If you maintain your depending packages in a PHP project with composer (which you really should do!), you may want to get an idea of which packages might be possible to be updated.
This is very easy to do with composer outdated see: https://getcomposer.org/doc/03-cli.md#outdated. This will provide a list of packages in a new version:
You may have noticed, that the list includes a lot of packages and a lot of major updates like algo26-matthias/idna-convert from 1.1.0 to 3.0.4. If it comes to maintaining a project, that might be a bit to much as a major update includes also breaking changes.
So, how to get just the minor updates?
composer outdated --minor-only
Ok, great, now we just have the minor updates available.
But wait, there are some dependencies of my defined dependencies. What if I just want to know, whether there is a package available in my direct dependency declaration as I'm only maintaining those?
composer outdated --minor-only --direct
Nice! Only the packages I'm responsible for are reported now.
But there is a package that requires dev-master and therefore it will always be reported. Am I able to ignore packages?
composer outdated --minor-only --direct --ignore roave/security-advisories
And if there is another package you like to ignore, just add --ignore package/name --ignore another/package-name as many times you need.
To keep an eye on the updateable packages there could be some automatic reminder implemented as cron, gitlab, travis ci, etc. to inform you about updates. To ease the manipulation of the data, it is possible to retrieve the list in e.g. a pure json format.
composer outdated --minor-only --direct --ignore roave/security-advisories --format json
With this command all of the data could be used to parse it with another simple script, check the field "latest-status" and provide a nice formatted report with all of the packages via e.g. email, webhook in Slack or where ever you like.
