Regression in dependency resolution since 2.6.0

[T2L]

Unable to update drupal/paragraphs package from version 1.15.0 to 1.16.0 (latest atm) with Composer 2.6. See the attached lock file to reproduce.

See composer.zip

My composer.json:

{
    "type": "project",
    "require": {
        "drupal/classy": "^1.0",
        "drupal/core-recommended": "^9.2",
        "drupal/paragraphs": "^1.15"
    },
    "repositories": {
        "_drupal": {
            "type": "composer",
            "url": "https://packages.drupal.org/8"
        }
        
    },
    "minimum-stability": "dev",
    "prefer-stable": true
}

Output of composer diagnose:

❯ composer diagnose
Checking composer.json: WARNING
No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
Checking platform settings: OK
Checking git settings: OK git version 2.42.0
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking github.com oauth access: OK
Checking disk free space: OK
Checking pubkeys: 
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0  87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B  0C708369 153E328C AD90147D AFE50952
OK
Checking composer version: OK
Composer version: 2.6.2
PHP version: 8.1.23
PHP binary path: /usr/local/Cellar/php@8.1/8.1.23/bin/php
OpenSSL version: OpenSSL 3.1.2 1 Aug 2023
cURL version: 8.2.1 libz 1.2.11 ssl (SecureTransport) OpenSSL/3.1.2
zip: extension present, unzip present, 7-Zip not available

When I run this command:

composer update drupal/paragraphs --with-all-dependencies --no-interaction --prefer-dist --prefer-stable -vv

I get the following output:

Loading composer repositories with package information
Pool optimizer completed in 2.586 seconds
Found 12,346 package versions referenced in your dependency graph. 11,376 (92%) were optimized away.
Updating dependencies
Dependency resolution completed in 0.002 seconds
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires drupal/classy ^1.0, found drupal/classy[dev-1.0.x, 1.0.0-alpha1, 1.0.0-alpha2, 1.0.0-alpha3, 1.0.0-rc1, 1.0.0, 1.0.1, 1.0.2, 1.0.x-dev (alias of dev-1.0.x)] but these were not loaded, likely because it conflicts with another require.

And I expected this to happen:

Composer up to version 2.6.0 was able to update to update drupal/paragraphs (1.15.0 => 1.16.0)

[T2L]

Composer 2.5.8 output from

composer update drupal/paragraphs --with-all-dependencies --no-interaction --prefer-dist --prefer-stable -vv

is

Loading composer repositories with package information
Info from https://repo.packagist.org: #StandWithUkraine
Pool optimizer completed in 3.229 seconds
Found 12,432 package versions referenced in your dependency graph. 11,438 (92%) were optimized away.
Updating dependencies
Dependency resolution completed in 0.002 seconds
Analyzed 994 packages to resolve dependencies
Analyzed 750 rules to resolve dependencies
Lock file operations: 0 installs, 1 update, 0 removals
Updates: drupal/paragraphs:1.16.0
  - Upgrading drupal/paragraphs (1.15.0 => 1.16.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 0 installs, 1 update, 0 removals
Updates: drupal/paragraphs:1.16.0
  - Loading drupal/paragraphs (1.16.0) from cache
  - Upgrading drupal/paragraphs (1.15.0 => 1.16.0): Extracting archive
Package doctrine/reflection is abandoned, you should avoid using it. Use roave/better-reflection instead.
Package symfony/debug is abandoned, you should avoid using it. Use symfony/error-handler instead.
Generating autoload files
40 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
No security vulnerability advisories found

[T2L]

The difference is (probably here) - optimized away packages

2.6

Found 12,346 package versions referenced in your dependency graph. 11,376 (92%) were optimized away.

vs

2.5.8

Found 12,432 package versions referenced in your dependency graph. 11,438 (92%) were optimized away.

[Seldaek]

cc @driskell @Toflar most likely this is related to #11449 if either of you has bandwidth to investigate that'd be nice.

[Toflar]

See #11629.

[steffenr]

I also had a very similar problem.
After updating composer to 2.6.3, the issue was fixed and i can run composer update _package_ -W without problems.