diff --git a/framework/web/js/source/jquery.ba-bbq.js b/framework/web/js/source/jquery.ba-bbq.js
index ead4ba1bd9..5d8978c5b7 100644
--- a/framework/web/js/source/jquery.ba-bbq.js
+++ b/framework/web/js/source/jquery.ba-bbq.js
@@ -7,6 +7,13 @@
  * https://benalman.com/about/license/
  */
 
+/* 
+ * Additional changes to this file:
+ * - Removed support for IE8 and below
+ * - Fixed prototype pollution (CVE-2021-20086)
+ * - Minified with `uglifyjs jquery.ba-bbq.js --compress -o jquery.ba-bbq.min.js`
+ */
+
 // Script: jQuery BBQ: Back Button & Query Library
 //
 // *Version: 1.4pre, Last updated: 1/15/2013*
@@ -465,7 +472,9 @@
   //  (Object) An object representing the deserialized params string.
   
   $.deparam = jq_deparam = function( params, coerce ) {
-    var obj = {},
+    var prohibitedKeys = ['__proto__'];
+    
+    var obj = Object.create(null),
       coerce_types = { 'true': !0, 'false': !1, 'null': null };
     
     // Iterate over all name=value pairs.
@@ -480,6 +489,10 @@
         // into its component parts.
         keys = key.split( '][' ),
         keys_last = keys.length - 1;
+
+      if ( prohibitedKeys.includes( key ) ) {
+        return;
+      }
       
       // If the first keys part contains [ and the last ends with ], then []
       // are correctly balanced.
@@ -521,8 +534,13 @@
           // * Rinse & repeat.
           for ( ; i <= keys_last; i++ ) {
             key = keys[i] === '' ? cur.length : keys[i];
+            
+            if ( prohibitedKeys.includes( key ) ) {
+              return;
+            }
+
             cur = cur[key] = i < keys_last
-              ? cur[key] || ( keys[i+1] && isNaN( keys[i+1] ) ? {} : [] )
+              ? cur[key] || ( keys[i+1] && isNaN( keys[i+1] ) ? Object.create(null) : [] )
               : val;
           }
           
@@ -1017,7 +1035,7 @@
 // 
 // hashchange event - https://benalman.com/code/projects/jquery-hashchange/examples/hashchange/
 // document.domain - https://benalman.com/code/projects/jquery-hashchange/examples/document_domain/
-//
+// 
 // About: Support and Testing
 // 
 // Information about what version or versions of jQuery this plugin has been
@@ -1050,7 +1068,7 @@
 // 1.3   - (7/21/2010) Reorganized IE6/7 Iframe code to make it more
 //         "removable" for mobile-only development. Added IE6/7 document.title
 //         support. Attempted to make Iframe as hidden as possible by using
-//         techniques from https://www.paciellogroup.com/blog/?p=604. Added
+//         techniques from https://www.paciellogroup.com/blog/?p=604. Added 
 //         support for the "shortcut" format $(window).hashchange( fn ) and
 //         $(window).hashchange() like jQuery provides for built-in events.
 //         Renamed jQuery.hashchangeDelay to <jQuery.fn.hashchange.delay> and
@@ -1282,96 +1300,6 @@
       timeout_id = setTimeout( poll, $.fn[ str_hashchange ].delay );
     };
     
-    // vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
-    // vvvvvvvvvvvvvvvvvvv REMOVE IF NOT SUPPORTING IE6/7/8 vvvvvvvvvvvvvvvvvvv
-    // vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
-    (navigator.userAgent.match(/MSIE/i) !== null) && !supports_onhashchange && (function(){
-      // Not only do IE6/7 need the "magical" Iframe treatment, but so does IE8
-      // when running in "IE7 compatibility" mode.
-      
-      var iframe,
-        iframe_src;
-      
-      // When the event is bound and polling starts in IE 6/7, create a hidden
-      // Iframe for history handling.
