fix(deps): update dependency jquery to v4

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
jquery (source)	^3.5.1 → ^4.0.0

---

Release Notes

jquery/jquery (jquery)

v4.0.0

Compare Source

Changelog

https://blog.jquery.com/2026/01/17/jquery-4-0-0/

Ajax

• Don't treat array data as binary (992a1911)
• Allow processData: true even for binary data (ce264e07)
• Support binary data (including FormData) (a7ed9a7b)
• Support headers for script transport even when cross-domain (#​5142, 6d136443)
• Support null as success functions in jQuery.get (#​4989, 74978b7e)
• Don't auto-execute scripts unless dataType provided (#​4822, 025da4dd)
• Make responseJSON work for erroneous same-domain JSONP requests (68b4ec59)
• Execute JSONP error script responses (#​4771, a1e619b0)
• Avoid CSP errors in the script transport for async requests (#​3969, 07a8e4a1)
• Drop the json to jsonp auto-promotion logic (#​1799, #​3376, e7b3bc48)
• Overwrite s.contentType with content-type header value, if any (#​4119, 7fb90a6b)
• Deprecate AJAX event aliases, inline event/alias into deprecated (23d53928)
• Do not execute scripts for unsuccessful HTTP responses (#​4250, 50871a5a)
• Simplify jQuery.ajaxSettings.xhr (#​1967, abdc89ac)

Attributes

• Make .attr( name, false ) remove for all non-ARIA attrs (#​5388, 063831b6)
• Shave off a couple of bytes (b40a4807)
• Don't stringify attributes in the setter (#​4948, 4250b628)
• Drop the toggleClass(boolean|undefined) signature (#​3388, a4421101)
• Refactor val(): don't strip carriage return, isolate IE workarounds (ff281991)
• Don't set the type attr hook at all outside of IE (9e66fe9a)

CSS

• Fix dimensions of table <col> elements (#​5628, eca2a564)
• Drop the cache in finalPropName (640d5825)
• Tests: Fix tests & support tests under CSS Zoom (#​5489, 071f6dba)
• Fix reliableTrDimensions support test for initially hidden iframes (b1e66a5f)
• Selector: Align with 3.x, remove the outer selector.js wrapper (53cf7244)
• Make the reliableTrDimensions support test work with Bootstrap CSS (#​5270, 65b85031)
• Make offsetHeight( true ), etc. include negative margins (#​3982, bce13b72)
• Return undefined for whitespace-only CSS variable values (#​5120) (7eb00196)
• Don’t trim whitespace of undefined custom property (#​5105, ed306c02)
• Skip falsy values in addClass( array ), compress code (#​4998, a338b407)
• Justify use of rtrim on CSS property values (655c0ed5)
• Trim whitespace surrounding CSS Custom Properties values (#​4926, efadfe99)
• Include show, hide & toggle methods in the jQuery slim build (297d18dd)
• Remove the opacity CSS hook (865469f5)
• Workaround buggy getComputedStyle on table rows in IE/Edge (#​4490, 26415e08)
• Don't automatically add "px" to properties with a few exceptions (#​2795, 00a9c2e5)

Core

• Remove obsolete workarounds, update support comments (e2fe97b7)
• Switch $.parseHTML from document.implementation to DOMParser (0e123509)
• Fix the exports setup to make bundlers work with ESM & CommonJS (#​5416, 60f11b58)
• Add more info about named exports (5f869590)
• Simplify code post browser support reduction (93ca49e6)
• Move the factory to separate exports (46f6e3da)
• Use named exports in src/ (#​5262, f75daab0)
• Fix regression in jQuery.text() on HTMLDocument objects (#​5264, a75d6b52)
• Selector: Move jQuery.contains from the selector to the core module (024d8719)
• Drop the root parameter of jQuery.fn.init (d2436df3)
• Don't rely on splice being present on input (9c6f64c7)
• Manipulation: Add basic TrustedHTML support (#​4409, de5398a6)
• Report browser errors in parseXML (#​4784, 89697325)
• Make jQuery.isXMLDoc accept falsy input (#​4782, fd421097)
• Drop support for Edge Legacy (i.e. non-Chromium Microsoft Edge) (#​4568, e35fb62d)
• Fire iframe script in its context, add doc param in globalEval (#​4518, 4592595b)
• Exclude callbacks & deferred modules in the slim build as well (fbc44f52)
• Migrate from AMD to ES modules 🎉 (d0ce00cd)
• Use Array.prototype.flat where supported (#​4320, 9df4f1de)
• Remove private copies of push, sort & splice from the jQuery prototype (b59107f5)
• Implement .even() & .odd() to replace POS :even & :odd (78420d42)
• Deprecate jQuery.trim (#​4363, 5ea59460)
• Remove IE-specific support tests, rely on document.documentMode (#​4386, 3527a384)
• Drop support for IE <11, iOS <11, Firefox <65, Android Browser & PhantomJS (#​3950, #​4299, cf84696f)
• Remove deprecated jQuery APIs (#​4056, 58f0c00b)

