Right now our update.sh script, which is used for deployment, runs 'composer update'. This command gets the latest versions of dependencies and updates the composer.lock file. This is not appropriate for deployment because it could potentially change which versions of packages are installed. Instead, we should use install, which will install only what is specified in composer.lock, ensuring we deploy only what we've tested.  https://getcomposer.org/doc/03-cli.md#update  https://getcomposer.org/doc/03-cli.md#install
Whiteboard: [dev=2015-03-05] → [dev=2015-03-05][stage=2015-03-05][prod=2015-03-05]
This has been pushed to dev, stage and prod. Note: In order to see the effect of this change, git pull needs to be run on command line prior to running tools/update.sh (because update.sh itself needs to be updated prior to being run).
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.