-      self.start = function(){
-        if ( !iframe ) {
-          iframe_src = $.fn[ str_hashchange ].src;
-          iframe_src = iframe_src && iframe_src + get_fragment();
-          
-          // Create hidden Iframe. Attempt to make Iframe as hidden as possible
-          // by using techniques from https://www.paciellogroup.com/blog/?p=604.
-          iframe = $('<iframe tabindex="-1" title="empty"/>').hide()
-            
-            // When Iframe has completely loaded, initialize the history and
-            // start polling.
-            .one( 'load', function(){
-              iframe_src || history_set( get_fragment() );
-              poll();
-            })
-            
-            // Load Iframe src if specified, otherwise nothing.
-            .attr( 'src', iframe_src || 'javascript:0' )
-            
-            // Append Iframe after the end of the body to prevent unnecessary
-            // initial page scrolling (yes, this works).
-            .insertAfter( 'body' )[0].contentWindow;
-          
-          // Whenever `document.title` changes, update the Iframe's title to
-          // prettify the back/next history menu entries. Since IE sometimes
-          // errors with "Unspecified error" the very first time this is set
-          // (yes, very useful) wrap this with a try/catch block.
-          doc.onpropertychange = function(){
-            try {
-              if ( event.propertyName === 'title' ) {
-                iframe.document.title = doc.title;
-              }
-            } catch(e) {}
-          };
-          
-        }
-      };
-      
-      // Override the "stop" method since an IE6/7 Iframe was created. Even
-      // if there are no longer any bound event handlers, the polling loop
-      // is still necessary for back/next to work at all!
-      self.stop = fn_retval;
-      
-      // Get history by looking at the hidden Iframe's location.hash.
-      history_get = function() {
-        return get_fragment( iframe.location.href );
-      };
-      
-      // Set a new history item by opening and then closing the Iframe
-      // document, *then* setting its location.hash. If document.domain has
-      // been set, update that as well.
-      history_set = function( hash, history_hash ) {
-        var iframe_doc = iframe.document,
-          domain = $.fn[ str_hashchange ].domain;
-        
-        if ( hash !== history_hash ) {
-          // Update Iframe with any initial `document.title` that might be set.
-          iframe_doc.title = doc.title;
-          
-          // Opening the Iframe's document after it has been closed is what
-          // actually adds a history entry.
-          iframe_doc.open();
-          
-          // Set document.domain for the Iframe document as well, if necessary.
-          domain && iframe_doc.write( '<script>document.domain="' + domain + '"</script>' );
-          
-          iframe_doc.close();
-          
-          // Update the Iframe's hash, for great justice.
-          iframe.location.hash = hash;
-        }
-      };
-      
-    })();
-    // ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-    // ^^^^^^^^^^^^^^^^^^^ REMOVE IF NOT SUPPORTING IE6/7/8 ^^^^^^^^^^^^^^^^^^^
-    // ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-    
     return self;
   })();
   
diff --git a/framework/web/js/source/jquery.ba-bbq.min.js b/framework/web/js/source/jquery.ba-bbq.min.js
index e576da2841..70eee2e0a7 100644
--- a/framework/web/js/source/jquery.ba-bbq.min.js
+++ b/framework/web/js/source/jquery.ba-bbq.min.js
@@ -1,18 +1,23 @@
 /*
- * jQuery BBQ: Back Button & Query Library - v1.3pre - 8/26/2010
- * https://benalman.com/projects/jquery-bbq-plugin/
+ * jQuery BBQ: Back Button & Query Library - v1.4pre - 1/15/2013
+ * http://benalman.com/projects/jquery-bbq-plugin/
  * 
  * Copyright (c) 2010 "Cowboy" Ben Alman
  * Dual licensed under the MIT and GPL licenses.
