Wouldn't it be better to commit composer.lock to the repository, so that the exact versions of modules are pinned there? Then only the generic dependency (for example: "drupal/field_group": "8.*") can be put in composer.json, and all vendor code can be updated with composer update.
joesb
commented
8 years ago
Wouldn't it be better to commit composer.lock to the repository, so that the exact versions of modules are pinned there? Then only the generic dependency (for example:
"drupal/field_group": "8.*") can be put in composer.json, and all vendor code can be updated withcomposer update.