[yocto] Security upgrade stategy

[Brian Smucker]

Hello,

I have an older yocto-based image built with Danny.

We have a need to update two components, php and dropbear, to the most 
modern versions for security purposes.

What is the preferred way to do this without moving the whole image to 
the latest version of poky/yocto? That would be a big job, which would 
necessitate migrating my linux dev environment to something newer, in 
addition to other things.

Or is there  a preferred way? How do people handle this?

Thanks,

Brian