We had already upgraded XF 2.2 to use jQuery 3.4.x but we have made the decision to bring that change forward to account for a potential XSS in jQuery 3.3.1, which you can read about here: https://xenforo.com/community/threads/jquery-3-3-1-cross-site-scripting-vulnerability.177281/ To be clear...
xenforo.com