composer outdated returning

[PatrickRose]

My composer.json:

{
    "repositories": [
        {
            "type": "composer",
            "url": "[redacted]"
        },
        {
            "packagist": false
        }
    ],
    "name": "zedcore/zedcore",
    "description": "Zedcore",
    "license": "proprietary",
    "config": {
        "platform": {
            "php": "7.1.11"
        }
    },
    "require":
    {
        "html2text/html2text": "^4.1",
        "abraham/twitteroauth": "^1.0",
        "donatj/phpuseragentparser": "^0.16",
        "elasticsearch/elasticsearch": "^7.9",
        "guzzlehttp/psr7": "^1.4",
        "league/flysystem": "^1.1",
        "league/flysystem-rackspace": "^1.0",
        "league/flysystem-sftp": "^1.0",
        "monolog/monolog": "^1.25",
        "pear-pear.horde.org/horde_text_diff": "^2.1",
        "pear/console_getopt": "^1.4",
        "pear-pear.php.net/pear": "^1.10",
        "symfony/console": "4.2.*",
        "neam/php-po2json": "^0.1",
        "azatoth/php-pgettext": "^1.0",
        "predis/predis": "1.1.2+disconnect",
        "psy/psysh": "^0.10.4",
        "google/recaptcha": "^1.1",
        "sepia/po-parser": "^4.1",
        "php-mime-mail-parser/php-mime-mail-parser": "^5.0",
        "ezyang/htmlpurifier": "^4.13",
        "nojimage/twitter-text-php": "^3.0",
        "facebook/graph-sdk": "^5.6",
        "phpseclib/phpseclib": "^2.0",
        "xemlock/htmlpurifier-html5": "0.1.11",
        "guzzlehttp/guzzle": "^6.3",
        "symfony/polyfill-php80": "^1.18",
        "microsoft/windowsazure": "^0.5.7",
        "fzaninotto/faker": "^1.9"
    },
    "require-dev":
    {
        "phpunit/phpunit": "^8",
        "mockery/mockery": "^1.0",
        "sebastian/exporter": "^3.0",
        "squizlabs/php_codesniffer": "^3.0",
        "wimg/php-compatibility": "^8.0"
    },
    "scripts":
    {
        "post-install-cmd": [
            "@phpcsconfig"
        ],
        "post-update-cmd": [
            "@phpcsconfig"
        ],
        "phpcsconfig": [
            "[ ${COMPOSER_DEV_MODE} -eq 0 ] || \"vendor/bin/phpcs\" --config-set tab_width 4",
            "[ ${COMPOSER_DEV_MODE} -eq 0 ] || \"vendor/bin/phpcs\" --config-set installed_paths \"../../wimg/php-compatibility,../../../util/PHPCS/\"",
            "[ ${COMPOSER_DEV_MODE} -eq 0 ] || \"vendor/bin/phpcs\" --config-set testVersion 7.3-"
        ]
    },
    "autoload-dev":
    {
        "psr-4":
        {
            "ZedcoreStandard\\": "util/PHPCS/ZedcoreStandard"
        }
    }
}

Output of composer diagnose:

Checking composer.json: WARNING
require.predis/predis : exact version constraints (1.1.2+disconnect) should be avoided if the package follows semantic versioning
Checking platform settings: FAIL

The allow_url_fopen setting is incorrect.
Add the following to the end of your `php.ini`:
    allow_url_fopen = On

Your command-line PHP is using multiple ini files. Run `php --ini` to show them.
If you can not modify the ini file, you can also run `php -d option=value` to modify ini values on the fly. You can use -d multiple times.