- * https://benalman.com/about/license/
+ * http://benalman.com/about/license/
  */
-(function($,r){var h,n=Array.prototype.slice,t=decodeURIComponent,a=$.param,j,c,m,y,b=$.bbq=$.bbq||{},s,x,k,e=$.event.special,d="hashchange",B="querystring",F="fragment",z="elemUrlAttr",l="href",w="src",p=/^.*\?|#.*$/g,u,H,g,i,C,E={};function G(I){return typeof I==="string"}function D(J){var I=n.call(arguments,1);return function(){return J.apply(this,I.concat(n.call(arguments)))}}function o(I){return I.replace(H,"$2")}function q(I){return I.replace(/(?:^[^?#]*\?([^#]*).*$)?.*/,"$1")}function f(K,P,I,L,J){var R,O,N,Q,M;if(L!==h){N=I.match(K?H:/^([^#?]*)\??([^#]*)(#?.*)/);M=N[3]||"";if(J===2&&G(L)){O=L.replace(K?u:p,"")}else{Q=m(N[2]);L=G(L)?m[K?F:B](L):L;O=J===2?L:J===1?$.extend({},L,Q):$.extend({},Q,L);O=j(O);if(K){O=O.replace(g,t)}}R=N[1]+(K?C:O||!N[1]?"?":"")+O+M}else{R=P(I!==h?I:location.href)}return R}a[B]=D(f,0,q);a[F]=c=D(f,1,o);a.sorted=j=function(J,K){var I=[],L={};$.each(a(J,K).split("&"),function(P,M){var O=M.replace(/(?:%5B|=).*$/,""),N=L[O];if(!N){N=L[O]=[];I.push(O)}N.push(M)});return $.map(I.sort(),function(M){return L[M]}).join("&")};c.noEscape=function(J){J=J||"";var I=$.map(J.split(""),encodeURIComponent);g=new RegExp(I.join("|"),"g")};c.noEscape(",/");c.ajaxCrawlable=function(I){if(I!==h){if(I){u=/^.*(?:#!|#)/;H=/^([^#]*)(?:#!|#)?(.*)$/;C="#!"}else{u=/^.*#/;H=/^([^#]*)#?(.*)$/;C="#"}i=!!I}return i};c.ajaxCrawlable(0);$.deparam=m=function(L,I){var K={},J={"true":!0,"false":!1,"null":null};$.each(L.replace(/\+/g," ").split("&"),function(O,T){var N=T.split("="),S=t(N[0]),M,R=K,P=0,U=S.split("]["),Q=U.length-1;if(/\[/.test(U[0])&&/\]$/.test(U[Q])){U[Q]=U[Q].replace(/\]$/,"");U=U.shift().split("[").concat(U);Q=U.length-1}else{Q=0}if(N.length===2){M=t(N[1]);if(I){M=M&&!isNaN(M)?+M:M==="undefined"?h:J[M]!==h?J[M]:M}if(Q){for(;P<=Q;P++){S=U[P]===""?R.length:U[P];R=R[S]=P<Q?R[S]||(U[P+1]&&isNaN(U[P+1])?{}:[]):M}}else{if($.isArray(K[S])){K[S].push(M)}else{if(K[S]!==h){K[S]=[K[S],M]}else{K[S]=M}}}}else{if(S){K[S]=I?h:""}}});return K};function A(K,I,J){if(I===h||typeof I==="boolean"){J=I;I=a[K?F:B]()}else{I=G(I)?I.replace(K?u:p,""):I}return m(I,J)}m[B]=D(A,0);m[F]=y=D(A,1);$[z]||($[z]=function(I){return $.extend(E,I)})({a:l,base:l,iframe:w,img:w,input:w,form:"action",link:l,script:w});k=$[z];function v(L,J,K,I){if(!G(K)&&typeof K!=="object"){I=K;K=J;J=h}return this.each(function(){var O=$(this),M=J||k()[(this.nodeName||"").toLowerCase()]||"",N=M&&O.attr(M)||"";O.attr(M,a[L](N,K,I))})}$.fn[B]=D(v,B);$.fn[F]=D(v,F);b.pushState=s=function(L,I){if(G(L)&&/^#/.test(L)&&I===h){I=2}var K=L!==h,J=c(location.href,K?L:{},K?I:2);location.href=J};b.getState=x=function(I,J){return I===h||typeof I==="boolean"?y(I):y(J)[I]};b.removeState=function(I){var J={};if(I!==h){J=x();$.each($.isArray(I)?I:arguments,function(L,K){delete J[K]})}s(J,2)};e[d]=$.extend(e[d],{add:function(I){var K;function J(M){var L=M[F]=c();M.getState=function(N,O){return N===h||typeof N==="boolean"?m(L,N):m(L,O)[N]};K.apply(this,arguments)}if($.isFunction(I)){K=I;return J}else{K=I.handler;I.handler=J}}})})(jQuery,this);
