Lowering priority. jQuery UI 1.9 is considered an LTS, and upgrading to 1.10 or 1.11 will be a major and breaking change since until recently we were on jQuery UI 1.8, and 1.9 introduced a brand new API (keeping support for the UI 1.8 API, but 1.10 drops support for this). There's no reason for us to upgrade right now, and certainly before we've finished the previous migration cycle of jQuery core upgrade and MediaWiki JS deprecations.
(In reply to Ryan Kaldari from comment #0)
jQuery UI 1.9 uses deprecated jQuery functions such as andSelf() (see bug
This is somewhat incorrect. Though andSelf is indeed deprecated, there are no plans by jQuery to remove it. It isn't part of the rest of jQuery Migrate and was not removed in jQuery core 1.8. In fact it still exists in the latest jQuery 1.11 and jQuery 2.x and thus jQuery UI continues to use it so that they don't have to feature-test andSelf/addBack for old versions.
Please reconsider the priority of this.
JQuery UI 1.9 has not been updated since 2012. Where do you see it marked as "LTS"? It is not being maintained.
JQuery UI 1.9 also has security vulnerabilities that are only fixed in newer versions. Example: CVE-2010-5312
The behaviour change in jQuery UI Dialog in v1.10 (the "title" constructor option now being "text" instead of "html") is hardly a security issue. It having been given a CVE id (CVE 2010-5312) seems a bit of an exaggeration.
It says in the jQuey UI 1.9 API Documentation that dialog/option-title takes any valid HTML string.
It's only subject to html injection if a consumer (e.g. developer) passes it user input. Which as far I can see is not the case in our usage. And if we would, we'd naturally escape it first (for it is interpreted as html).