The package Jquery-UI is dependent on Jquery, which is without vulnerabilities since v 3.5.0. The current version of Jquery-UI is 3 months old and depends on any Jquery version > 1.8.0.
The confusion comes from reading the vulnerability reports listed below; all of them refer to XSS vulns in Jquery itself, and not Jquery-UI. Additionally, most of them seem to have been published before any of the current versions of Jquery and Jquery-UI.
Is it possible to have a reassessment of Jquery-UI? From my understanding of the vulnerabilities described in the reports it isn’t Jquery-UI which is vulnerable, but previous versions of Jquery (now fixed). Is this a correct interpretation, or am I missing something fundamental here?