 /*
  * jQuery hashchange event - v1.3 - 7/21/2010
- * https://benalman.com/projects/jquery-hashchange-plugin/
+ * http://benalman.com/projects/jquery-hashchange-plugin/
  * 
  * Copyright (c) 2010 "Cowboy" Ben Alman
  * Dual licensed under the MIT and GPL licenses.
- * https://benalman.com/about/license/
+ * http://benalman.com/about/license/
  */
-(function($,e,b){var c="hashchange",h=document,f,g=$.event.special,i=h.documentMode,d="on"+c in e&&(i===b||i>7);function a(j){j=j||location.href;return"#"+j.replace(/^[^#]*#?(.*)$/,"$1")}$.fn[c]=function(j){return j?this.bind(c,j):this.trigger(c)};$.fn[c].delay=50;g[c]=$.extend(g[c],{setup:function(){if(d){return false}$(f.start)},teardown:function(){if(d){return false}$(f.stop)}});f=(function(){var j={},p,m=a(),k=function(q){return q},l=k,o=k;j.start=function(){p||n()};j.stop=function(){p&&clearTimeout(p);p=b};function n(){var r=a(),q=o(m);if(r!==m){l(m=r,q);$(e).trigger(c)}else{if(q!==m){location.href=location.href.replace(/#.*/,"")+q}}p=setTimeout(n,$.fn[c].delay)}!d&&(function(){var q,r;j.start=function(){if(!q){r=$.fn[c].src;r=r&&r+a();q=$('<iframe tabindex="-1" title="empty"/>').hide().one("load",function(){r||l(a());n()}).attr("src",r||"javascript:0").insertAfter("body")[0].contentWindow;h.onpropertychange=function(){try{if(event.propertyName==="title"){q.document.title=h.title}}catch(s){}}}};j.stop=k;o=function(){return a(q.location.href)};l=function(v,s){var u=q.document,t=$.fn[c].domain;if(v!==s){u.title=h.title;u.open();t&&u.write('<script>document.domain="'+t+'"<\/script>');u.close();q.location.hash=v}}})();return j})()})(jQuery,this);
+/* 
+ * Additional changes to this file:
+ * - Removed support for IE8 and below
+ * - Fixed prototype pollution (CVE-2021-20086)
+ * - Minified with `uglifyjs jquery.ba-bbq.js --compress -o jquery.ba-bbq.min.js`
+ */
+($=>{var jq_param_sorted,jq_param_fragment,jq_deparam,jq_deparam_fragment,jq_bbq_pushState,jq_bbq_getState,jq_elemUrlAttr,re_params_fragment,re_fragment,re_no_escape,ajax_crawlable,fragment_prefix,aps=Array.prototype.slice,decode=decodeURIComponent,jq_param=$.param,jq_bbq=$.bbq=$.bbq||{},special=$.event.special,re_params_querystring=/^.*\?|#.*$/g,elemUrlAttr_cache={};function is_string(arg){return"string"==typeof arg}function curry(func){var args=aps.call(arguments,1);return function(){return func.apply(this,args.concat(aps.call(arguments)))}}function jq_param_sub(is_fragment,get_func,url,params,merge_mode){var qs,matches,url_params,hash,merge_mode=void 0!==params?(hash=(matches=url.match(is_fragment?re_fragment:/^([^#?]*)\??([^#]*)(#?.