i run WP 6.2
it’s composer-installed, using bedrock framework scaffold.
plugins & themes are also composer-installed.
in the Admin UI, since it’s composer-installed, there’s no option to auto-enable updates.
as expected … updates are to be managed by composer.
still, i’m getting regular email notifications from my install that plugins have been auto-updated. e.g.,
-------- Original Message --------
From: example.com [mailto:noreply@wp.example.com]
Sent: Tuesday, April 11, 2023 at 6:01 PM EDT
To: wp@example.net
Subject: [example.com] Some plugins were automatically updated
> Howdy! Some plugins have automatically updated to their latest versions on your site at https://example.com. No further action is needed on your part.
>
>
> These plugins are now up to date:
> - Conditional Fields for Contact Form 7 (from version 2.3.5 to 2.3.6) : https://wordpress.org/plugins/cf7-conditional-fields/
> - Simple Cloudflare Turnstile (from version 1.18.1 to 1.18.2) : https://wordpress.org/plugins/simple-cloudflare-turnstile/
>
>
> If you experience any issues or need support, the volunteers in the WordPress.org support forums may be able to help.
> https://wordpress.org/support/forums/
>
> The WordPress Team
but, if i check via composer, those^^ plugins have NOT been updated, and ARE available to be updated,
composer update --dry-run
Loading composer repositories with package information
Info from https://repo.packagist.org: #StandWithUkraine
Updating dependencies
Lock file operations: 0 installs, 3 updates, 0 removals
- Upgrading roave/security-advisories (dev-latest 892a245 => dev-latest 13fc947)
- Upgrading wpackagist-plugin/cf7-conditional-fields (2.3.5 => 2.3.6)
- Upgrading wpackagist-plugin/simple-cloudflare-turnstile (1.18.1 => 1.18.2)
Installing dependencies from lock file (including require-dev)
Package operations: 0 installs, 3 updates, 0 removals
- Upgrading roave/security-advisories (dev-latest 892a245 => dev-latest 13fc947)
- Upgrading wpackagist-plugin/cf7-conditional-fields (2.3.5 => 2.3.6)
- Upgrading wpackagist-plugin/simple-cloudflare-turnstile (1.18.1 => 1.18.2)
17 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
No security vulnerability advisories found
checking
wp-cli config list | grep AUTOMATIC_UPDATER_DISABLED
AUTOMATIC_UPDATER_DISABLED 1 constant
where are update &/or notification for the composer-managed plugins disabled?