Data

• Refactor to reduce size (805cdb43)
• Event:Manipulation: Prevent collisions with Object.prototype (#​3256, 9d76c0b1)
• Separate data & css/effects camelCase implementations (#​3355, 8fae2120)

Deferred

• Rename getStackHook to getErrorHook (#​5201, 258ca1ec)
• Respect source maps in jQuery.Deferred.exceptionHook (#​3179, 0b9c5037)
• Rename master to primary (a32cf632)

Deprecated

• Define .hover() using non-deprecated methods (fd6ffc5e)
• Remove jQuery.trim (0b676ae1)
• Fix AMD parameter order (f810080e)

Dimensions

• Add offset prop fallback to FF for unreliable TR dimensions (#​4529, 3bbbc111)

Docs

• Fix some minor issues in comments (e4d4dd81)
• update herodevs link in README (#​5695, 093e63f9)
• Align CONTRIBUTING.md with 3.x-stable (d9281061)
• Update CONTRIBUTING.md (4ef25b0d)
• add version support section to README (cbc2bc1f)
• Update remaining HTTP URLs to HTTPS (7cdd8374)
• Fix module links in the package README (ace646f6)
• update watch task in CONTRIBUTING.md (77d6ad71)
• Fix typos found by codespell (620870a1)
• remove stale gitter badge from readme (67cb1af7)
• Remove the "Grunt build" section from the PR template (988a5684)
• Remove stale badge from README (bcd9c2bc)
• Update the README of the published package (edccabf1)
• Remove git.io from a GitHub Actions comment (016872ff)
• Update webpack website in README (01819bc3)
• add link to patchwelcome and help wanted issues (924b7ce8)
• add link to preview the new CLAs (683ceb8f)
• Fix incorrect trac-NUMBER references (eb9ceb2f)
• remove expired links from old jquery source (#​4997) (ed066ac7)
• Remove links to Web Archive from source (#​4981, e24f2dcf)
• Replace #NUMBER Trac issue references with trac-NUMBER (5d5ea015)
• Update the URL to the latest jQuery build in CONTRIBUTING.md (9bdb16cd)
• Remove the CLA checkbox in the pull request template (e1248931)
• update irc to Libera and fix LAMP dead link (175db73e)
• Update Frequently Reported Issues in the GitHub issue template (7a6fae6a)
• Change JS Foundation mentions to OpenJS Foundation (11611967)
• add SECURITY.md, show security email address (2ffe54ca)
• Fix typos (1a7332ce)
• Update the link to the jsdom repository (a62309e0)
• Use https for hyperlinks in README (73415da2)
• Remove a mention of the event/alias.js module from README (3edfa1bc)
• Update links to EdgeHTML issues to go through Web Archive (1dad1185)
• direct users to GitHub docs for cloning the repo (f1c16de2)
• Change OS X to macOS in README (5a3e0664)
• Update most URLs to HTTPS (f09d9210)
• Convert link to Homebrew from HTTP to HTTPS (e0022f23)

Effect

• Fix a unnecessary conditional statement in .stop() (#​4374, 110802c7)

Effects

• Remove jQuery.fx.interval (6c2c7362)

