How often should I update dependencies using composer in Symfony 4 based website with open sourced code?
I am creating a new version of my PHP-written public website. The new version will be based on Symfony 4 framework and its code will be available on GitHub. That code won't be designed to be reusable outside of my web app, my domain — the intention of open sourcing it is to allow some users to contribute to my website using pull requests (I specified this limitation in my license). Because repository will be publicly visible, all the people will be able to see (sometimes maybe outdated) dependencies version in the composer.lock file.
in my opinion dont update composer in the middle of your project. once i was working zend3 , i updated composer and there was an issue about updating migrations just because version of composer. So just update composer before you start your project and leave it like that.