by Leon Stringer.
This sounds like a bad idea. I cannot see any vulnerabilities in jQuery 3.4.1 listed in the CVE database so I suggest the security team are wrong to recommend upgrading this. You should restore jQuery to the original version.
Moodle is maintained as a single system with weekly updates and security fixes (e.g. in Moodle 3.8.7). If you become aware of a vulnerability that can be exploited then you should open a security issue in the Tracker and it will be investigated.
If you modify core source code then you have a site which behaves differently to all others. This will complicate support issues and it adds an extra step when applying the updates needed to install security fixes from Moodle.
