推奨バージョンが9.4.0になっていた。ちょっと心配だったがそのままやってみた。

$ composer outdated "drupal/*"
Info from https://repo.packagist.org: #StandWithUkraine
Color legend:
- patch or minor release available - update recommended
- major release available - update possible
drupal/captcha                1.2.0  1.3.0 The CAPTCHA module provides this feature to virtually any user facing web form on a Drupal site.
drupal/core                   9.3.14 9.4.0 Drupal is an open source content management platform powering millions of websites and applications.
drupal/core-composer-scaffold 9.3.14 9.4.0 A flexible Composer project scaffold builder.
drupal/core-dev               9.3.14 9.4.0 require-dev dependencies from drupal/drupal; use in addition to drupal/core-recommended to run tes...
drupal/core-project-message   9.3.14 9.4.0 Adds a message after Composer installation.
drupal/core-recommended       9.3.14 9.4.0 Locked core dependencies; require this project INSTEAD OF drupal/core.
drupal/core-vendor-hardening  8.9.20 9.4.0 Hardens the vendor directory for when it's in the docroot.

例のように依存関係を保って、coreの全てをupdateする。

https://www.drupal.org/project/drupal/releases/9.4.0

$ composer update drupal/core "drupal/core-*" --with-all-dependencies
Loading composer repositories with package information
Updating dependencies
Lock file operations: 0 installs, 48 updates, 0 removals
  - Upgrading composer/composer (2.2.13 => 2.2.14)
  - Upgrading composer/semver (3.2.6 => 3.3.2)
  - Upgrading doctrine/lexer (1.2.1 => 1.2.3)
  - Upgrading doctrine/reflection (1.2.2 => 1.2.3)
  - Upgrading drupal/core (9.3.14 => 9.4.0)
  - Upgrading drupal/core-composer-scaffold (9.3.14 => 9.4.0)
  - Upgrading drupal/core-dev (9.3.14 => 9.4.0)
  - Upgrading drupal/core-project-message (9.3.14 => 9.4.0)
  - Upgrading drupal/core-recommended (9.3.14 => 9.4.0)
  - Upgrading egulias/email-validator (3.1.2 => 3.2.1)
  - Upgrading guzzlehttp/guzzle (6.5.6 => 6.5.7)
  - Upgrading laminas/laminas-diactoros (2.8.0 => 2.11.0)
  - Upgrading laminas/laminas-feed (2.15.0 => 2.17.0)
  - Upgrading laminas/laminas-stdlib (3.6.1 => 3.7.1)
  - Upgrading nikic/php-parser (v4.13.2 => v4.14.0)
  - Upgrading phpstan/phpdoc-parser (1.5.1 => 1.6.3)
  - Upgrading psr/container (1.1.1 => 1.1.2)
  - Upgrading squizlabs/php_codesniffer (3.6.2 => 3.7.1)
  - Upgrading symfony/console (v4.4.34 => v4.4.42)
  - Upgrading symfony/debug (v4.4.31 => v4.4.41)
  - Upgrading symfony/dependency-injection (v4.4.34 => v4.4.42)
  - Upgrading symfony/deprecation-contracts (v2.5.0 => v2.5.1)
  - Upgrading symfony/error-handler (v4.4.34 => v4.4.41)
  - Upgrading symfony/event-dispatcher (v4.4.34 => v4.4.42)
  - Upgrading symfony/event-dispatcher-contracts (v1.1.11 => v1.1.12)
  - Upgrading symfony/http-client-contracts (v2.5.0 => v2.5.1)
  - Upgrading symfony/http-foundation (v4.4.34 => v4.4.41)
  - Upgrading symfony/http-kernel (v4.4.35 => v4.4.42)
  - Upgrading symfony/mime (v5.4.0 => v5.4.9)
  - Upgrading symfony/polyfill-ctype (v1.23.0 => v1.25.0)
  - Upgrading symfony/polyfill-iconv (v1.23.0 => v1.25.0)
  - Upgrading symfony/polyfill-intl-idn (v1.23.0 => v1.25.0)
  - Upgrading symfony/polyfill-intl-normalizer (v1.23.0 => v1.25.0)
  - Upgrading symfony/polyfill-mbstring (v1.23.1 => v1.25.0)
  - Upgrading symfony/polyfill-php72 (v1.25.0 => v1.26.0)
  - Upgrading symfony/polyfill-php73 (v1.25.0 => v1.26.0)
  - Upgrading symfony/polyfill-php80 (v1.23.1 => v1.25.0)
  - Upgrading symfony/process (v4.4.35 => v4.4.41)
  - Upgrading symfony/routing (v4.4.34 => v4.4.41)
  - Upgrading symfony/serializer (v4.4.35 => v4.4.42)
  - Upgrading symfony/service-contracts (v2.5.0 => v2.5.1)
  - Upgrading symfony/translation (v4.4.34 => v4.4.41)
  - Upgrading symfony/translation-contracts (v2.5.0 => v2.5.1)
  - Upgrading symfony/validator (v4.4.35 => v4.4.41)
  - Upgrading symfony/var-dumper (v5.4.0 => v5.4.9)
  - Upgrading symfony/yaml (v4.4.34 => v4.4.37)
  - Upgrading twig/twig (v2.14.11 => v2.15.1)
