Hi team,
Do you have a plan to upgrade jQuery 3.6.0 to 3.6.1?
Before 3.6.1, jQuery contains commented references to the hijacked domain blindsignals, within the files src/queue/delay.js and test/data/jquery-1.9.1.js (the former referring to a Web Archive version of the original site). Users without awareness of the domain's status could be exposed to unspecified attacks if they attempt to follow the links to the hijacked site. And jQuery 3.6.1 has remove those references in
this commit.
It's the safest thing to move out those references to the hijacked domain.
Best regards,
Rick Young