Currently I'm working on bringing a default Plone installation to score 100/100 in all Google metrics. I intent to write and share a small article with instructions that everybody can use to get there.
While using Google's tools, PageSpeed and web.dev, to improve speed I've come across a problem with the jQuery version being used in the latest Plone 5.2 with Python 3.
This is the problem reported by Lighthouse when using https://web.dev/measure/:
The current jQuery version used in Plone 5.2 is 1.12.4. This versions is reported to have two vulnerabilities: https://snyk.io/vuln/npm:jquery?lh=1.12.4&utm_source=lighthouse&utm_medium=ref&utm_campaign=audit
How can it be fixed?
jQuery for Plone seems to live in the product https://github.com/plone/plone.staticresources. However, without your help I do not have enough knowledge to understand the consequences of updating this version.
Is it possible to update the jQuery version and solve the vulnerabilities?