  - Upgrading webmozart/assert (1.10.0 => 1.11.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 0 installs, 48 updates, 0 removals
  - Downloading drupal/core-composer-scaffold (9.4.0)
  - Downloading drupal/core-project-message (9.4.0)
  - Downloading symfony/polyfill-php72 (v1.26.0)
  - Downloading symfony/polyfill-mbstring (v1.25.0)
  - Downloading symfony/polyfill-ctype (v1.25.0)
  - Downloading twig/twig (v2.15.1)
  - Downloading symfony/yaml (v4.4.37)
  - Downloading symfony/translation-contracts (v2.5.1)
  - Downloading symfony/polyfill-php80 (v1.25.0)
  - Downloading symfony/validator (v4.4.41)
  - Downloading symfony/translation (v4.4.41)
  - Downloading symfony/serializer (v4.4.42)
  - Downloading symfony/routing (v4.4.41)
  - Downloading symfony/polyfill-intl-idn (v1.25.0)
  - Downloading symfony/deprecation-contracts (v2.5.1)
  - Downloading symfony/mime (v5.4.9)
  - Downloading symfony/http-foundation (v4.4.41)
  - Downloading symfony/process (v4.4.41)
  - Downloading symfony/polyfill-iconv (v1.25.0)
  - Downloading symfony/polyfill-php73 (v1.26.0)
  - Downloading symfony/http-client-contracts (v2.5.1)
  - Downloading symfony/event-dispatcher-contracts (v1.1.12)
  - Downloading symfony/event-dispatcher (v4.4.42)
  - Downloading symfony/var-dumper (v5.4.9)
  - Downloading symfony/debug (v4.4.41)
  - Downloading symfony/error-handler (v4.4.41)
  - Downloading symfony/http-kernel (v4.4.42)
  - Downloading symfony/service-contracts (v2.5.1)
  - Downloading symfony/dependency-injection (v4.4.42)
  - Downloading symfony/console (v4.4.42)
  - Downloading laminas/laminas-stdlib (3.7.1)
  - Downloading laminas/laminas-feed (2.17.0)
  - Downloading laminas/laminas-diactoros (2.11.0)
  - Downloading guzzlehttp/guzzle (6.5.7)
  - Downloading doctrine/lexer (1.2.3)
  - Downloading egulias/email-validator (3.2.1)
  - Downloading doctrine/reflection (1.2.3)
  - Downloading composer/semver (3.3.2)
  - Downloading drupal/core (9.4.0)
  - Downloading nikic/php-parser (v4.14.0)
  - Downloading webmozart/assert (1.11.0)
  - Downloading squizlabs/php_codesniffer (3.7.1)
  - Downloading phpstan/phpdoc-parser (1.6.3)
  - Downloading composer/composer (2.2.14)
  - Upgrading drupal/core-composer-scaffold (9.3.14 => 9.4.0): Extracting archive
  - Upgrading drupal/core-project-message (9.3.14 => 9.4.0): Extracting archive
  - Upgrading symfony/polyfill-php72 (v1.25.0 => v1.26.0): Extracting archive
  - Upgrading symfony/polyfill-mbstring (v1.23.1 => v1.25.0): Extracting archive
  - Upgrading symfony/polyfill-ctype (v1.23.0 => v1.25.0): Extracting archive
  - Upgrading twig/twig (v2.14.11 => v2.15.1): Extracting archive
  - Upgrading symfony/yaml (v4.4.34 => v4.4.37): Extracting archive
  - Upgrading symfony/translation-contracts (v2.5.0 => v2.5.1): Extracting archive
  - Upgrading symfony/polyfill-php80 (v1.23.1 => v1.25.0): Extracting archive
  - Upgrading symfony/validator (v4.4.35 => v4.4.41): Extracting archive
  - Upgrading symfony/translation (v4.4.34 => v4.4.41): Extracting archive
  - Upgrading symfony/serializer (v4.4.35 => v4.4.42): Extracting archive
  - Upgrading symfony/routing (v4.4.34 => v4.4.41): Extracting archive
  - Upgrading symfony/polyfill-intl-normalizer (v1.23.0 => v1.25.0): Extracting archive
  - Upgrading symfony/polyfill-intl-idn (v1.23.0 => v1.25.0): Extracting archive
  - Upgrading symfony/deprecation-contracts (v2.5.0 => v2.5.1): Extracting archive
  - Upgrading symfony/mime (v5.4.0 => v5.4.9): Extracting archive
  - Upgrading symfony/http-foundation (v4.4.34 => v4.4.41): Extracting archive
  - Upgrading symfony/process (v4.4.35 => v4.4.41): Extracting archive
  - Upgrading symfony/polyfill-iconv (v1.23.0 => v1.25.0): Extracting archive
  - Upgrading symfony/polyfill-php73 (v1.25.0 => v1.26.0): Extracting archive
  - Upgrading symfony/http-client-contracts (v2.5.0 => v2.5.1): Extracting archive
  - Upgrading symfony/event-dispatcher-contracts (v1.1.11 => v1.1.12): Extracting archive
  - Upgrading symfony/event-dispatcher (v4.4.34 => v4.4.42): Extracting archive
