I should first start with I am on the Security side of the house and hoping to help my development side a bit (While they are helping me of course).   

From a PCI Scan we have been working on correcting

a.       jQuery Core rquickExpr variable with Cross-Site Scripting Vulnerability, CVE-2012-6708

b.       jQuery Cross-Domain Asynchronous JavaScript and Extensible Markup Language Request Cross-site Scripting Vulnerability, CVE-2015-9251

This has primarily been finding, replacing to newer versions of Jquery.  Out of 6 major forks of code we maintain they have successfully been able to correct 5 with a fair amount of effort.  In moving to our last fork, they have explained that this one is a much larger effort as JQUery is uses on many of the pages.

Also, recently, I was reading in a security blog and seeing there was another possible 3.x PCI vulnerability found (No I do not have the specific, it was more of a "Oh here we go again).

What I wondered (Yes, I did google, search on this side and even read the "Before you ask a question you ninny") and was unable to help myself.  

Are there any tool sets that might be able to make the effort easier on my development folks.  A scanner that more focuses on JQuery, a tool that might help them better/more quickly replace from one version to another.  This is not only for the one site left, but I think it would be more healthy to maintain the code inside of our code to a sensible release level.

I would apericate and pointers in the right direction.  

Thank You

Mike