On the other hand, I think I’d rather see it that it does not work instead of being vulnerable. So, I take a look at it and updated it to the latest version, which is currently available and also added which CVEs it fixes.
Anyway, squid is not actively maintained in packages feed as you can see, and I would like to see it updated in OpenWrt 19.07 branch as well to protect all routers, who have running OpenWrt 19.07 with vulnerable squid.