Trying to install in the latest Moodle 3.11.3 complains that

Incorrect syntax in plugin supported declaration in vflibs

Looking at Moodle source code, the $plugin->supported in version.php must really be 2 integers. Moodle checks it (in lib/classes/plugininfo/base.php) like this:

if (isset($plugin->supported)) {
    // Checks for structure of supported.
    $isint = (is_int($plugin->supported[0]) && is_int($plugin->supported[1]));
    $isrange = ($plugin->supported[0] <= $plugin->supported[1] && count($plugin->supported) == 2);

    if (is_array($plugin->supported) && $isint && $isrange) {
	$this->pluginsupported = $plugin->supported;
    } else {
	throw new coding_exception('Incorrect syntax in plugin supported declaration in '."$this->name");
    }
}

Fix seems to be just to update version.php from

$plugin->supported = [38];

->

$plugin->supported = [38, 38];

When install this plugin in our moodle site (3.8.1+ Build: 20200221), the system return the message as below:

Validating local_vflibs ... Error
[Error] Required Moodle version [2019112200]
Installation aborted due to validation failure

Hello, we wanted to use this plugin, but found some included libraries in old versions. Some of them have newer versions with security updates. The libraries are listed below:

• jquery:
  jQWidgets
  used version: 4.1.2 (April-28-2016)
  latest version: 6.0.6 ( August 13, 2018) https://www.jqwidgets.com/tag/jqwidgets/
• tcpdf:
  used version: 3, 29 June 2007
  latest version: 6.2.25 https://github.com/tecnickcom/TCPDF/blob/master/CHANGELOG.TXT
  6.2.22
  - Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data.
  6.2.19
  - Merge various fixes for PHP 7.3 compatibility and security.
  6.2.0 (2014-12-10)
  - Bug #1005 "Security Report, LFI posting internal files externally abusing default parameter" was fixed.
  6.0.093 (2014-09-02)
  - Security fix: some serialize/unserialize methods were replaced with json_encode/json_decode to avoid a potential object injection with user supplied content. Thanks to ownCloud Inc. for reporting this issue.
  ...
• timeline_api_2.3.0:
  used version: 2.3.0
  latest version: 2.3.1 and pre 2.4.0 https://github.com/simile-widgets/timeline
• xpdf:
  used version: 3.02 (2007-feb-27)
  latest version: 4.00 (2017-aug-10) http://www.xpdfreader.com/download.html
  Fixed a security hole in SecurityHandler.cc (uninitialized variables).
  This vulnerability was discovered by Kushal Shah of Fortinet's
  FortiGuard Labs.
  Fixed a security hole in Function.cc (write past end of array).
  Fixed a security hole with the use of d0/d1 operators outside of a
  Type3 CharProc [CVE-2016-9027].

We want also to report one files structure issue below:
local/vflibs/timelinelib.php lines 153, 157,161 - uses mkdir($CFG->dataroot.'/'.$COURSE->id.'/...', 0777). It should make temporary folders in $CFG->dataroot.'/temp' since Moodle 2.0: https://docs.moodle.org/21/en/Creating_Moodle_site_data_directory/Data_directory