diff composer.lock`
内存限制错误	`COMPOSER_MEMORY_LIMIT=-1 composer update`

dependency-updates

Original

Translation

Dependency Updates for Drupal with Composer

使用Composer进行Drupal依赖更新

Before You Start — Create a Branch

开始之前——创建分支

Check for Outdated Packages

检查过时包

Check only direct dependencies

仅检查直接依赖

Check a specific package

检查特定包

Update a Specific Package

更新特定包

Update multiple packages at once

同时更新多个包

Update Drupal Core (Minor or Patch)

更新Drupal核心（次要版本或补丁）

Verify the installed version

验证已安装版本

Update All Packages

更新所有包

Update All Drupal Contrib Modules

更新所有Drupal Contrib模块

Resolving Conflicts

解决冲突

"Your requirements could not be resolved"

"无法满足您的需求"

What requires the package you're trying to update?

哪些包依赖您尝试更新的包？

What prevents the target version?

哪些因素阻止目标版本的安装？

Conflict between two contrib modules

两个contrib模块之间的冲突

Check full dependency chain

检查完整依赖链

Revert a bad update

回滚错误更新

Verify the Update

验证更新

Confirm installed versions

确认已安装版本

Troubleshooting

故障排除

Related

相关内容