Laravel updates and updates to various PHP libraries come once in awhile with little notice to your web application, and no notice is shown, no auto update runs – unlike WordPress. Once in awhile a security update comes, so how might you test it?
On a test or staging environment, back up the whole directory with the php project, then:
composer update
then wait awhile for this to run. On local, run
php artisan serve
and check out that all features work.
Now you will see in the composer.lock file, listing the installed /vendor/ folder libraries, an old version, eg
"name": "laravel/framework",
"version": "v6.5.1",
will be updated to
"name": "laravel/framework",
"version": "v6.20.14",
If your server has a similar environment and PHP version, back its current folder and run the same – “composer update”. It should behave in the same way.