Composer not updating modules

I have this issue also. Composer works properly at home, but not on my hosting service. Same composer.json. php 7.2.5 at home, 7.3.17 on host.
I run 5 other sites and do not have this issue. I never see these repo lines elsewhere and do not know where they come from.

[~/www]# composer require --update-no-dev --update-with-dependencies 'drupal/logging_alerts:^1.0' drupal/nodeaccess drupal/pathauto drupal/token drupal/webform drupal/views_aggregator
    1/13:	http://repo.packagist.org/p/provider-archived$da5d596a9a5261ca1b47d529619143770c8fdb7b62afd423ba6584660394c897.json
    3/13:	http://repo.packagist.org/p/provider-latest$4b11cafbcc13b80fea2746427818ac504a168b1926eda202f9a1316306545c75.json
    3/13:	http://repo.packagist.org/p/provider-2020-04$7e18effd3911cca1f90cad51c62d77acd4004d5a3e5ebaffc783773722c9beb0.json
    4/13:	http://repo.packagist.org/p/provider-2019-07$176e16fa9d9f3517668a0882b7b3cc08d5466f175d0f0d59a7fcc0cbe0987d0c.json
    5/13:	http://repo.packagist.org/p/provider-2019-10$0d1c07a3dc4d089ad35ec753b63e00a55c2957b2ea20fa79e15e9d1db069b849.json
    6/13:	http://repo.packagist.org/p/provider-2013$73f58ed11acff006a67e5ea00243358ec8efd2ad549baef8e6396437aefc1af4.json
    7/13:	http://repo.packagist.org/p/provider-2015$ccddec19abffcea7f97c5aafdfcd1d4b01fe482c67bf09ca7fd2dcef4d76aed5.json
    8/13:	http://repo.packagist.org/p/provider-2014$9b084423640fc261aff75fee7d6d2c41d23d5b23f8b71a08d9e447e88a02740d.json
    9/13:	http://repo.packagist.org/p/provider-2016$7456a50e5844b7478f17e3d078918069d404e01fe546807cfe38d49bcaf82c78.json
    10/13:	http://repo.packagist.org/p/provider-2020-01$7ca3466e78ba1e531d0163b69600923682a56b40f748ec1a35655ee35cc943af.json
    11/13:	http://repo.packagist.org/p/provider-2019$877e80ea1a0690ee520238b3693e8dbc38373c33e35f5d8e9cd550670db54c4a.json
    12/13:	http://repo.packagist.org/p/provider-2017$f1d2539997b3b1c2701e71e4a4ecbe6d292b0fbd5a54d98a46af4435c9c68254.json
    13/13:	http://repo.packagist.org/p/provider-2018$414b582511b0ce934f1e3587010e8f8bad63b2b64ebef9d7c8c69456e55bf889.json
    Finished: success: 13, skipped: 0, failure: 0, total: 13
Using version ^1.0@beta for drupal/nodeaccess
Using version ^1.8 for drupal/pathauto
Using version ^1.7 for drupal/token
Using version ^5.10 for drupal/webform
Using version ^1.0@beta for drupal/views_aggregator
./composer.json has been updated
    1/2:	http://repo.packagist.org/p/provider-latest$0ef58db1ce03e07dd057a1932224158b9133be2b9689546f4fb45aee40e49375.json
    2/2:	http://repo.packagist.org/p/provider-2020-01$c1b80d21e932dc11a49f9453d548e21c6047cc55e5ec48663441d5d35adfb5b6.json
    Finished: success: 2, skipped: 0, failure: 0, total: 2
Dependency "drupal/ctools" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Loading composer repositories with package information
Updating dependencies

But none of the modules in web/modules/contrib are updated. The update page says the same modules need updating. No error message, even in watchdog.
If I try to update the modules in the GUI, they are downloaded, but at the next step, it says I am not authorized. I am admin, and get the same result from a different admin account. Composer.json is attached.
Module updates are coming out every few days, and it is infeasible to keep rebuilding my online site from one at home.

We need a fix for this please...

