Remove composer.lock

[colinodell]

Users installing this plugin via composer won't be bound by the composer.lock file. This means it's only locking the versions for those developing this project. It's therefore recommended to not version the composer.lock as you won't necessarily be testing against the latest versions of the dependencies unless you manually run composer update frequently.

[cconover]

According to Composer documentation composer.lock should be versioned in the project, to make sure that the versions of all dependencies are consistent with each release. Otherwise, users could run composer install and get dependency versions untested with the release they're using, and get broken code.

[colinodell]

For projects I totally agree. However, this is a library, so only you and contributors to this plugin would be locked to those exact versions - WP site maintainers who install this plugin would not be subject to this restriction and can use any dependency versions within the ranges found in composer.json. See http://stackoverflow.com/a/24247443/158766.

If composer.lock is removed, Travis will automatically test using the latest dependency versions. However, you can add another entry to the test matrix which automatically tests the oldest supported versions - see https://github.com/thephpleague/commonmark/blob/master/.travis.yml#L13 for an example.

[colinodell]

Here's an example of what I mean - drop this composer.json into a temporary folder somewhere and run composer install or composer update:

{
    "name": "test/my-awesome-wp-site",
    "description": "Pretend this is a WordPress project",
    "repositories":[
        {
            "type":"composer",
            "url":"https://wpackagist.org"
        }
    ],
    "require": {
        "composer/installers": "1.0.19",
        "wpackagist-plugin/featured-image-caption": "0.8.4"
    }
}

Note that we're requiring a version of composer/installers which is older than what you've locked but still allowed by your composer.json.