Checking git settings: OK
Checking http connectivity to packagist: Skipped because allow_url_fopen is missing.
Checking https connectivity to packagist: Skipped because allow_url_fopen is missing.
Checking github.com rate limit: Skipped because allow_url_fopen is missing.
Checking disk free space: OK
Checking pubkeys:
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0  87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B  0C708369 153E328C AD90147D AFE50952
OK
Checking composer version: Skipped because allow_url_fopen is missing.
Composer version: 2.0.8
PHP version: 7.1.11 - Package overridden via config.platform, actual: 7.3.18
PHP binary path: /usr/bin/php7.3
OpenSSL version: OpenSSL 1.1.1g  21 Apr 2020
cURL version: 7.52.1 libz 1.2.8 ssl OpenSSL/1.0.2u
zip: extension present, unzip present

When I run this command:

composer outdated

I get the following output:

Reading ./composer.json
Loading config file ./composer.json
Checked CA file /etc/ssl/certs/ca-certificates.crt: valid
Executing command (/srv/www/zedcore/prose.trac.zcode.net): git branch -a --no-color --no-abbrev -v
Executing command (/srv/www/zedcore/prose.trac.zcode.net): git rev-list master..76800_UpdateComposerDependencies
Executing command (/srv/www/zedcore/prose.trac.zcode.net): git rev-list main..76800_UpdateComposerDependencies
Executing command (/srv/www/zedcore/prose.trac.zcode.net): git rev-list develop..76800_UpdateComposerDependencies
Executing command (/srv/www/zedcore/prose.trac.zcode.net): git rev-list remotes/origin/main..76800_UpdateComposerDependencies
Executing command (/srv/www/zedcore/prose.trac.zcode.net): git rev-list remotes/origin/develop..76800_UpdateComposerDependencies
Failed to initialize global composer: Composer could not find the config file: /home/prose/.composer/composer.json
To initialize a project, please create a composer.json file as described in the https://getcomposer.org/ "Getting Started" section
Reading /srv/www/zedcore/prose.trac.zcode.net/vendor/composer/installed.json
Loading plugin cweagans\Composer\Patches
Running 2.0.8 (2020-12-03 17:20:38) with PHP 7.3.18-1+0~20200515.59+debian9~1.gbp12fa4f on Linux / 4.9.0
Downloading https://php-pkg.zedcore.com:4680/packages.json
[200] https://php-pkg.zedcore.com:4680/packages.json
Writing /home/prose/.composer/cache/repo/https---php-pkg.zedcore.com-4680/packages.json into cache
Reading /home/prose/.composer/cache/repo/https---php-pkg.zedcore.com-4680/include-all$7896f2050581831301ef4f7580a5786d99685cad.json from cache
abraham/twitteroauth                1.2.0             1.0.1   The most popular PHP library for use with the Twitter OAuth REST API.
container-interop/container-interop 1.2.0             1.2.0   Promoting the interoperability of container objects (DIC, SL, etc.)
Package container-interop/container-interop is abandoned, you should avoid using it. Use psr/container instead.
donatj/phpuseragentparser           v0.16.0           v1.2.0  Lightning fast, minimalist PHP UserAgent string parser.
fzaninotto/faker                    v1.9.2            v1.9.2  Faker is a PHP library that generates fake data for you.
Package fzaninotto/faker is abandoned, you should avoid using it. No replacement was suggested.
guzzle/guzzle                       v3.9.3            v3.9.3  PHP HTTP client. This library is deprecated in favor of https://packagist.org/p...
Package guzzle/guzzle is abandoned, you should avoid using it. Use guzzlehttp/guzzle instead.
league/flysystem                    1.1.3             1.0.70  Filesystem abstraction: Many filesystems, one API.
league/mime-type-detection          1.7.0             Mime-type detection for Flysystem
microsoft/azure-storage             v0.19.1           v0.19.1 This project provides a set of PHP client libraries that make it easy to access...
Package microsoft/azure-storage is abandoned, you should avoid using it. Use microsoft/azure-storage-blob;microsoft/azure-storage-queue;microsoft/azure-storage-table;microsoft/azure-storage-file instead.
mockery/mockery                     1.4.2             1.3.3   Mockery is a simple yet flexible PHP mock object framework
phar-io/manifest                    2.0.1             1.0.3   Component for reading phar.io manifest information from a PHP Archive (PHAR)
phar-io/version                     3.0.4             2.0.1   Library for handling version information and constraints
phpdocumentor/reflection-common     2.2.0             2.0.0   Common reflection classes used by phpdocumentor to reflect the code structure
