Hello,
I'd like to know if it is necessary to keep all the installed vendor packages up to date.
I always have installed the latest version of Magento CE (at the moment it's 2.2.3).
I run the following command to get a list of all packages which have a newer version available:
composer outdated
This list is pretty long in my case, and it contains stuff like that:
PACKAGE VERSION UPDATE DESCRIPTION
pdepend/pdepend 2.2.2 -> 2.5.2 Official ve
pelago/emogrifier V1.2.0 -> v2.0.0 Converts CS
phpmd/phpmd 2.5.0 -> 2.6.0 PHPMD is a
phpunit/php-code-coverage 2.2.4 -> 5.3.0 Library tha
phpunit/php-file-iterator 1.3.4 -> 1.4.5 FilterItera
phpunit/php-token-stream 1.4.12 -> 2.0.2 Wrapper aro
phpunit/phpunit 4.1.0 -> 6.5.7 The PHP Uni
As you can see, some versions are quite behind (e.g. phpunit). I have never explicitely installed these packages, they were just there, probably installed during magento 2 installation more than a year ago.
Now my questions are:
1) Will magento 2 upgrade take care of these when upgrading versions if necessary, and is it ok if packages are not up to date?
2) Or do I have to make sure that alle these packages are up to date?
3) Or should I just leave it as it is, because magento can't handle the newer version yet (never change a running system)?
I am just wondering, if this will lead to performance or security issues.
Thank you for your feedback!
