For the described circumstances, I wouldn’t be inclined to change the phone number. Phone numbers are reasonably public anyway. I wouldn’t be overly concerned whomever came into possession of the phone would spoof its’ number. Scammers using number spoofing generally just pick random numbers for that.
I would also be inclined to change app and/or website passwords for services used particularly any that used the phone number as a second authentication method. If not already done, I’d also make sure an account PIN is setup for the Republic account to further prevent the remote possibility whomever came into possession of the phone might attempt to transfer (port) the number away from Republic. For more on that: How Do I Prevent an Unauthorized Transfer of My Phone Number to a Different Carrier? – Republic Help.
As a general security matter, I’ll mention it’s critical one use unique not easily guessed passwords for the apps and services one uses. Using the same password across multiple apps and websites is asking for trouble. A password manager helps tremendously with that. I use Bitwarden, which is free and open source.
Lastly, email addresses are as public (if not more so) than phone numbers. As many apps and services (Republic included) use one’s email address as part of one’s login credentials, making sure those services are properly secured with strong passwords and/or multi-factor authentication is worthwhile. This can be quite illuminating: https://haveibeenpwned.com/. There’s no need to panic about what one sees at that website (just be certain one changes the password and uses a strong password going forward for any identified compromised sites).