*)/))[3]||"",2===merge_mode&&is_string(params)?qs=params.replace(is_fragment?re_params_fragment:re_params_querystring,""):(url_params=jq_deparam(matches[2]),params=is_string(params)?jq_deparam[is_fragment?"fragment":"querystring"](params):params,qs=2===merge_mode?params:1===merge_mode?$.extend({},params,url_params):$.extend({},url_params,params),qs=jq_param_sorted(qs),is_fragment&&(qs=qs.replace(re_no_escape,decode))),matches[1]+(is_fragment?fragment_prefix:qs||!matches[1]?"?":"")+qs+hash):get_func(void 0!==url?url:location.href);return merge_mode}function jq_deparam_sub(is_fragment,url_or_params,coerce){return url_or_params=void 0===url_or_params||"boolean"==typeof url_or_params?(coerce=url_or_params,jq_param[is_fragment?"fragment":"querystring"]()):is_string(url_or_params)?url_or_params.replace(is_fragment?re_params_fragment:re_params_querystring,""):url_or_params,jq_deparam(url_or_params,coerce)}function jq_fn_sub(mode,force_attr,params,merge_mode){return is_string(params)||"object"==typeof params||(merge_mode=params,params=force_attr,force_attr=void 0),this.each(function(){var that=$(this),attr=force_attr||jq_elemUrlAttr()[(this.nodeName||"").toLowerCase()]||"",url=attr&&that.attr(attr)||"";that.attr(attr,jq_param[mode](url,params,merge_mode))})}jq_param.querystring=curry(jq_param_sub,0,function(url){return url.replace(/(?:^[^?#]*\?([^#]*).*$)?.*/,"$1")}),jq_param.fragment=jq_param_fragment=curry(jq_param_sub,1,function(url){return url.replace(re_fragment,"$2")}),jq_param.sorted=jq_param_sorted=function(a,traditional){var arr=[],obj={};return $.each(jq_param(a,traditional).split("&"),function(i,v){var key=v.replace(/(?:%5B|=).*$/,""),key_obj=obj[key];key_obj||(key_obj=obj[key]=[],arr.push(key)),key_obj.push(v)}),$.map(arr.sort(),function(v){return obj[v]}).join("&")},jq_param_fragment.noEscape=function(chars){chars=$.map((chars=chars||"").split(""),encodeURIComponent);re_no_escape=new RegExp(chars.join("|"),"g")},jq_param_fragment.noEscape(",/"),jq_param_fragment.ajaxCrawlable=function(state){return void 0!==state&&(fragment_prefix=state?(re_params_fragment=/^.*(?:#!|#)/,re_fragment=/^([^#]*)(?:#!|#)?(.*)$/,"#!"):(re_params_fragment=/^.*#/,re_fragment=/^([^#]*)#?(.*)$/,"#"),ajax_crawlable=!!state),ajax_crawlable},jq_param_fragment.ajaxCrawlable(0),$.deparam=jq_deparam=function(params,coerce){var prohibitedKeys=["__proto__"],obj=Object.create(null),coerce_types={true:!0,false:!1,null:null};return $.each(params.replace(/\+/g," ").split("&"),function(j,v){var val,v=v.split("="),key=decode(v[0]),cur=obj,i=0,keys=key.split("]["),keys_last=keys.length-1;if(!prohibitedKeys.includes(key))if(keys_last=/\[/.test(keys[0])&&/\]$/.test(keys[keys_last])?(keys[keys_last]=keys[keys_last].replace(/\]$/,""),(keys=keys.shift().split("[").concat(keys)).length-1):0,2===v.length)if(val=decode(v[1]),coerce&&(val=val&&!isNaN(val)?+val:"undefined"===val?void 0:void 0!==coerce_types[val]?coerce_types[val]:val),keys_last)for(;i<=keys_last;i++){if(key=""===keys[i]?cur.length:keys[i],prohibitedKeys.includes(key))return;cur=cur[key]=i<keys_last?cur[key]||(keys[i+1]&&isNaN(keys[i+1])?Object.create(null):[]):val}else $.isArray(obj[key])?obj[key].push(val):void 0!