remove unsupported JS libraries

First pass at removing all of the main jQuery versions other than the last releases from the 1.x and 2.x branches.

The problem with these changes is that the patches are massive, but hopefully once this is done the module will be a lot cleaner.

Unfortunately we've only just started adding tests to the module, and the tests we have so far won't really confirm whether this change breaks things.

Turns out the tests did show that something was broken.

There are 3 different jQuery Form versions.

    $jquery_form_versions = array(
      // jQuery Form 4, prior to version 4.2.1, had a serious regression that
      // broke Drupal's AJAX system because it didn't deserialize "+" back into
      // spaces which would cause triggering button values to not match in PHP.
      // @see https://www.drupal.org/node/2860158
      '4.2.1' => '1.7',

      // jQuery Form 3 indicates that it's compatible with jQuery >= 1.5. However,
      // it has parsing issues when used with Drupal and jQuery 1.5.
      // @see https://www.drupal.org/node/2604976
      '3.51.0' => '1.6',

      // Older versions.
      '2.69' => '1.4',
    );
    foreach ($jquery_form_versions as $jquery_form_version => $compatibility) {
      if (version_compare($jquery_version, $compatibility, '>=')) {
        $libraries['jquery.form']['js']['misc/jquery.form.js']['data'] = $path . '/replace/jquery.form/4/jquery.form' . $min . '.js';
        $libraries['jquery.form']['version'] = $jquery_form_version;
        break;
      }
    }

Note that it looks like the path is always to the jquery.form/4 directory, so I'm not actually sure whether the 2 and 3 versions are ever properly loaded.

On that basis, I think we're safe to remove everything but the 4.2.1 version.

No interdiff as it'd be horrible, but other than removing the directories for jquery.form 2 and 3 the only additional change is to remove the relevant elements from the $jquery_form_versions array above.

There are two versions of jQuery Migrate:

function jquery_update_jquery_migrate_replace(&$libraries, $path, $min, $version) {
  // Immediately return if jQuery Migrate isn't enabled or jQuery version
  // isn't at least 1.9 or higher.
  if (!variable_get('jquery_update_jquery_migrate_enable', FALSE) || !version_compare($version, '1.9', '>=')) {
    return;
  }

  if (version_compare($version, '3.0', '>=')) {
    $migrate_version = '3';
  }
  else {
    $migrate_version = '1';
  }


  $file = $path . '/replace/jquery-migrate/' . $migrate_version . '/jquery-migrate' . $min . '.js';

There's an argument to say remove version 3 as we're not going to be shipping a version of jQuery 3.x in the module.

It's jQuery Migrate - v3.0.0 whereas there's now a 3.4.0 release.

I think it'd be better to remove this old version of Migrate 3.

We could perhaps add to the requirements check to recommend that a custom version of jQuery Migrate is included if a custom version of jQuery 3.x is configured.

Removing this cleanly in jquery_update_jquery_migrate_replace() looks like it'll be a bit more work than some of the other changes have been though.

If a custom version of jQuery 3.x is enabled, the module won't provide (an outdated version of) jQuery Migrate 3.x

A newer version of jQuery Migrate can be configured via a Custom path.

I've added a message about this to the admin form.

jQuery UI...

There's currently only one version shipped with jQuery Update and that's 1.10.2

The jQuery UI project page currently has this info about releases and their compatibility:

1.13.2 (Stable, for jQuery1.8+)
1.12.1 (Legacy, for jQuery1.7+)
1.11.4 (Legacy, for jQuery1.6+)
1.10.4 (Legacy, for jQuery1.6+)
1.9.2 (Legacy, for jQuery1.6+) 

So 1.10.2 that the module provides was not the last release from the 1.10.x branch.

It's tempting to replace it with 1.13.2 but that goes against the overall approach of avoiding the Drupal module having to keep up-to-date with upstream releases.

I don't think it makes sense to update the module to a newer version than it currently has, but not the latest.

That leaves us with the not especially desirable option of leaving the module as it is.

For what it's worth https://www.drupal.org/sa-core-2022-002 (which addressed the security vulnerabilities fixed in jQuery UI 1.13.0) took into account jQuery Update's jQuery UI version 1.10.2

Finally (?) jquery-cookie which is perhaps the most muddled of all.

The repo from which this came is now archived / readonly so I think we can be fairly confident there will be no more releases.

There are a handful of release tags for the library:

https://github.com/carhartl/jquery-cookie/tags

However, all of these are newer than the version shipped in jQuery Update.

    // Replace the jQuery Cookie plugin.
    $libraries['cookie']['js']['misc/jquery.cookie.js']['data'] = $path . '/replace/ui/external/jquery.cookie.js';
    // Noting the version based on git commit as no version number is available.
    $libraries['cookie']['version'] = '67fb34f6a866c40d0570';

That's an individual commit from Jan 2011 which predates all of the release tags:

https://github.com/carhartl/jquery-cookie/commit/67fb34f6a866c40d0570265...

The project forked / continued development at https://github.com/js-cookie/js-cookie but the releases after those in the archived repo seem to be significantly different - IIUC it stopped being a jQuery plugin - although it looks like there is/was a compatibility layer e.g.:

https://github.com/js-cookie/js-cookie/tree/v1.5.1

All that said, jQuery Update ships with just that one file from around Jan 2011 and I don't think we should remove that or replace it with one of the tagged releases from the archived repo.

~3.75 MB of outdated JS libraries removed.

See #3312045: Plan for jQuery Update 7.x-4.0 release for remaining tasks to get a new release out.

Yeah I started off trying to change as little as possible so had skipped over that, but you're right... may as well clean that up while we're at it.

Thanks!