$ composer require drupal/core-recommended:^9.5.11@stable --no-security-blocking -W ./composer.json has been updated Running composer update drupal/core-recommended --with-all-dependencies Gathering patches for root package. > DrupalProject\composer\ScriptHandler::checkComposerVersion Loading composer repositories with package information Updating dependencies Your requirements could not be resolved to an installable set of packages. Problem 1 - Root composer.json requires drupal/core-recommended ^9.5.11@stable -> satisfiable by drupal/core-recommended[9.5.11]. - drupal/core-recommended 9.5.11 requires psr/http-message ~1.0.1 -> found psr/http-message[1.0.1] but these were not loaded, likely because it conflicts with another require. Installation failed, reverting ./composer.json and ./composer.lock to their original content. $ composer require psr/http-message:1.0.1 --no-security-blocking -W ./composer.json has been updated Running composer update psr/http-message --with-all-dependencies Gathering patches for root package. > DrupalProject\composer\ScriptHandler::checkComposerVersion Loading composer repositories with package information Updating dependencies Your requirements could not be resolved to an installable set of packages. Problem 1 - Root composer.json requires psr/http-message 1.0.1 (exact version match: 1.0.1 or 1.0.1.0), found psr/http-message[1.0.1] but these were not loaded, likely because it conflicts with another require. Problem 2 - drupal/core is locked to version 9.5.11 and an update of this package was not requested. - drupal/core 9.5.11 requires longwave/laminas-diactoros ^2.14 -> satisfiable by longwave/laminas-diactoros[2.14.3]. - longwave/laminas-diactoros 2.14.3 requires psr/http-message ^1.0 -> found psr/http-message[1.0, 1.0.1, 1.1] but these were not loaded, likely because it conflicts with another require. Installation failed, reverting ./composer.json and ./composer.lock to their original content. https://github.com/composer/composer/discussions/11644#discussioncomment-10439966 $ composer why-not psr/http-message 1.0.1 guzzlehttp/psr7 2.8.0 requires psr/http-message (^1.1 || ^2.0) php-http/message 1.16.2 requires psr/http-message (^1.1 || ^2.0) Not finding what you were looking for? Try calling `composer update "psr/http-message:1.0.1" --dry-run` to get another view on the problem. $ composer why php-http/message php-http/client-common 2.7.3 requires php-http/message (^1.6) sentry/sentry 3.22.1 requires php-http/message (^1.5) $ composer why guzzlehttp/psr7 aws/aws-sdk-php 3.337.3 requires guzzlehttp/psr7 (^1.9.1 || ^2.4.5) guzzlehttp/guzzle 7.10.0 requires guzzlehttp/psr7 (^2.8) http-interop/http-factory-guzzle 1.2.1 requires guzzlehttp/psr7 (^1.7||^2.0) $ composer why guzzlehttp/guzzle aws/aws-sdk-php 3.337.3 requires guzzlehttp/guzzle (^6.5.8 || ^7.4.5) drupal/core 9.5.11 requires guzzlehttp/guzzle (^6.5.8 || ^7.4.5) drush/drush 10.3.6 requires guzzlehttp/guzzle (^6.3 || ^7.0) $ composer require psr/http-message:1.0.1 guzzlehttp/guzzle:^7.7.1 php-http/message:^1.14.0 --no-security-blocking -W works! $ composer require drupal/core-recommended:^9.5.11@stable psr/http-message:1.0.1 guzzlehttp/guzzle:^7.7.1 php-http/message:^1.14.0 --no-security-blocking -W ./composer.json has been updated Running composer update drupal/core-recommended psr/http-message guzzlehttp/guzzle php-http/message --with-all-dependencies Gathering patches for root package. > DrupalProject\composer\ScriptHandler::checkComposerVersion Loading composer repositories with package information Updating dependencies Your requirements could not be resolved to an installable set of packages. Problem 1 - Root composer.json requires drupal/core-recommended ^9.5.11@stable -> satisfiable by drupal/core-recommended[9.5.11]. - drupal/core-recommended 9.5.11 requires guzzlehttp/guzzle ~6.5.8 -> found guzzlehttp/guzzle[6.5.8, 6.5.x-dev] but it conflicts with your root composer.json require (^7.7.1). Installation failed, reverting ./composer.json and ./composer.lock to their original content. $ composer require drupal/core-recommended:^9.5.11@stable psr/http-message:1.0.1 guzzlehttp/guzzle:^6.5.0 php-http/message:^1.14.0 --no-security-blocking -W ./composer.json has been updated Running composer update drupal/core-recommended psr/http-message guzzlehttp/guzzle php-http/message --with-all-dependencies Gathering patches for root package. > DrupalProject\composer\ScriptHandler::checkComposerVersion Loading composer repositories with package information Updating dependencies Lock file operations: 2 installs, 21 updates, 1 removal - Removing laminas/laminas-servicemanager (3.17.0) - Downgrading composer/semver (3.4.4 => 3.3.2) - Locking container-interop/container-interop (1.2.0) - Downgrading doctrine/annotations (1.14.4 => 1.13.3) - Upgrading doctrine/deprecations (1.1.5 => 1.1.6) - Locking drupal/core-recommended (9.5.11) - Downgrading guzzlehttp/guzzle (7.10.0 => 6.5.8) - Downgrading guzzlehttp/promises (2.3.0 => 1.5.3) - Downgrading guzzlehttp/psr7 (2.8.0 => 1.9.1) - Downgrading laminas/laminas-feed (2.18.2 => 2.17.0) - Downgrading masterminds/html5 (2.10.0 => 2.7.6) - Downgrading pear/archive_tar (1.6.0 => 1.4.14) - Upgrading pear/console_getopt (v1.4.3 => v1.4.3) - Downgrading php-http/message (1.16.2 => 1.14.0) - Downgrading psr/http-factory (1.1.0 => 1.0.2) - Downgrading psr/http-message (1.1 => 1.0.1) - Downgrading symfony/event-dispatcher-contracts (v1.10.0 => v1.1.13) - Downgrading symfony/polyfill-ctype (v1.33.0 => v1.27.0) - Downgrading symfony/polyfill-iconv (v1.33.0 => v1.27.0) - Downgrading symfony/polyfill-intl-idn (v1.33.0 => v1.27.0) - Downgrading symfony/polyfill-intl-normalizer (v1.33.0 => v1.27.0) - Downgrading symfony/polyfill-mbstring (v1.33.0 => v1.27.0) - Downgrading symfony/polyfill-php80 (v1.33.0 => v1.27.0) - Downgrading twig/twig (v2.16.1 => v2.15.6) Writing lock file Installing dependencies from lock file (including require-dev) Package operations: 2 installs, 18 updates, 1 removal - Downloading symfony/polyfill-php80 (v1.27.0) - Downloading symfony/polyfill-mbstring (v1.27.0) - Downloading symfony/polyfill-ctype (v1.27.0) - Downloading twig/twig (v2.15.6) - Downloading symfony/polyfill-intl-normalizer (v1.27.0) - Downloading symfony/polyfill-intl-idn (v1.27.0) - Downloading symfony/polyfill-iconv (v1.27.0) - Downloading masterminds/html5 (2.7.6) - Downloading psr/http-factory (1.0.2) - Downloading laminas/laminas-feed (2.17.0) - Downloading container-interop/container-interop (1.2.0) - Removing laminas/laminas-servicemanager (3.17.0) Gathering patches for root package. Gathering patches for dependencies. This might take a minute. - Downgrading symfony/polyfill-php80 (v1.33.0 => v1.27.0): Extracting archive - Downgrading symfony/event-dispatcher-contracts (v1.10.0 => v1.1.13): Extracting archive - Downgrading symfony/polyfill-mbstring (v1.33.0 => v1.27.0): Extracting archive - Downgrading symfony/polyfill-ctype (v1.33.0 => v1.27.0): Extracting archive - Upgrading doctrine/deprecations (1.1.5 => 1.1.6): Extracting archive - Downgrading doctrine/annotations (1.14.4 => 1.13.3): Extracting archive - Downgrading twig/twig (v2.16.1 => v2.15.6): Extracting archive - Downgrading symfony/polyfill-intl-normalizer (v1.33.0 => v1.27.0): Extracting archive - Downgrading symfony/polyfill-intl-idn (v1.33.0 => v1.27.0): Extracting archive - Downgrading symfony/polyfill-iconv (v1.33.0 => v1.27.0): Extracting archive - Upgrading pear/console_getopt (v1.4.3 => v1.4.3): Extracting archive - Downgrading pear/archive_tar (1.6.0 => 1.4.14): Extracting archive - Downgrading masterminds/html5 (2.10.0 => 2.7.6): Extracting archive - Downgrading psr/http-factory (1.1.0 => 1.0.2): Extracting archive - Downgrading laminas/laminas-feed (2.18.2 => 2.17.0): Extracting archive - Downgrading guzzlehttp/promises (2.3.0 => 1.5.3): Extracting archive - Downgrading guzzlehttp/guzzle (7.8.2 => 6.5.8): Extracting archive - Downgrading composer/semver (3.4.4 => 3.3.2): Extracting archive - Installing drupal/core-recommended (9.5.11) - Installing container-interop/container-interop (1.2.0): Extracting archive Package container-interop/container-interop is abandoned, you should avoid using it. Use psr/container instead. Package doctrine/annotations is abandoned, you should avoid using it. No replacement was suggested. Package doctrine/reflection is abandoned, you should avoid using it. Use roave/better-reflection instead. Package j7mbo/twitter-api-php is abandoned, you should avoid using it. No replacement was suggested. Package pear/console_getopt is abandoned, you should avoid using it. No replacement was suggested. Package php-http/message-factory is abandoned, you should avoid using it. Use psr/http-factory instead. Package stack/builder is abandoned, you should avoid using it. No replacement was suggested. Package symfony/debug is abandoned, you should avoid using it. Use symfony/error-handler instead. Package webmozart/path-util is abandoned, you should avoid using it. Use symfony/filesystem instead. Package doctrine/cache is abandoned, you should avoid using it. No replacement was suggested. Generating autoload files 71 packages you are using are looking for funding. Use the `composer fund` command to find out more! > DrupalProject\composer\ScriptHandler::createRequiredFiles Found 52 security vulnerability advisories affecting 13 packages. Run "composer audit" for a full list of advisories.