Recently, while working on the codebase for this very site, I tried running
composer update to upgrade from Drupal 8.8.4 to 8.8.5. Apparently I did this at just the wrong time, as there was an issue with Drupal’s dependencies in
8.9.x-dev which caused it to be selected as the upgrade candidate, and the default
drupal/core-recommended Composer setting was to allow
dev stability, so my site got updated to 8.9.x-dev, which was a bit of a surprise.
“No worries,” I thought, “I use git, so I’m protected!” A
git reset later, then change my
composer.json to use
"minimum-stability": "stable", and all is well with the world, right?
Well, no. You see, the problem is Drupal 8.9.x changed from an abandoned package,
zendframework/zend-diactoros, to a new package,
replaces the abandoned package.