When drupal-updater runs in a different environment than default (e.g. "@es.local) the following error appears:

I think the issue might be that the showObsoleteDrupalModules() method doesn't consider the environment.

After applying the next patch, it seems to be working correctly.

diff --git a/src/UpdaterCommand.php b/src/UpdaterCommand.php
index a0c3398..090eaa3 100644
--- a/src/UpdaterCommand.php
+++ b/src/UpdaterCommand.php
@@ -498,9 +498,12 @@ Update includes:
    */
   protected function showObsoleteDrupalModules() {
     $this->printHeader2('Unsupported Drupal modules:');
-    $this->output->writeln(
-      $this->runCommand(sprintf('drush php-script %s/../scripts/unsupported-modules.php', __DIR__)),
-    );
+    foreach ($this->environments as $environment) {
+      $this->output->writeln(sprintf('Running drush %s php-script %s/../scripts/unsupported-modules.php', $environment, __DIR__));
+      $this->output->writeln(
+          $this->runCommand(sprintf('drush %s php-script %s/../scripts/unsupported-modules.php', $environment, __DIR__))
+      );
+    }
   }
 
   /**

My projects often have very large composer files with lots of modules. I often run into this after making it ~85% of the way through all the updates:

Updating package FAILED: recovering previous state.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
/// Updating: drupal/redirect ///


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
fatal: pathspec 'web' did not match any files

Updating package FAILED: recovering previous state.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
/// Updating: drupal/responsive_favicons ///


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
fatal: pathspec 'web' did not match any files

Updating package FAILED: recovering previous state.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
/// Updating: drupal/scheduler ///

The following exception is caused by a process timeout
Check https://getcomposer.org/doc/06-config.md#process-timeout for details

In Process.php line 1204:

  The process "./vendor/bin/drupal-updater" exce
  eded the timeout of 2000 seconds.

Restarting the script means that it starts over from the beginning and often times out at about the same point, which means I can never "get" to the updates near the end of the list.

https://github.com/Metadrop/drupal-updater/blob/da5700d9c91d688e2d448c706a8b8086fc205b6f/scripts/unsupported-modules.php#LL38C4-L38C10

I think $output = Drush::output(); from the beginning in the previous version (e.g. 1.6.0) would correct the problem.

Thanks!

Acceptance criteria

• The title must be changed to Update [package] with dependencies
• The description must contain the composer-lock diff report.

We need to report a security concern (as Drupal does) when a module/theme is no longer supported (the package itself or the current version installed).

As an example, this is the email that Drupal triggers

The installed version of at least one of your modules or themes is no longer supported. Upgrading or disabling is strongly recommended. See the project homepage for more details.

Rename Checking Outdated packages to Checking packages

Now the updater, for each module that is trying to be updated, if it fails the error appears in the output. It would be nice to store the reason and show it in the final report, so those who use the helper can detect quickly why some packages have not been updated.

Description

In a drupal-updater run, there was a module that haven't been updated. The specific module is fastly from 3.14 to 3.15, the error is the following:

drupal/fastly 3.15.0 requires drupal/core ^8 -> found drupal/core[8.0.0-beta6, ..., 8.9.x-dev] but it conflicts with your root composer.json require (^9.3.1).

But, the message that appears is this one:

Drupal updater should let developers know there has been a problem so there is no need to rerun the update command.

When there are not "Not Updated Securities (ALL)" elements a message should be found as we have for "Unsupported Drupal modules". Check if the other categories also have a "no elements found" message

The package is saying at the same time that if couldn't update the package but at the same time there are some packages listed as updated. See screenshot:

Package drupal/core-composer-scaffold has an update available to 10.0.7 version. Due to composer.json constraints, it hasn't been updated.

Is there an error? In case not, can you improve the feedback?

fatal: pathspec 'web' did not match any files

The script continues on just fine, so is this anything we should be paying attention to?