Event

• Use .preventDefault() in beforeunload (7c123dec)
• Increase robustness of an inner native event in leverageNative (#​5459, 527fb3dc)
• Avoid collisions between jQuery.event.special & Object.prototype (bcaeb000)
• Simplify the check for saved data in leverageNative (dfe212d5)
• Make trigger(focus/blur/click) work with native handlers (#​5015, 6ad3651d)
• Simulate focus/blur in IE via focusin/focusout (#​4856, #​4859, #​4950, ce60d318)
• Don't break focus triggering after .on(focus).off(focus) (#​4867, e539bac7)
• Make focus re-triggering not focus the original element back (#​4382, dbcffb39)
• Don't crash if an element is removed on blur (#​4417, 5c2d0870)
• Remove the event.which shim (#​3235, 1a5fff4c)
• remove jQuery.event.global (18db8717)
• Only attach events to objects that accept data - for real (#​4397, d5c505e3)
• Stop shimming focusin & focusout events (#​4300, 8a741376)
• Prevent leverageNative from registering duplicate dummy handlers (eb6c0a7c)
• Fix handling of multiple async focus events (#​4350, ddfa8376)

Manipulation

• Make jQuery.cleanData not skip elements during cleanup (#​5214, 3cad5c43)
• Generalize a test to support IE (88690ebf)
• Support $el.html(selfRemovingScript) (#​5378) (#​5377, 937923d9)
• Extract domManip to a separate file (ee6e8740)
• Don't remove HTML comments from scripts (#​4904, 2f8f39e4)
• Respect script crossorigin attribute in DOM manipulation (#​4542, 15ae3614)
• Avoid concatenating strings in buildFragment (9c98e4e8)
• Make jQuery.htmlPrefilter an identity function (90fed4b4)
• Selector: Use the nodeName util where possible to save size (4504fc3d)

Offset

• Increase search depth when finding the 'real' offset parent (556eaf4a)

Release

• 4.0.0 (4f2fae08)
• remove dist files from main branch (c838cfb5)
• 4.0.0-rc.2 (97525193)
• Update AUTHORS.txt (c128d5d8)
• Fix release issues uncovered during the 4.0.0-rc.1 release (a5b0c431)
• remove dist files from main branch (9d06c6dd)
• 4.0.0-rc.1 (586182f3)
• Run npm publish in the post-release phase (ff1f0eaa)
• Only run browserless tests during the release (fb5ab0f5)
• Temporarily disable running tests on release (3f79644b)
• publish tmp/release/dist folder when releasing (#​5658, a865212d)
• correct build date in verification; other improvements (53ad94f3)
• remove dist files from main branch (be048a02)
• 4.0.0-beta.2 (51fffe9f)
• ensure builds have the proper version (3e612aee)
• set preReleaseBase in config file (1fa8df5d)
• fix running pre/post release scripts in windows (5518b2da)
• update AUTHORS.txt (862e7a18)
• migrate release process to release-it (jquery/jquery-release#114, 2646a8b0)
• add factory files to release distribution (#​5411, 1a324b07)
• use buildDefaultFiles directly and pass version (b507c864)
• copy dist-module folder as well (63767650)
• only published versioned files to cdn (3a0ca684)
• remove scripts and dev deps from dist package.json (7eac932d)
• update build command in Release.generateArtifacts (3b963a21)
• add support for md5 sums in windows (f088c366)
• remove the need to install grunt globally (b2bbaa36)
• upgrade release dependencies (967af732)
• Remove an unused chalk dependency (bfb6897c)
• Use an in-repository dist README fixture (358b769a)
• Update AUTHORS.txt (1b74660f)
• update AUTHORS.txt (cf9fe0f6)

Selector

• Remove the workaround for :has; test both on iPhone & iPad (65e35450)
• Properly deprecate jQuery.expr[ ":" ]/jQuery.expr.filters (329661fd)
• Make selector.js module depend on attributes/attr.js (#​5379, e06ff088)
• Eliminate selector.js depenencies from various modules (e8b7db4b)
• Re-expose jQuery.find.{tokenize,select,compile,setDocument} (#​5259, 338de359)
• Stop relying on CSS.supports( "selector(...)" ) (#​5194, 68aa2ef7)
• Backport jQuery selection context logic to selector-native (#​5185, 2e644e84)
• Make selector lists work with qSA again (#​5177, 09d988b7)
• Implement the uniqueSort chainable method (#​5166, 5266f23c)
• Re-introduce selector-native.js (4c1171f2)
• Manipulation: Fix DOM manip within template contents (#​5147, 3299236c)
• Drop support for legacy pseudos, test custom pseudos (8c7da22c)
• Use jQuery :has if CSS.supports(selector(...)) non-compliant (#​5098, d153c375)
• Remove the "a:enabled" workaround for Chrome <=77 (c1ee33ad)
• Make empty attribute selectors work in IE again (#​4435, 05184cc4)
• Use shallow document comparisons in uniqueSort (#​4441, 15750b0a)
• Add a test for throwing on post-comma invalid selectors (6eee5f7f)
• Make selectors with leading combinators use qSA again (ed66d5a2)
• Use shallow document comparisons to avoid IE/Edge crashes (#​4441, aa6344ba)
• reduce size, simplify setDocument (29a9544a)
• Leverage the :scope pseudo-class where possible (#​4453, df6a7f7f)
• Bring back querySelectorAll shortcut usage (cef4b731)
• Inline Sizzle into the selector module (47835965)
• Port Sizzle tests to jQuery (79b74e04)

