Code:
This is a quick hack to upgrade jquery to 3.5.1. 3.4.1 on the current 2.1 branch has 2 known xss potentials in it. Snyk - jquery@3.4.1 vulnerabilities | jquery 3.4.1
Not sure if they can even be run from XF, but it was something that showed up on my lighthouse report, so i addressed it.
In my quick testing, i haven't noticed anything breaking, but use at your own risk.
Your cp may show un-expected file contents as a result of this change.
download jquery3.5.1 https://code.jquery.com/jquery-3.5.1.min.js (right click, save target as)
upload to your folder location /js/vendor/jquery
alter /src/XF/App.php
around line 196 find
$container['jQueryVersion'] = '3.4.1';
change to
$container['jQueryVersion'] = '3.5.1';
save and test your site. view your source to ensure it's listed