Update jQuery version

[andreesg]

Problem:
While using Google's tools, PageSpeed and web.dev, to improve speed I've come across a problem with the jQuery version being used in the latest Plone 5.2 with Python 3.

This is the problem reported by Lighthouse when using https://web.dev/measure/:

Includes front-end JavaScript libraries with known security vulnerabilities

The current jQuery version used in Plone 5.2 is 1.12.4. This versions is reported to have two vulnerabilities: https://snyk.io/vuln/npm:jquery?lh=1.12.4&utm_source=lighthouse&utm_medium=ref&utm_campaign=audit

How can it be fixed?
Without your help I do not have enough knowledge to understand the consequences of updating this version.

Is it possible to update the jQuery version and solve the vulnerabilities?

[thet]

The biggest blocker currently are the very outdated drag/drop library files in mockup: https://github.com/plone/mockup/tree/master/mockup/lib
If we can remove the dependency on those and use something modern instead we probably can just update jQuery to the most recent version.

[nzambello]

Hi everyone, I'm interested in this topic so I'll watch out for news about it.
Thank you @thet for fixing this.

[giuliaghisini]

Hi everyone, i'm interessted too in this topic and news about it!