Support

• ensure display is set to block for the support div (#​4832, 09f25436)

Tests

• Fix the "outside view position" test in Headless Chrome (23d72cb1)
• Fix selector tests in Chrome 141 (25a1b080)
• Increase nomodule test timeout for IE from 1s to 5s (5eab0a3c)
• Fix module/nomodule tests flakiness (5964acf3)
• Use releases.jquery.com as external host for AJAX testing (f21a6ea6)
• Fix tests for jQuery.get( String, null-ish, null-ish, String ) (05325801)
• Add tests for jQuery.get( String, null-ish, null-ish, String ) (76687566)
• Backport the hidden="until-found" attr tests from 3.x-stable (3a31866b)
• migrate test runner to jquery-test-runner (733e62d2)
• Add custom attribute getter tests to the selector module (44667709)
• Switch to an updated fork of promises-aplus-tests (559bc5ac)
• Run tests in Edge in IE mode in GitHub Actions (6d78c076)
• Run tests on both real Firefox ESRs (4b7ecbad)
• align mock.php spacing with 3.x-stable branch (d5ae14f6)
• replace dead links in qunit fixture (dbc9dac7)
• replace express with basic Node server (c85454a8)
• remove unnecessary scroll feature test (ea31e4d5)
• Align :has selector tests with 3.x-stable (f2d9fde5)
• revert concurrency group change (fa73e2f1)
• include github ref in concurrency group (5880e027)
• Make the beforeunload event tests work regardless of extensions (399a78ee)
• share queue/browser handling for all worker types (284b082e)
• improve diffing for values of different types (b9d333ac)
• show any and all actual/expected values (f80e78ef)
• add diffing to test reporter (44fb7fa2)
• add actual and expected messages to test reporter (1e84908b)
• fix worker restarts for failed browser acknowledgements (fedffe74)
• add --hard-retries option to test runner (822362e6)
• fix cleanup in cases where server doesn't stop (0754d596)
• fix flakey message logs; ignore delete worker failures (02d23478)
• reuse browser workers in BrowserStack tests (#​5428) (95a4c94b)
• Use allowlist instead of whitelist (2b97b6bb)
• migrate testing infrastructure to minimal dependencies (dfc693ea)
• Fix Karma tests on Node.js 20 (d478a1c0)
• Disable the ":lang respects escaped backslashes" test (#​5271, 62b9a258)
• Indicate Chrome 112 & Safari 16.4 pass the cssHas support test (89ef81f8)
• Test AJAX deprecated event aliases properly (cff28998)
• Indicate Firefox 106+ passes the cssSupportsSelector test (716130e0)
• Remove a workaround for a Firefox XML parsing issue (e7ffe1f1)
• Fix the link to QUnit CSS file (8cf39b78)
• Exclude tests based on compilation flags, not API presence (#​5069, fae5fee8)
• Workaround an XML parsing bug in Firefox (af1cd6f2)
• lock colors version to 1.4.0 (9603b3c8)
• Skip ETag AJAX tests on TestSwarm (00c060d1)
• Allow statusText to be "success" in AJAX tests (19ced963)
• Make Karma browser timeout larger than the QUnit one (4fd6912b)
• Don't remove csp.log in the cspClean action of mock.php (1019074f)
• Load the TestSwarm listener via HTTPS (d225639a)
• Switch background image from online file to local 1x1.jpg (482f8462)
• Strip untypical callback parameter characters from mock.php (a7027463)
• Make more tests run natively in Chrome & Firefox (50e8e846)
• Fix tests for not auto-executing scripts without dataType (d38528b1)
• Recognize callbacks with dots in the Node.js mock server (df6858df)
• Skip the "jQuery.ajax() on unload" test in Safari (c18dc496)
• Remove an unused local variable (82b87f6f)
• Remove remaining obsolete jQuery.cache references (d96111e1)
• Workaround failures in recent XSS tests in iOS 8 - 12 (11066a9e)
• Add tests for recently fixed manipulation XSS issues (dc06d68b)
• Use only one focusin/out handler per matching window & document (9b732043)
• Fix flakiness in the "jQuery.ajax() - JSONP - Same Domain" test (7b0864d0)
• Pass a number of necessary done() calls to assert.async() (364476c3)
• Remove obsolete jQuery data tests (eb35be52)
• Skip a "width/height on a table row with phantom borders" test in Firefox (a612733b)
• Don't test synchronous XHR on unload in Chrome (323575fb)
• Stop using jQuery.find in tests (1d624c10)
• Port changes from Sizzle (ac5f7cd8)
• Fix a comment in testinit.js (7bdf307b)
• update npo.js and include unminified source instead (b334ce77)
• Restrict an event test fallback to TestSwarm (bde53edc)
• Fix the new focusin/focusout test in IE (6f2fae7c)
• Fix the core-js polyfill inclusion method (2e4b79ab)

