rector/jack
Jack is an experimental CLI for safely upgrading Composer dependencies one version at a time. It can fail CI when too many major updates are overdue, highlight dev deps first, and help you open up next versions gradually to avoid risky big-bang upgrades.
Install the package with composer require rector/jack --dev. It’s designed for gradual, low-risk dependency upgrades — especially valuable in legacy Laravel apps where dependency debt has accumulated. Your first step should be running vendor/bin/jack breakpoint --dev locally or in CI: it scans composer.json for outdated dev dependencies and fails if more than 5 major versions are behind (configurable via --limit). This surfaces technical debt early without overwhelming you. If your project has severe outdatedness, start with --limit 2 or --limit 1 to build confidence incrementally.
jack breakpoint (e.g., --dev --limit 5) to your CI pipeline. Treat failures as high-priority tech debt — schedule a sprint to resolve them incrementally.jack open-versions --dev --limit 3 --dry-run first, review changes to composer.json, commit if safe, then composer update. Repeat in small batches — this avoids large, risky updates while leveraging Composer’s resolver safely.jack raise-to-installed --dry-run to catch cases where your composer.json lags behind the installed versions (e.g., constraints say ^6.4, but 7.2 is installed). Fix the constraint to prevent accidental downgrades.laravel/framework, illuminate/*), combine --package-prefix illuminate with open-versions to batch related updates and isolate failure surfaces.^9.0|^10.0, but Composer may resolve to a PHP 8.1+ version (e.g., PHPUnit 10). Always verify your project’s php requirement supports the new version before committing — run composer show --platform to check.open-versions, raise-to-installed) can create overly broad ranges (e.g., 5.*|7.*). Always use --dry-run, inspect the diff, and consider whether the range is truly safe for your project’s upgrade cadence.composer.json if needed.open-versions, always run composer validate and composer check-platform-reqs before committing. The new ranges may expose platform gaps (e.g., ext-imagick missing in CI but required by a newer package).jack’s isolated upgrades can cause subtle conflicts. Prefer targeting one group at a time (e.g., --package-prefix symfony) and validate with composer why-not afterward.How can I help you explore Laravel packages today?