[Security] Outdated version of jQuery

[kimsyversen]

Security issue
The jQuery libraries in use by the Nextcloud 12.0.2 are fairly outdated. The libraries (jQuery 2.1.4) dates back to April 2015. In addition, jQuery have moved to a common platform version 3.x.x, and therefore also faces the risk of no longer having available updates and security patches.

From a security perspective it appears that in the current Nextcloud 12.0.2 code, there have been applied certain changes to mitigate the currently know weaknesses in jQuery, e.g. preventing loading of scripts from external resources. Nevertheless it would be recommended to migrate the jQuery code to the new platform version 3.x.x.

Examples of outdated jQuery libraries:

/core/vendor/jquery/dist/jquery.min.js  (jQuery 2.1.4)
/core/vendor/jquery-ui/ui/minified/jquery-ui.custom.min.js (jQuery UI v1.10.0)
/core/vendor/jquery/dist/jquery.js (jQuery 2.1.4)

Proposed solution
Implement automatic pulling of the latest available version of jQuery before releasing a new version of nextcloud/server

[MorrisJobke]

Implement automatic pulling of the latest available version of jQuery before releasing a new version of nextcloud/server

Not an option as of now, because this will break current code and need to be fixed first. Also we check which changes are done in upstream projects.

Our security team for example had a look at this old jQuery version and dropped the unused and code with security issues.

I will close this as duplicate of #4628, because once that is done we will update the jQuery version of course.

cc @nextcloud/security