The OpenJS Foundation has sponsored a jQuery survey showing that a majority of websites using this ubiquitous library run unmaintained versions, concluding that privacy and security is at risk in three-quarters of a billion websites though without presenting evidence that jQuery is used in an insecure manner on these sites.
Many organizations use more than one verson, in fact it is quote common for multiple versions to be used on one site, hence the percentage figures presented.
The jQuery website does not publish an end of life policy, but does have a security policy on GitHub which states simply that “the latest released version of jQuery is supported.” At the time of writing, that is version 3.7.1 released in August. We have asked the Foundation for clarification of which versions are supported and how developers can track this information.
While the survey makes general references to the benefit of using current versions, such as that “more current versions typically have better security and newer features,” the reality is that constantly upgrading libraries such as jQuery can be difficult, especially if they come as part of another package, or are used in custom code that lacks rigorous test coverage. The upgrade guide to jQuery Core 3.0 shows a number of breaking changes.
An example of the kinds of problems faced by developers is in this 2019 thread where a post asked “I am one of the core committers to Drupal, which relies on jQuery and jQuery UI. With jQuery UI being in Emeritus (end of life) status, it puts us into a hard place once/if jQuery 4 comes out if jQuery 3 support is stopped, because that would mean that we are using an end of life JS library based on an unsupported version of another library.” A further post recollects how it was when jQuery 3.0 was released. “Our release was November 2015; jQuery 3.0 came out in 2016. By 2017 there were security fixes not being backported to jQuery 2, so we had to do a major version upgrade to jQuery 3 mid-major and it was a big breaking change for many Drupal sites and themes.”