What are the steps to reproduce this issue?
- Run
update coldbox-cli --system (or outdated --system)
- When prompted, confirm the update
- Run
outdated --system again
What happens?
coldbox-cli is permanently listed as outdated, suggesting an update from 8.10.0-snapshot to 8.10.0+27, even after confirming the update. The cycle repeats on every subsequent update --system run.
What were you expecting to happen?
After updating to 8.10.0+27, the package should no longer be listed as outdated.
Any logs, error output, etc?
> update coldbox-cli --system
Resolving Dependencies, please wait...
┌─────────────────────┬────────────────────┬───────────┬───────────┬─────────────────────┐
│ Package │ Installed │ Update │ Latest │ Location │
├─────────────────────┼────────────────────┼───────────┼───────────┼─────────────────────┤
│ coldbox-cli@^8.8.0+25 │ 8.10.0-snapshot │ 8.10.0+27 │ 8.10.0+27 │ /modules/coldbox-cli│
└─────────────────────┴────────────────────┴───────────┴───────────┴─────────────────────┘
Found (1) Outdated Dependency
* coldbox-cli
Would you like to update the dependencies? (yes/no):
Any other comments?
The root cause appears to be that 8.10.0-snapshot and 8.10.0+27 point to the same zip artifact on the Ortus download server. The response of https://www.forgebox.io/api/v1/entry/coldbox-cli/versions/8.10.0+27 includes:
"location":"https://downloads.ortussolutions.com/ortussolutions/commandbox-modules/coldbox-cli/8.10.0/coldbox-cli-8.10.0.zip"
The same URL is used by 8.10.0-snapshot. Because CommandBox reads the installed version from the module's own box.json, which declares "version":"8.10.0-snapshot" as shipped inside the zip, it never sees 8.10.0+27 as installed, causing the outdated warning to persist indefinitely.
The fix would be either to republish 8.10.0+27 with a new zip whose internal box.json declares "version":"8.10.0+27" or have CommandBox reconcile the installed version against ForgeBox metadata when the artifact URL is identical.
What versions are you using?
Operating System: Windows 11 Pro 25H2
Package Version: 8.10.0-snapshot (installed) / 8.10.0+27 (ForgeBox latest)
What are the steps to reproduce this issue?
update coldbox-cli --system(oroutdated --system)outdated --systemagainWhat happens?
coldbox-cliis permanently listed as outdated, suggesting an update from8.10.0-snapshotto8.10.0+27, even after confirming the update. The cycle repeats on every subsequentupdate --systemrun.What were you expecting to happen?
After updating to
8.10.0+27, the package should no longer be listed as outdated.Any logs, error output, etc?
Any other comments?
The root cause appears to be that
8.10.0-snapshotand8.10.0+27point to the same zip artifact on the Ortus download server. The response ofhttps://www.forgebox.io/api/v1/entry/coldbox-cli/versions/8.10.0+27includes:The same URL is used by
8.10.0-snapshot. Because CommandBox reads the installed version from the module's ownbox.json, which declares"version":"8.10.0-snapshot"as shipped inside the zip, it never sees8.10.0+27as installed, causing the outdated warning to persist indefinitely.The fix would be either to republish
8.10.0+27with a new zip whose internalbox.jsondeclares"version":"8.10.0+27"or have CommandBox reconcile the installed version against ForgeBox metadata when the artifact URL is identical.What versions are you using?
Operating System: Windows 11 Pro 25H2
Package Version:
8.10.0-snapshot(installed) /8.10.0+27(ForgeBox latest)