Always load remote package info for path repositoriy packages

[naderman]

To improve working with path repositories any composer update command should always read the composer.json info from the remote path, rather than using data stored in the local lock file. As the path repo contents update with the remote directory it's easy to forget that you need to still actually run an update of the dependency in a path repo to get its dependencies updated properly. So this should just happen automatically anytime you update anything.

[stof]

so this would mean that packages present in path repositories would always be automatically whitelisted ?

[naderman]

@stof I guess so? Maybe that's a terrible idea?

[stof]

I would find this quite confusing actually, if a partial update is implicitly whitelisting more stuff.

Note that this only applies to partial updates anyway. A full composer update is already using the remote package info as the package is not locked in such case.

[naderman]

Well it's also somwhat confusing that, if you do a partial update for some other package, then you still already have the code of a newer version of the path repo package, which works fine with that newer dependency, but the path repo package's dependencies are still suck on the old versions.

I guess in some ways though this is similar to how we automatically update checked out branches without resolving their dependencies though.

[Seldaek]

Yeah I am also not so sure about this. On one side it seems like a good idea and I definitely have had cases where I forgot to update the path repo too, but usually it's pretty clear anyway when you get a conflict because you forgot to do it. On the other hand it may trigger unexpected things, I am not sure. It does seem like the more intuitive thing to do though at least when the code is symlinked that you'd get the latest deps always. If the code is not symlinked though I'd tend to see it the other way.

Maybe worth a try to see how it behaves for a while in 2.1 snapshots if it's easy enough to implement, then worst case we revert before a release, or put it behind a config option if needed.

[sveneld]

@Seldaek when many developers works with same package which is configured as 'path' they get a conflict during merging their branches due to the change of reference for path package in composer.lock. Is it possible to add an config option for path packages?
#10482