We recommend that you always run the latest version of each of the plugins on your site; however, this is not a requirement as we recognize that different development teams run different maintenance and patch cycles.
Automatically generated Pull Requests from our bot
The VIP team maintains a bot (wpcomvip-bot) to generate pull requests updating some plugins and themes. We do not currently have full coverage of all plugins used by all VIPs and the bot-generated PRs are offered solely as a convenience. It remains the responsibility of individual VIP client developer teams to maintain the plugins used for their sites.
Remaining consistent with standard VIP practice, PRs will not be merged on your behalf unless they contain critical security fixes or resolve an existing or potential site outage. We recommend you merge the code into a development and/or non-production environment and test there before deploying to production.
Should the VIP team become aware of a security update, we will issue and merge PRs for affected production sites as soon as we can.