  - Upgrading symfony/var-dumper (v5.4.0 => v5.4.9): Extracting archive
  - Upgrading symfony/debug (v4.4.31 => v4.4.41): Extracting archive
  - Upgrading symfony/error-handler (v4.4.34 => v4.4.41): Extracting archive
  - Upgrading symfony/http-kernel (v4.4.35 => v4.4.42): Extracting archive
  - Upgrading psr/container (1.1.1 => 1.1.2): Extracting archive
  - Upgrading symfony/service-contracts (v2.5.0 => v2.5.1): Extracting archive
  - Upgrading symfony/dependency-injection (v4.4.34 => v4.4.42): Extracting archive
  - Upgrading symfony/console (v4.4.34 => v4.4.42): Extracting archive
  - Upgrading laminas/laminas-stdlib (3.6.1 => 3.7.1): Extracting archive
  - Upgrading laminas/laminas-feed (2.15.0 => 2.17.0): Extracting archive
  - Upgrading laminas/laminas-diactoros (2.8.0 => 2.11.0): Extracting archive
  - Upgrading guzzlehttp/guzzle (6.5.6 => 6.5.7): Extracting archive
  - Upgrading doctrine/lexer (1.2.1 => 1.2.3): Extracting archive
  - Upgrading egulias/email-validator (3.1.2 => 3.2.1): Extracting archive
  - Upgrading doctrine/reflection (1.2.2 => 1.2.3): Extracting archive
  - Upgrading composer/semver (3.2.6 => 3.3.2): Extracting archive
  - Upgrading drupal/core (9.3.14 => 9.4.0): Extracting archive
  - Upgrading nikic/php-parser (v4.13.2 => v4.14.0): Extracting archive
  - Upgrading webmozart/assert (1.10.0 => 1.11.0): Extracting archive
  - Upgrading squizlabs/php_codesniffer (3.6.2 => 3.7.1): Extracting archive
  - Upgrading phpstan/phpdoc-parser (1.5.1 => 1.6.3): Extracting archive
  - Upgrading composer/composer (2.2.13 => 2.2.14): Extracting archive
  - Upgrading drupal/core-dev (9.3.14 => 9.4.0)
  - Upgrading drupal/core-recommended (9.3.14 => 9.4.0)
    Cleaning: twig/twig
    Cleaning: symfony/yaml
    Cleaning: symfony/validator
    Cleaning: symfony/translation
    Cleaning: symfony/serializer
    Cleaning: symfony/routing
    Cleaning: symfony/http-foundation
    Cleaning: symfony/process
    Cleaning: symfony/event-dispatcher
    Cleaning: symfony/debug
    Cleaning: symfony/http-kernel
    Cleaning: symfony/dependency-injection
    Cleaning: symfony/console
    Cleaning: egulias/email-validator
    Cleaning: squizlabs/php_codesniffer
    Cleaning: composer/composer
Package container-interop/container-interop is abandoned, you should avoid using it. Use psr/container instead.
Package doctrine/reflection is abandoned, you should avoid using it. Use roave/better-reflection instead.
Package symfony/debug is abandoned, you should avoid using it. Use symfony/error-handler instead.
Generating autoload files
Hardening vendor directory with .htaccess and web.config files.
87 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
PHP CodeSniffer Config installed_paths set to ../../drupal/coder/coder_sniffer,../../sirbrillig/phpcs-variable-analysis,../../slevomat/coding-standard
Cleaning vendor directory.
Scaffolding files for drupal/core:
  - Copy [web-root]/.htaccess from assets/scaffold/files/htaccess
 
 
  [RuntimeException]                                                                 
  Could not delete /home/husq/www/www_cycle_eek/sites/default/default.settings.php:  
 
 
update [--with WITH] [--prefer-source] [--prefer-dist] [--prefer-install PREFER-INSTALL] [--dry-run] [--dev] [--no-dev] [--lock] [--no-install] [--no-autoloader] [--no-suggest] [--no-progress] [-w|--with-dependencies] [-W|--with-all-dependencies] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--apcu-autoloader] [--apcu-autoloader-prefix APCU-AUTOLOADER-PREFIX] [--ignore-platform-req IGNORE-PLATFORM-REQ] [--ignore-platform-reqs] [--prefer-stable] [--prefer-lowest] [-i|--interactive] [--root-reqs] [--] [<packages>]...

最後に、default.settings.php　が消せなかったと言ってきているがupdateはできているようだ。以前はログアウトさせられなかった気がするが、今回はログアウトさせられた（そのままupdate.phpを実行しようとしたら、怒られて気づいた）

https://www.drupal.org/project/drupal/releases/9.4.0

• Color
• Aggregator
• HAL
• The Entity Reference and SimpleTest stubs

Entity Referenceを使っているように重っtが、enitityだけだった。機能拡張に表示が出てる。