I've recently been asked to update a legacy web application, installed on numerous client servers, to use the current version of jQuery 3.3.1, rather than 1.10.2 which has a number of vulnerabilities.
Do I need to simply update the version used by the system to increase its security, or will I need to remove the old jQuery files from the server as well?
The system only makes use of jQuery in a fairly limited manner, so I don't think that the update will cause too much re-development. Bearing this in mind, do I even need to update jQuery if the system isn't using any of the features with a vulnerability?