2. Use composer locally, commit in repository
No stable version yet
Developers and CI server will use the same version of Composer
Optimize autoloader
install vs update vs require
Use composer update only during upgrade of deps
You can upgrade specific deps
composer update some/dep foo/bar
Code review: check if .lock file wasn’t accidentally committed!
New dependency
composer require “some/dep=1.1.*”