Traversing

• Fix contents() on <object>s with children in IE (ccbd6b93)
• Fix contents() on <object>s with children (#​4384, 4d865d96)

Upgrade

• Bump actions/setup-node from 3.3.0 to 3.4.1 (78321f07)
• set up periodic code scanning analysis (39c5778c)
• updated the vulnerability reporting process and added escalation steps (02cf4ee0)

---

Configuration

📅 Schedule: Branch creation - "every weekend" in timezone US/Eastern, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[asajjad2]

Blocking this because Bootstrap v4 requires jquery version <4.0.0, various frontend components break in functionality throwing Uncaught Error: Bootstrap's JavaScript requires at least jQuery v1.9.1 but less than v4.0.0.

[sentry]

Bug: Upgrading to jQuery 4.0.0 will cause runtime errors in incompatible third-party plugins like Bootstrap 4.4.1, slick-carousel 1.8.1, and Fancybox 3.5.7, breaking multiple UI components.
_{Severity: CRITICAL}

Suggested Fix

Revert the jQuery upgrade to version 3.x. Alternatively, upgrade the dependent libraries (Bootstrap, slick-carousel, Fancybox) to versions that are compatible with jQuery 4.0.0, or use a jQuery 4 compatibility/polyfill library to restore the removed methods.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: package.json#L62

Potential issue: The upgrade to jQuery 4.0.0 introduces breaking changes, such as the
removal of the `$.type()` method. This will cause runtime JavaScript errors in several
third-party libraries used in the application. Specifically, slick-carousel 1.8.1 relies
on `$.type()` and will fail to initialize carousels. Bootstrap 4.4.1 has documented
incompatibilities with jQuery 4, which will likely break tooltips, popovers, and
scrollspy functionality. Fancybox 3.5.7, developed for jQuery 3.x, is also at high risk
of failure, affecting video lightboxes. These issues will break core UI features across
the site.

[sentry]

Bug: The npm package @fancyapps/fancybox@3.5.7 is incompatible with jQuery 4.0.0 as it uses removed APIs, which will cause runtime errors when the video lightbox is used.
_{Severity: HIGH}

Suggested Fix

Update the @fancyapps/fancybox npm package to a modern version compatible with jQuery 4.0.0. Alternatively, replace it with a different lightbox library that supports the new jQuery version. The unused vendored file static/js/vendor/jquery.fancybox.min.js can also be removed.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: package.json#L62

Potential issue: The project imports `@fancyapps/fancybox@3.5.7` via npm, which is used
for the video lightbox functionality. This version of fancybox relies on several jQuery
APIs that were removed in jQuery 4.0.0, including `$.isArray`, `$.isNumeric`, and
`.unbind()`. When a user clicks the video lightbox button, the call to
`$.fancybox.open()` will trigger a `TypeError` because these functions no longer exist,
breaking the feature. The vendored `jquery.fancybox.min.js` file is unused and not the
source of this issue.

[sentry]

Bug: The vendored jquery.fancybox.min.js uses APIs like $.isArray, $.type, and .unbind() which are removed in jQuery 4.0.0, causing lightbox functionality to break.
_{Severity: HIGH}

Suggested Fix

Upgrade the vendored jquery.fancybox.min.js to a version compatible with jQuery 4.0.0. Alternatively, patch the current version to replace removed API calls with modern equivalents (e.g., Array.isArray() for $.isArray(), typeof for $.type(), and .off() for .unbind()).

