Update jQuery to a supported version

[kittithorntha]

I have found that Nextcloud include jquery version 2.1.4 that have issue in this link jquery/jquery#2432

https://github.com/nextcloud/server/blob/master/core/vendor/core.js
at line 1
/*! jQuery v2.1.4 | (c) 2005, 2015 jQuery Foundation, Inc. | jquery.org/license */

Solution that is, Nextcloud should upgrade to the lasted version that was described in issue 2432

[nickvergessen]

The function which is dangerous is globalEval, and we fixed this method manually:

server/core/js/js.js

Lines 1285 to 1292 in 086ce70

	/**
	* Disable execution of eval in jQuery. We do require an allowed eval CSP
	* configuration at the moment for handlebars et al. But for jQuery there is
	* not much of a reason to execute JavaScript directly via eval.
	*
	* This thus mitigates some unexpected XSS vectors.
	*/
	jQuery.globalEval = function(){};

We should still think about updating it at some point since 2.1 seems to not get any updates anymore.

[nickvergessen]

cc @nextcloud/javascript

[MorrisJobke]

This requires #4628 to be fixed first.

[juliusknorr]

When greping through the core code, thw following in 3.x deprecated methods are also used quite often, so it makes sense to update those when bumping the jquery version:

• .bind()
• .delegate()

[joshtrichards]

We're on jQuery v3.7.x today.

@susnux I was going to close this, but I see you labeled this for refactor recently. Am I overlooking something?

[susnux]

Just for proper tags.
I do not plan to implement this, rather I would like to find time to drop jQuery completely (only external-files and user-ldap are missing to migrate to vue)