Last time I tried to cover this was Short list of laptops/desktops that work well with Qubes OS - #245 by Insurgo for older hardware.
Reading this, we can now infer that Intel gen 8th CPUs and less recent, not receiving microcode updates and thought to have transient/speculative vulnerabilities mitigated by Xen, HT being off and older microcode updates were enough to mitigate the risks documented in QSBs. This is not the case anymore.
I have opened QSB-107 - Multiple CPU branch prediction vulnerabilities - WILL AFFECT < 8th gen CPU forever · Issue #1975 · linuxboot/heads · GitHub and looking forward for advice into how to document this correctly so everyone is aware.