I had a reply from the TablePress developer:
Yes, TablePress relies on changes in WordPress 5.3, like a simplified code and CSS structure. This allows me to greatly reduce complexity, because I would otherwise have to add version checks in several places. Also, it makes offering support more difficult, because of the variety of versions that I would have to test with.
For users who can’t or don’t want to use the newest versions of WordPress, I recommend to stick to the older versions of TablePress. As for ClassicPress, which I have never tried myself, you could also investigate using WordPress again, but with the “Classic Editor” plugin.
I’m not going to argue with his logic. However the most recent version of TablePress that works with WP 4.9.x now has a vulnerability discovered. It’s not likely to lead to millions of exploits but it’s there nevertheless:
So although staying with TablePress 1.9.2 is safe for me (because I don’t use TablePress to import CSV, or allow my users to do so), it won’t be 100% safe for everyone.
So, I’m going to give consideration to the idea of forking it. It needs serious thought because it’s a large codebase and I don’t want to take on something that will try to take over my life.
I would be interested to know if other CP developers also use and like TablePress - please let me know.