@@ -162,20 +162,40 @@ starting with ``symfony/`` to the new major version:
162162 "...": "...",
163163 }
164164
165- composer.json `` file, in the ``extra `` block you can
166- find a data setting for the Symfony version. Make sure to also upgrade
167- this one. For instance, update it to ``6.0.* `` to upgrade to Symfony 6.0:
165+
166+ ``extra.symfony.require `` configuration option in your ``composer.json `` file.
167+ In Symfony applications using:doc: `Symfony Flex </setup/flex >`, this setting
168+ restricts Symfony packages to a single specific version, improving both
169+ dependency management and Composer update performance:
168170
169171..code-block ::diff
170172
171- "extra": {
172- "symfony": {
173- "allow-contrib": false,
174- - "require": "5.4.*"
175- + "require": "6.0.*"
176- }
173+ {
174+ "...": "...",
175+
176+ "require": {
177+ - "symfony/cache": "6.0.*",
178+ + "symfony/cache": "*",
179+ - "symfony/config": "6.0.*",
180+ + "symfony/config": "*",
181+ - "symfony/console": "6.0.*",
182+ + "symfony/console": "*",
183+ "...": "...",
184+ },
185+ "...": "...",
186+
187+ + "extra": {
188+ + "symfony": {
189+ + "require": "6.0.*"
190+ + }
191+ + }
177192 }
178193
194+ warning ::
195+
196+ Tools like `dependabot `_ may ignore this setting and upgrade Symfony
197+ dependencies. For more details, see this `GitHub issue about dependabot `_.
198+
179199..tip ::
180200
181201 If a more recent minor version is available (e.g. ``6.4 ``) you can use that
@@ -338,3 +358,5 @@ Classes in the ``vendor/`` directory are always ignored.
338358.. _`PHP CS Fixer` :https://github.com/friendsofphp/php-cs-fixer
339359.. _`Rector` :https://github.com/rectorphp/rector
340360.. _`maintained Symfony versions` :https://symfony.com/releases
361+ .. _`dependabot` :https://docs.github.com/en/code-security/dependabot
362+ .. _`GitHub issue about dependabot` :https://github.com/dependabot/dependabot-core/issues/4631