Hello there, i'm running opensuse leap 15.4 recently installed roundcube 1.5.3 (LTS) via Yast. out of curiosity I did a composer update --dry-run in the roundcubemail install directory composer showed me quite some available updates. see below Should I do the composer update? Or should I just leave things like it is? And wait for opensuse to push a new roundcube rpm update if necessary? I'm worried that running the composer update will break things with roundcube? On the other side I see quite a lot of available updates? What's the best approach? thanks & greetings Ralf cx20:/srv/www/roundcubemail # sudo -u wwwrun composer update --dry-run Loading composer repositories with package information Info from https://repo.packagist.org: #StandWithUkraine Updating dependencies Lock file operations: 0 installs, 17 updates, 5 removals   - Removing paragonie/random_compat (v2.0.21)   - Removing phpdocumentor/reflection-common (1.0.1)   - Removing phpdocumentor/type-resolver (0.3.0)   - Removing symfony/polyfill-php70 (v1.19.0)   - Removing webmozart/assert (1.9.1)   - Upgrading doctrine/instantiator (1.0.5 => 1.5.0)   - Upgrading guzzlehttp/promises (1.5.1 => 1.5.2)   - Upgrading masterminds/html5 (2.7.5 => 2.7.6)   - Upgrading pear/net_ldap2 (v2.2.0 => v2.2.1)   - Upgrading pear/net_sieve (1.4.5 => 1.4.6)   - Upgrading pear/net_smtp (1.10.0 => 1.10.1)   - Downgrading phpdocumentor/reflection-docblock (3.2.2 => 2.0.5)   - Downgrading phpspec/prophecy (v1.10.3 => v1.5.0)   - Downgrading phpunit/php-timer (1.0.9 => 1.0.8)   - Upgrading ralouphie/getallheaders (2.0.5 => 3.0.3)   - Downgrading sebastian/diff (1.4.3 => 1.4.1)   - Downgrading sebastian/environment (1.3.8 => 1.3.7)   - Upgrading symfony/polyfill-ctype (v1.19.0 => v1.27.0)   - Upgrading symfony/polyfill-intl-idn (v1.19.0 => v1.27.0)   - Upgrading symfony/polyfill-intl-normalizer (v1.19.0 => v1.27.0)   - Upgrading symfony/polyfill-php72 (v1.19.0 => v1.27.0)   - Upgrading symfony/yaml (v2.8.52 => v3.4.47) Installing dependencies from lock file (including require-dev) Package operations: 19 installs, 9 updates, 2 removals   - Removing symfony/polyfill-php70 (v1.19.0)   - Removing paragonie/random_compat (v2.0.21)   - Upgrading symfony/polyfill-php72 (v1.19.0 => v1.27.0)   - Upgrading symfony/polyfill-intl-normalizer (v1.19.0 => v1.27.0)   - Upgrading symfony/polyfill-intl-idn (v1.19.0 => v1.27.0)   - Upgrading ralouphie/getallheaders (2.0.5 => 3.0.3)   - Upgrading guzzlehttp/promises (1.5.1 => 1.5.2)   - Upgrading pear/net_ldap2 (v2.2.0 => v2.2.1)   - Installing symfony/polyfill-ctype (v1.27.0)   - Upgrading masterminds/html5 (2.7.5 => 2.7.6)   - Upgrading pear/net_sieve (1.4.5 => 1.4.6)   - Upgrading pear/net_smtp (1.10.0 => 1.10.1)   - Installing phpdocumentor/reflection-docblock (2.0.5)   - Installing phpunit/php-token-stream (1.4.12)   - Installing symfony/yaml (v3.4.47)   - Installing sebastian/version (1.0.6)   - Installing sebastian/global-state (1.1.1)   - Installing sebastian/recursion-context (1.0.5)   - Installing sebastian/exporter (1.2.2)   - Installing sebastian/environment (1.3.7)   - Installing sebastian/diff (1.4.1)   - Installing sebastian/comparator (1.2.4)   - Installing phpunit/php-text-template (1.2.1)   - Installing doctrine/instantiator (1.5.0)   - Installing phpunit/phpunit-mock-objects (2.3.8)   - Installing phpunit/php-timer (1.0.8)   - Installing phpunit/php-file-iterator (1.4.5)   - Installing phpunit/php-code-coverage (2.2.4)   - Installing phpspec/prophecy (v1.5.0)   - Installing phpunit/phpunit (4.8.36) Package phpunit/php-token-stream is abandoned, you should avoid using it. No replacement was suggested. Package phpunit/phpunit-mock-objects is abandoned, you should avoid using it. No replacement was suggested.