How do we pull the latest version of each plugin?

[claytoncollie]

I am requiring each plugin just fine but I am confused on how we know when to bump and what version to bump to for each plugin. For example, I have to log in to ACF and view my license to see that the latest version is 5.9.5 and the same for WP All Import. The one that is bothering me is WP All Import ACF Add-on. I don't know the latest version number and cant use Composer ^x.x.x to source the latest. Is this how everyone else is using it?

[mcaskill]

I keep track of plugin updates in a variety of ways (maintaining WordPress projects is part of my day-job):

• Subscribing to the RSS feeds for the official website blogs of these plugins, if available.
• Subscribing to the RSS feeds for the development logs each one on the WordPress Plugins directory (found under the "Development" tab), if available.
• Subscribing to Release notifications on the GitHub repository for each plugin, if available.
• Bi-weekly calendar reminder to check the "Updates" screen in the Admin—or via WP-CLI wp plugin list—for each project I maintain.

For WP All Import / Export, all I could find was the WordPress Plugins directory development logs that track the free versions, which can often be a useful hint that a Pro update is available if they maintain consistent versioning between free and premium:

• All Import
• All Export

For example with Polylang, I often rely on the Plugins directory development log since updates to their GitHub repository are often late and their official blog only mentions important version changes.

[claytoncollie]

Thanks for this information. I am more specifically looking for an automatic solution that is Composer-based. And even more specifically, with premium plugins. From a quick test, I bumped the version numbers fairly high on my plugins and this package downloaded the latest version of the plugins. meaning that if I was running on 2.4 and I bumped to 4.0, the installer would grab the latest version of 3.2.5 or whatever is offered. That kind of works especially for premium plugins without much documentation like the WP All Import Addons.

[mcaskill]

One thing to know about this plugin and how Composer works, the version and dist.url values are hashed and used as a cache key. Unfortunately, most premium plugins only allow one to ever download the latest version. If a Composer-cached copy of the plugin does not exist, it will fetch a the latest one and attach it to that cache key.

When bumping the version number, it creates a new cache key, thus looking to the server for a copy of the plugin from the vendor. You can write any bogus value in that version field and Composer will fetch the latest version of the plugin.

[mcaskill]

It has happened to me where I bumped the version of Gravity Forms in my composer.json file to, for example, 2.1.20, ran composer update, which downloaded and installed 2.1.20 (latest version at the time). Then, I committed composer.json and composer.lock. Afterwards, on a production, I pulled in my changes and ran composer install, and Composer downloaded and installed 2.1.21 (that came out during the intervening time of testing and committing) and cached it under 2.1.20.