To apt/yum update or not to update

I wish to share packer templates for people to build AMI’s for their own VFX rendering. Is it considered best practice to run yum / apt update on ami builds?

I find this step to be prone with error depending on the month, and is it also possible that it opens us up to potentially more vulnerabilities or less, I am unsure, but I’d like to hear what others think.

If I avoided it, I think workflows would likely be more reliable, however so much documentation relies on the update being performed that it can be difficult to avoid. For example even installing python-pip on an ubuntu 18 base ami will error without doing it.