==obj[key]?obj[key]=[obj[key],val]:obj[key]=val;else key&&(obj[key]=coerce?void 0:"")}),obj},jq_deparam.querystring=curry(jq_deparam_sub,0),jq_deparam.fragment=jq_deparam_fragment=curry(jq_deparam_sub,1),$.elemUrlAttr||($.elemUrlAttr=function(obj){return $.extend(elemUrlAttr_cache,obj)})({a:"href",base:"href",iframe:"src",img:"src",input:"src",form:"action",link:"href",script:"src"}),jq_elemUrlAttr=$.elemUrlAttr,$.fn.querystring=curry(jq_fn_sub,"querystring"),$.fn.fragment=curry(jq_fn_sub,"fragment"),jq_bbq.pushState=jq_bbq_pushState=function(params,merge_mode){is_string(params)&&/^#/.test(params)&&void 0===merge_mode&&(merge_mode=2);var has_args=void 0!==params,params=jq_param_fragment(location.href,has_args?params:{},has_args?merge_mode:2);location.href=params},jq_bbq.getState=jq_bbq_getState=function(key,coerce){return void 0===key||"boolean"==typeof key?jq_deparam_fragment(key):jq_deparam_fragment(coerce)[key]},jq_bbq.removeState=function(arr){var state={};void 0!==arr&&(state=jq_bbq_getState(),$.each($.isArray(arr)?arr:arguments,function(i,v){delete state[v]})),jq_bbq_pushState(state,2)},special.hashchange=$.extend(special.hashchange,{add:function(handleObj){var old_handler;function new_handler(e){var hash=e.fragment=jq_param_fragment();e.getState=function(key,coerce){return void 0===key||"boolean"==typeof key?jq_deparam(hash,key):jq_deparam(hash,coerce)[key]},old_handler.apply(this,arguments)}if($.isFunction(handleObj))return old_handler=handleObj,new_handler;old_handler=handleObj.handler,handleObj.handler=new_handler}})})(jQuery),(($,window)=>{var fake_onhashchange,timeout_id,last_hash,history_set,history_get,doc=document,special=$.event.special,doc=doc.documentMode,supports_onhashchange="onhashchange"in window&&(void 0===doc||7<doc);function get_fragment(url){return"#"+(url=url||location.href).replace(/^[^#]*#?(.*)$/,"$1")}function fn_retval(val){return val}function poll(){var hash=get_fragment(),history_hash=history_get(last_hash);hash!==last_hash?(history_set(last_hash=hash,history_hash),$(window).trigger("hashchange")):history_hash!==last_hash&&(location.href=location.href.replace(/#.*/,"")+history_hash),timeout_id=setTimeout(poll,$.fn.hashchange.delay)}$.fn.hashchange=function(fn){return fn?this.bind("hashchange",fn):this.trigger("hashchange")},$.fn.hashchange.delay=50,special.hashchange=$.extend(special.hashchange,{setup:function(){if(supports_onhashchange)return!1;$(fake_onhashchange.start)},teardown:function(){if(supports_onhashchange)return!1;$(fake_onhashchange.stop)}}),doc={},last_hash=get_fragment(),history_get=history_set=fn_retval,doc.start=function(){timeout_id||poll()},doc.stop=function(){timeout_id&&clearTimeout(timeout_id),timeout_id=void 0},fake_onhashchange=doc})(jQuery,this);
\ No newline at end of file