It happened that the script wasn't able to update the drupal core latest security, when the project has drupal/core-recommended installed.

It looks like as not the complete metapackage has been updated, it is not possible to independently upgrade drupal core.

Steps to reproduce

• Have a site with Drupal 9.4.11 or lower / 9.5.4 or lower / 10.0.4 or lower , but with drupal/core-recommended in the requirements.
• Run drupal-updater --security

This is an example of the currrent output

// 4. REPORT //
+------------------------+----------+----------+-------------------------------------------------------------------+

| Production Changes     | From     | To       | Compare                                                           |

+------------------------+----------+----------+-------------------------------------------------------------------+

| laminas/laminas-stdlib | 3.16.1   | 3.17.0   | https://github.com/laminas/laminas-stdlib/compare/3.16.1...3.17.0 |

| psy/psysh              | v0.11.12 | v0.11.13 | https://github.com/bobthecow/psysh/compare/v0.11.12...v0.11.13    |

+------------------------+----------+----------+-------------------------------------------------------------------+



+-----------------------------+---------+---------+----------------------------------------------------------------------+

| Dev Changes                 | From    | To      | Compare                                                              |

+-----------------------------+---------+---------+----------------------------------------------------------------------+

| metadrop/behat-contexts     | v1.10.8 | v1.11.0 | https://github.com/Metadrop/behat-contexts/compare/v1.10.8...v1.11.0 |

| metadrop/drupal-updater     | 1.2.2   | 1.3.0   | https://github.com/Metadrop/drupal-updater/compare/1.2.2...1.3.0     |

| phpdocumentor/type-resolver | 1.6.2   | 1.7.0   | https://github.com/phpDocumentor/TypeResolver/compare/1.6.2...1.7.0  |

+-----------------------------+---------+---------+----------------------------------------------------------------------+

/// Not Updated Packages (Direct): ///

drupal/core                   9.5.5        ~ 10.0.5 Drupal is an open source...
drupal/core-composer-scaffold 9.5.5        ~ 10.0.5 A flexible Composer proj...
drupal/radix                  5.0.0-alpha5 ! 5.0.8  Radix is a base theme fo...
....

It will be ideal to have a full report of the not update packages.
Reason: drupal-updater uses the strategy to iterate through all direct packages to update all their dependencies, which is great. At the same time it will be quite useful to know the full list of outdated packages (informative reasons)

I suggest adding an extra data right after the Direct ones: /// Not Updated Packages (ALL): ///

The documentation says to run ./vendor/bin/drupal-updater update, but doing so throws this error:

No arguments expected, got "update"

I removed the update argument, running ./vendor/bin/drupal-updater and got the expected result.

If there is a package with available updates but it coulnd't be updated due to requirement constraints, it would be nice to see that there is a release available so when the output is reviewed , reviewers can notice there is an available update.

Acceptance criteria:

• The message only includes a reference when a configuration change has been added.
• The message only includes "with dependencies" when a dependency is also updated.
• The message includes "only dependencies" when the original package was not updated but their dependencies was.

Examples:

• UPDATE - drupal/token: dependencies
• UPDATE - drupal/token: package, dependencies
• UPDATE - drupal/token: package, dependencies, configuration changes
• UPDATE - drupal/token: dependencies, configuration changes
• UPDATE - drupal/token: configuration changes

Reference

The consolidating config output is not easy to read, it is not clear when the script needed to consolidate configuration and when not as it is always displayed. It will be great to know if there were changes found

In order to provide more legibility I suggest the following changes:

• Remove double linebreaks inside the same page and only double between each one
• Only display the message of "Updated packages:" when available

Use case: A developer wants to update a list of packages (not all), but still wants to be boosted by Drupal Updater (update workflow, cim/cex, commit message + description, etc.)

Solution

Provide an extra param: --packages that will receive a list of packages like "drupal/core,drupal/metatag"
If present, the script will iterate over those packages instead of the composer --direct --locked and will try to update them and their dependencies