Do you know the difference between composer install and composer upgradeLet’s say the following configurations are available:

magento/magento2-base: 2.3.4 
symphony/console: 100.999 
monolog/monolog: 1.23.5

composer.json 
"require": {
 "magento/magento2-base": "2.3.3",
 "symfony/console": "*",
 "monolog/monolog": "1.16.*" 
} 
composer.lock 
{
 "packages": [
 { "name": "magento/magento2-base", "version": "2.3.3" },
 { "name": "symfony/console", "version": "2.3" },
 { "name": "monolog/monolog", "version": "1.16.0" }]
}

The main function of the composer install command is to install the fixed version specified in composer.lock. The result will be:

magento/magento2-base: 2.3.3 
symphony/console: 2.3 
monolog/monolog: 1.16.0

The composer upgrade command should be used when we need to update dependencies. As a result, we will get:

magento/magento2-base: 2.3.3 
symphony/console: 100.999 
monolog/monolog: 1.16.999 

Our recommendations:

  • Composer upgrade should only be used when you update Magento or if you need to update its dependencies. Otherwise, use composer install.
  • If you use composer upgrade, be sure to add the updated composer.json and composer.lock files to the repository. Remember to inform your team that they need to run composer install to update dependencies from composer.lock.