Just completed some research on jQuery and related security vulnerabilities. While I am in preference of the smaller filesize of the 1.x versions, I have come to the conclusion that 3.x versions are the only way to go when considering security.
Snyk.io list of XSS and DOS vulnerabilities that maybe possible with different jQuery versions.