Why are unbound version constraints a bad idea?

A version constraint without an upper bound such as *, >=3.4 ordev-master will allow updates to any future version of the dependency.This includes major versions breaking backward compatibility.

Once a release of your package is tagged, you cannot tweak its dependenciesanymore in case a dependency breaks BC - you have to do a new release but theprevious one stays broken.

The only good alternative is to define an upper bound on your constraints,which you can increase in a new release after testing that your package iscompatible with the new major version of your dependency.

For example instead of using >=3.4 you should use ~3.4 which allows allversions up to 3.999 but does not include 4.0 and above. The ~ operatorworks very well with libraries follow semantic versioning.

Note: As a package maintainer, you can make the life of your users easierby providing an alias version for your developmentbranch to allow it to match bound constraints.

如果您发现文档中有错误，或者能够帮我们完善文档，请提交到我们的 Github 仓库吧！

原文: https://docs.phpcomposer.com/faqs/why-are-unbound-version-constraints-a-bad-idea.html