I've removed the need for running composer install. When installed globally, one needs to look for the autoloader elsewhere.
I've also loosened the versions of dependencies. Projects using semver should be safe to update to newer minor versions. Secondly, having the composer.lock file committed ensures that anyone running composer install/require gets the same versions as the composer.lock file specifies. Updating dependencies is then simply a composer update and committing the updated lock file.
I've removed the need for running composer install. When installed globally, one needs to look for the autoloader elsewhere.
I've also loosened the versions of dependencies. Projects using semver should be safe to update to newer minor versions. Secondly, having the composer.lock file committed ensures that anyone running composer install/require gets the same versions as the composer.lock file specifies. Updating dependencies is then simply a
composer update
and committing the updated lock file.