Your requirements could not be resolved to an installable set of packages. Problem 1 - Root composer.json requires couscous/couscous ^1.6.1 -> satisfiable by couscous/couscous[1.6.1, ..., 1.10.0]. - couscous/couscous[1.9.0, ..., 1.10.0] require twig/twig ^1.44 -> found twig/twig[v1.44.0, ..., v1.44.8] but these were not loaded, because they are affected by security advisories. To ignore the advisories, add ("PKSA-yhcn-xrg3-68b1", "PKSA-2wrf-1xmk-1pky") to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config. - couscous/couscous 1.6.1 requires symfony/process ~2.6|~3.0 -> found symfony/process[v2.6.0, ..., v2.8.52, v3.0.0, ..., v3.4.47] but these were not loaded, because they are affected by security advisories. To ignore the advisories, add ("PKSA-wws7-mr54-jsny") to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config. - couscous/couscous[1.6.2, ..., 1.6.3] require symfony/process ~2.6|~3.0|~4.0 -> found symfony/process[v2.6.0, ..., v2.8.52, v3.0.0, ..., v3.4.47, v4.0.0, ..., v4.4.44] but these were not loaded, because they are affected by security advisories. To ignore the advisories, add ("PKSA-wws7-mr54-jsny") to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config. - couscous/couscous[1.7.0, ..., 1.7.3] require symfony/process ~3.0|~4.0 -> found symfony/process[v3.0.0, ..., v3.4.47, v4.0.0, ..., v4.4.44] but these were not loaded, because they are affected by security advisories. To ignore the advisories, add ("PKSA-wws7-mr54-jsny") to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config. - couscous/couscous 1.8.0 requires twig/twig ~1.10 -> found twig/twig[v1.10.0, ..., v1.44.8] but these were not loaded, because they are affected by security advisories. To ignore the advisories, add ("PKSA-yhcn-xrg3-68b1", "PKSA-2wrf-1xmk-1pky") to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config. Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.