I got a security mail from shopware that I have to update to 6.4.8.2. So I goto the Shopware Production Github and copy this section to my local composer.json:
"composer-runtime-api": "^2.0",
"shopware/administration": "~v6.4.0",
"shopware/core": "~v6.4.0",
"shopware/elasticsearch": "~v6.4.0",
"shopware/recovery": "~v6.4.0",
"shopware/storefront": "~v6.4.0"
But when I run composer update the shop updates to version 6.4.7.0. Why not to Shopware 6.4.8.2? Because in my opinion „~v6.4.0“ means: ">= v6.4.0 and < v.6.5.0
wsung
4. April 2022 um 16:50
2
There are some changes in „require-dev“ of composer.json . I think, the symfony updates are important
"require-dev": {
"ext-openssl": "*",
"ext-tokenizer": "*",
"ext-xmlwriter": "*",
"defuse/php-encryption": "~2.2.1",
"dms/phpunit-arraysubset-asserts": "^0.2.1",
"fakerphp/faker": "~1.14.1",
"johnkary/phpunit-speedtrap": "~3.3.0",
"league/flysystem-memory": "~1.0.2",
"maltyxx/images-generator": "~1.0.0",
"mbezhanov/faker-provider-collection": "~2.0.1",
"nikic/php-parser": "~4.10.4",
"opis/json-schema": "~1.0.19",
"phpunit/php-code-coverage": "~9.2.5",
"phpunit/phpunit": "~9.5.2",
"smalot/pdfparser": "~0.14.0",
"symfony/browser-kit": "~4.4 || ~5.2.3 || ~5.3.0 || ~5.4.0",
"symfony/dependency-injection": "~4.4 || ~5.2.3 || ~5.3.0 || ~5.4.0",
"symfony/css-selector": "^5.3",
"symfony/dom-crawler": "~4.4 || ~5.2.3 || ~5.3.0 || ~5.4.0",
"symfony/phpunit-bridge": "~4.4 || ~5.2.3 || ~5.3.0 || ~5.4.0",
"symfony/stopwatch": "~4.4 || ~5.2.3 || ~5.3.0 || ~5.4.0",
"symfony/var-dumper": "~4.4 || ~5.2.3 || ~5.3.0 || ~5.4.0",
"symfony/web-profiler-bundle": "~4.4 || ~5.2.3 || ~5.3.0 || ~5.4.0"
}