phpdocumentor/reflection-docblock   5.2.2             4.3.4   With this component, a library can provide support for annotations via DocBlock...
phpdocumentor/type-resolver         1.4.0             1.0.0   A PSR-5 based resolver of Class names, Types and Structural Element Names
phpspec/prophecy                    1.12.2            v1.10.3 Highly opinionated mocking framework for PHP 5.3+
phpunit/php-code-coverage           7.0.14            6.1.4   Library that provides collection, processing, and rendering functionality for P...
phpunit/php-token-stream            4.0.4             3.1.2   Wrapper around PHP's tokenizer extension.
Package phpunit/php-token-stream is abandoned, you should avoid using it. No replacement was suggested.
phpunit/phpunit                     8.5.14            7.5.20  The PHP Unit Testing framework.
predis/predis                       v1.1.2+disconnect v1.1.6  Flexible and feature-complete Redis client for PHP and HHVM
sebastian/global-state              3.0.1             2.0.0   Snapshotting of global state
sebastian/type                      1.1.4             Collection of value objects that represent the types of the PHP type system
symfony/console                     v4.2.12           v4.4.18 Symfony Console Component
theseer/tokenizer                   1.2.0             1.1.3   A small library for converting tokenized PHP source code into XML and potential...
wimg/php-compatibility              8.2.0             9.3.5   A set of sniffs for PHP_CodeSniffer that checks for PHP version compatibility.
Package wimg/php-compatibility is abandoned, you should avoid using it. Use phpcompatibility/php-compatibility instead.
zendframework/zend-loader           2.6.1             2.6.1   Autoloading and plugin loading strategies
Package zendframework/zend-loader is abandoned, you should avoid using it. Use laminas/laminas-loader instead.
zendframework/zend-mail             2.10.0            2.10.0  Provides generalized functionality to compose and send both text and MIME-compl...
Package zendframework/zend-mail is abandoned, you should avoid using it. Use laminas/laminas-mail instead.
zendframework/zend-mime             2.7.2             2.7.2   Create and parse MIME messages and parts
Package zendframework/zend-mime is abandoned, you should avoid using it. Use laminas/laminas-mime instead.
zendframework/zend-stdlib           3.2.1             3.2.1   SPL extensions, array utilities, error handlers, and more
Package zendframework/zend-stdlib is abandoned, you should avoid using it. Use laminas/laminas-stdlib instead.
zendframework/zend-validator        2.13.0            2.13.0  Validation classes for a wide range of domains, and the ability to chain valida...
Package zendframework/zend-validator is abandoned, you should avoid using it. Use laminas/laminas-validator instead.

And I expected this to happen:

league/flysystem / phar-io/version (and others) to not report as outdated, as the version I have installed is greater than the version composer is saying is the latest.

The problem doesn't manifest itself if I do a bare install without our satis repo - in those cases composer will say that the latest version of league/flysystem is 2.0.2, phar-io/version is up to date etc.

[stof]

does it also happen if you use packagist rather than a custom repository ?

[PatrickRose]

@stof no, just happens with our satis repo.

[stof]

then maybe the Satis repo contains some corrupted metadata.

And this also means we cannot reproduce the issue to debug it.

[PatrickRose]

The fact that satis has returned the wrong value is a bug with satis, but why is composer saying that my version is outdated when it isn't?

[stof]

Well, I suspect that all releases of league/flysystem newer than 1.0.70 have been removed from your Satis repo (which might not even be a bug in Satis but an effect of your config, as Satis allows to select a subset of the packagist versions when mirroring them).

regarding the fact that it says it is outdated, the composer outdated command does not actually deal properly with the case where the installed version is newer than the latest available version in the repository (which should never happen anyway if you don't filter the repository after installing the package). It will consider it outdated when the versions are different.

[Seldaek]

Yeah this doesn't really seem like something we need to address.