Is there a way to run composer update command on our production/test environment?

Problem is that i don't have access for Command Line.

Yes. there is a solution. but it could demands some server configuration... and some of these are forbidden by default due to security risks!!

download composer.phar https://getcomposer.org/download/ - this is PHP Archive which can be extracted via Phar() and executed as regular library.

create new php file and place it to web public folder. i.e. /public/composer.php

or download at https://github.com/whipsterCZ/laravel-libraries/blob/master/public/composer.php

Configuration

<?php

//TODO! Some Authorization - Whitelisted IP, Security tokens...


echo '<pre>
   ______
  / ____/___  ____ ___  ____  ____  ________  _____
 / /   / __ \/ __ `__ \/ __ \/ __ \/ ___/ _ \/ ___/
/ /___/ /_/ / / / / / / /_/ / /_/ (__  )  __/ /
\____/\____/_/ /_/ /_/ .___/\____/____/\___/_/  UPDATE
                    /_/

';
define('ROOT_DIR',realpath('../'));
define('EXTRACT_DIRECTORY', ROOT_DIR. '/composer');
define('HOME_DIRECTORY', ROOT_DIR. '/composer/home');
define('COMPOSER_INITED', file_exists(ROOT_DIR.'/vendor'));

set_time_limit(100);
ini_set('memory_limit',-1);

if (!getenv('HOME') && !getenv('COMPOSER_HOME')) {
    putenv("COMPOSER_HOME=".HOME_DIRECTORY);
}

Extracting composer library

if (file_exists(EXTRACT_DIRECTORY.'/vendor/autoload.php') == true) {
    echo "Extracted autoload already exists. Skipping phar extraction as presumably it's already extracted.\n";
}
else{
    $composerPhar = new Phar("../composer.phar");
    //php.ini set phar.readonly=0
    $composerPhar->extractTo(EXTRACT_DIRECTORY);
}

running Composer Command

// change directory to root
chdir(ROOT_DIR);

//This requires the phar to have been extracted successfully.
require_once (EXTRACT_DIRECTORY.'/vendor/autoload.php');

//Use the Composer classes
use Composer\Console\Application;
use Composer\Command\UpdateCommand;
use Symfony\Component\Console\Input\ArrayInput;


//Create the commands
$args = array('command' => 'update');
if(!COMPOSER_INITED) { 
    echo "This is first composer run: --no-scripts option is applies\n";
    $args['--no-scripts']=true; }        
}
$input = new ArrayInput($args);

//Create the application and run it with the commands
$application = new Application();
$application->setAutoExit(false);
$application->setCatchExceptions(false);
try {
    //Running commdand php.ini allow_url_fopen=1 && proc_open() function available
    $application->run($input);
    echo 'Success';
} catch (\Exception $e) {
    echo 'Error: '.$e->getMessage()."\n";
}

But Better will be performing composer install, according to composer.lock which is last dependency configuration tested from local environment

only change is

$args = array('command' => 'install');

The best idea is to NOT run Composer commands on the production server, but outside of it. Have a deployment script - your code has to be put on the server anyway, and it shouldn't matter if you add the dependencies ON the server after you uploaded the code, or before the upload.

The workflow would be like this: Have a local machine, checkout your code from the repo, run composer install, and then upload everything to the server. That sounds like a four line script to me:

git archive master | tar -x -C /deploy/application
pushd /deploy/application && composer install
popd
scp /deploy/application user@remoteserver:/srv/www/htdocs

Yes, you'd need some error handling in case something goes wrong, to stop the script from deploying a nonworking site. Also, optimizing uploads by using rsync would be a suggestion.

You can do this also: 1) Download the latest composer.phar 2) Execute a command from PHP script to do the wor using downloaded composer file

This is a temporary solution but can work for the immediate need.