composer bump not bumping tilde constraints #11579
Description
My composer.json:
{
"require-dev": {
"phpstan/phpstan": "~1.10.0"
}
}Output of composer diagnose:
Checking platform settings: OK
Checking git settings: OK git version 2.40.1
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking github.com rate limit: OK
Checking disk free space: OK
Checking pubkeys:
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0 87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B 0C708369 153E328C AD90147D AFE50952
OK
Checking composer version: OK
Composer version: 2.5.8
PHP version: 8.2.8
PHP binary path: /usr/bin/php8.2
OpenSSL version: OpenSSL 1.1.1n 15 Mar 2022
cURL version: 8.2.1 libz 1.2.13 ssl OpenSSL/3.0.10
zip: extension present, unzip present, 7-Zip present (7z)
When I run this command:
composer bump -vvv
I get the following output:
Running 2.5.8 (2023-06-09 17:13:21) with PHP 8.2.8 on Linux / 6.3.0-2-amd64
Reading ./composer.json (/home/easteregg/tmp/test/composer.json)
Loading config file /home/easteregg/.config/composer/config.json
Loading config file /home/easteregg/.config/composer/auth.json
Loading config file ./composer.json (/home/easteregg/tmp/test/composer.json)
Checked CA file /etc/pki/tls/certs/ca-bundle.crt does not exist or it is not a file.
Checked directory /etc/pki/tls/certs/ca-bundle.crt does not exist or it is not a directory.
Checked CA file /etc/ssl/certs/ca-certificates.crt: valid
Executing command (/home/easteregg/tmp/test): 'git' 'branch' '-a' '--no-color' '--no-abbrev' '-v'
Executing command (/home/easteregg/tmp/test): git describe --exact-match --tags
Executing command (CWD): git --version
Executing command (/home/easteregg/tmp/test): git log --pretty="%H" -n1 HEAD --no-show-signature
Executing command (/home/easteregg/tmp/test): hg branch
Executing command (/home/easteregg/tmp/test): fossil branch list
Executing command (/home/easteregg/tmp/test): fossil tag list
Executing command (/home/easteregg/tmp/test): svn info --xml
Reading /home/easteregg/.config/composer/composer.json
Loading config file /home/easteregg/.config/composer/config.json
Loading config file /home/easteregg/.config/composer/auth.json
Loading config file /home/easteregg/.config/composer/composer.json (/home/easteregg/.config/composer/composer.json)
Loading config file /home/easteregg/.config/composer/auth.json
Reading /home/easteregg/.config/composer/auth.json
Reading ./composer.lock (/home/easteregg/tmp/test/composer.lock)
Reading /home/easteregg/tmp/test/vendor/composer/installed.json
Reading /home/easteregg/.config/composer/vendor/composer/installed.json
Reading ./composer.lock (/home/easteregg/tmp/test/composer.lock)
Warning: Bumping dependency constraints is not recommended for libraries as it will narrow down your dependencies and may cause problems for your users.
If your package is not a library, you can explicitly specify the "type" by using "composer config type project".
Alternatively you can use --dev-only to only bump dependencies within "require-dev".
No requirements to update in ./composer.json.
And I expected this to happen:
phpstan updated to the latest version constraint, as happens with ^1.10.0 which gets bumped to the current installed version (1.10.29 in this case).
as far as i understand the documentation, this should get updated, just as the caret constraint does?