CommandBox does more than help you install packages. It also helps you keep them up to date as well. Remember, you can always get a quick list of all the dependencies installed on your app with the
Dependency Hierarchy myApp (1.0.0)
├── coldbox (6.6.1)
└─┬ cbvalidation (3.3.0)
└── cbi18n (2.2.0)
To check and see if any of your installed packages can be updated to a newer version, run the
Entering "yes" will install the newest version of the package. Use the --force flag to automatically answer "yes". It is also possible to get a list of outdated dependencies without the prompt to update them with the
The table of information in the
updatecommand has several different version numbers. This is what they mean:
- Package - This contains the slug and semver range you've put in your
box.jsonfile. i.e., what version you "asked" for.
- Installed - This is the exact version installed right now in your project
- Update - This is the newest possible version of the package that satisfies the semver range in your
box.json. Not there may be newer versions of the library not shown here depending on what your semver range is allowing. A red highlight in this columns means a new version is available.
- Latest - This is the absolute latest stable version of this package regardless of your semver range. In order to update to this version, you may need to run the
installcommand again and ask specifically for it. An orange highlight in this column means a new major update is available.
Note, updating to a new major version of a library may contain breaking changes. This is why the default semver range is the caret (^) range which will prompt you with patch and minor updates, but NOT major updates. Those upgrades require manual intervention by default.
If you are using a ForgeBox package, the
updatecommand will comply with the semantic versioning range you specify. For example, if you have a dependency installed with a version saved of
^2.0.0it will update you all the way to
2.9.9but it will never install
3.0.0until you ask it to. This is because breaking changes come in major versions, but minor releases are supposed to be compatible.
The way CommandBox determines whether there is a new version of a package differs based on the endpoint that installed the package. Versions are always treated as a semantic version (Major.Minor.Patch).
- ForgeBox - The ForgeBox REST API is used to get the latest package version.
- HTTP(S) - Package is always considered outdated, and re-downloaded.
- File - The box.json's version is used from the zip. If box.json doesn't exist, the package is always considered outdated.
- Folder - The box.json's version is used from the folder. If box.json doesn't exist, the package is always considered outdated.
- Git - Package is always considered outdated, and re-cloned.
If you want to integrate your package updates with an external process, you can get this data back as JSON so it can be parsed and used by another system.
CommandBox> outdated --JSON
Resolving Dependencies, please wait...
"SHORTDESCRIPTION":"This module provides server side validation to ColdBox applications",