`composer outdated` reports newer releases of packages regardless your specifications regarding version constraints.
`composer update` will update packages respecting the specification regarding version constraints.
My experience is that when it says "0 installs, 12 updates, 0 removals", it really updates 12 packages. Maybe run `composer update` again till it tells you there is nothing to update.

Loading composer repositories with package information
Updating dependencies (including require-dev)
Nothing to install or update

You might want to try the verbose options to see more details of what gets done. Or try --dry-run first to see which packages get replaced. Although it is possible to use `composer outdated` to verify `composer update`, it is hard to notice that you are missing 12 out of 50 that have updates. Even having updated within your constraints it could still be reported with outdated due to releases outside your constraints.

Consider your workflow a bad procedure, suggest to change it to:
- use outdated -Dm to restrict the available updates to within the same major version for the requirements mentioned in your root composer.json
- use prohibits [package] [version] to find out whether something is blocking that particular update
- use require [package:version constraint] --no-update to adjust blocking specifications
- file issues with projects with blocking dependencies
- once done with outdated -Dm, start with outdated -m
This is what dependency management is about, composer can help you with it, but you need to it. Remember that you are responsible for maintaining the specifications of your project (site).

You might want to reconsider minimum-stability and prefer-stable. A common mistake in the Drupal community is to set them to dev, true. Suggest to remove them to stick with the default of stable unless root requirement says otherwise. Do check with `composer show` and see which packages use other than stable releases. Make sure each of those are mentioned in the root of your project with appropriate constraint (@stability).

Personally, prefer a conservative approach only allowing patch releases. That requires constraints like ~#.#.# instead of ^*
This makes minor releases a conscience decision (require ... --no-update)

Thank you for responding to this. The thing is, I do not have this issue on my home server using the same contents of public_html, and same database (with required hosting changes). I get this behavior for any module I try to update.
And also on this site (on my hoster), I cannot update the database from the GUI. I always get a "you do not have permission..." message, and I have tried this from two admin accounts. I somehow think this is related.

Sorry, my response was actually for OP.

Looks like things changed with `composer outdated` with respect to ignoring version constraints. Will have to look into it more to assess the impact on procedure desribed above.

# composer outdated -Dm
    1/1:	http://repo.packagist.org/p/provider-latest$0cb1a5925b22ad981944370af1ef6614647a9c9ae0a3e2ad16f17efe9a316e0c.json
    Finished: success: 1, skipped: 0, failure: 0, total: 1
composer/installers v1.7.0       v1.9.0       A multi-framework Composer library installer
drupal/superfish    1.3.0        1.4.0        Adds jQuery Superfish plugin to menu blocks.
drupal/typed_data   1.0.0-alpha4 1.0.0-alpha5 Extends the core Typed Data API with new APIS and features.
# composer update --no-dev --with-dependencies
    1/1:	https://packages.drupal.org/8/drupal/provider-2020-2$b776e221e54f4b37c01656300dfb980328b0430420929bfe7a06e69ae7509115.json
    Finished: success: 1, skipped: 0, failure: 0, total: 1
    1/1:	http://repo.packagist.org/p/provider-latest$2df4217f09f3882507b1ef3168fdf9fe986c559664eb80aa21af4df90dd770e4.json
    Finished: success: 1, skipped: 0, failure: 0, total: 1
Loading composer repositories with package information
Updating dependencies
# composer outdated -Dm
    1/1:	http://repo.packagist.org/p/provider-latest$0cb1a5925b22ad981944370af1ef6614647a9c9ae0a3e2ad16f17efe9a316e0c.json
    Finished: success: 1, skipped: 0, failure: 0, total: 1
composer/installers v1.7.0       v1.9.0       A multi-framework Composer library installer
drupal/superfish    1.3.0        1.4.0        Adds jQuery Superfish plugin to menu blocks.
drupal/typed_data   1.0.0-alpha4 1.0.0-alpha5 Extends the core Typed Data API with new APIS and features.
kacbtnor@mi3-ss36 [~/www]#

Nothing got updated alas.