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: package.json#L62

Potential issue: The upgrade to jQuery 4.0.0 removes several APIs, including
`jQuery.isArray()`, `jQuery.type()`, and `.unbind()`. The vendored
`jquery.fancybox.min.js` (v3.5.7) relies on these removed APIs. Consequently, any user
interaction that triggers fancybox, such as opening a video lightbox, will result in a
`TypeError` and cause the feature to fail. This will break the video lightbox
functionality.

[sentry]

Bug: Upgrading jQuery to 4.0.0 is incompatible with the project's Bootstrap 4.4.1 dependency, which will cause runtime failures for Bootstrap's jQuery plugins like .tooltip() and .popover().
_{Severity: CRITICAL}

Suggested Fix

To fix this, either downgrade jQuery to a version compatible with Bootstrap 4 (e.g., 3.x), or upgrade Bootstrap to version 5, which removes the jQuery dependency entirely. Alternatively, add the jquery-migrate plugin as a temporary solution to restore the deprecated APIs.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: package.json#L62

Potential issue: The upgrade to jQuery `4.0.0` introduces an incompatibility with the
existing Bootstrap `4.4.1` dependency. Bootstrap 4.x is not compatible with jQuery
4.0.0, and the jQuery Migrate plugin is not in use to bridge this gap. Application code
in files like `product_detail.js` and `tooltip.js` directly calls Bootstrap's jQuery
plugins, including `.popover()`, `.scrollspy()`, and `.tooltip()`. These function calls
will fail at runtime when the JavaScript is loaded in a user's browser, breaking UI
functionality for tooltips, popovers, and scroll-spy navigation on various pages.

[sentry]

Bug: The @fancyapps/fancybox library uses several jQuery APIs like $.isArray, $.isFunction, and .unbind() that are removed in jQuery 4.0.0, which will cause runtime errors.
_{Severity: HIGH}

Suggested Fix

The @fancyapps/fancybox package is unmaintained and incompatible with jQuery 4. Replace it with a modern, maintained lightbox library that is compatible with current jQuery versions. Alternatively, fork the existing library and update the deprecated API calls (e.g., replace .unbind() with .off(), $.isArray with Array.isArray).

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: package.json#L62

Potential issue: The upgrade to jQuery 4.0.0 will cause the lightbox feature, provided
by the unmaintained `@fancyapps/fancybox` library, to fail. This library relies on
multiple jQuery methods that have been removed in version 4.0.0, including
`$.isArray()`, `$.type()`, `$.isFunction()`, `$.isNumeric()`, and `.unbind()`. When a
user attempts to open a video lightbox on the home page via `$.fancybox.open()`, the
application will throw runtime `TypeError` exceptions, preventing the lightbox from
appearing and breaking this user interaction.

[sentry]

Bug: The upgrade to jQuery 4.0.0 is incompatible with the existing jquery.fancybox.min.js library, which relies on utility functions like $.isArray() that were removed in jQuery 4.
_{Severity: HIGH}

Suggested Fix

Update the @fancyapps/fancybox library to a version that is compatible with jQuery 4.0.0. Alternatively, include the jQuery Migrate plugin, as recommended by the official jQuery upgrade guide, to restore the removed utility functions and ensure backward compatibility.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: package.json#L62

Potential issue: The upgrade to jQuery 4.0.0 removes several utility functions,
including `$.isArray()`, `$.type()`, `$.isFunction()`, and `$.isNumeric()`. The project
uses a vendored version of `jquery.fancybox.min.js` (v3.5.7) for the video lightbox
feature on the home page. This version of fancybox depends on the removed jQuery
functions. When a user clicks the action button to open the video lightbox, the fancybox
code will execute and call these non-existent functions, leading to a `TypeError` at
runtime. This will crash the lightbox functionality, preventing the video from being
displayed.

[sentry]

Bug: The upgrade to jQuery 4.0.0 is incompatible with the project's Bootstrap 4.4.1 dependency, which will break Bootstrap's JavaScript plugins like .tooltip() and .popover() at runtime.
_{Severity: CRITICAL}

Suggested Fix

To resolve the incompatibility, either downgrade jQuery to the latest 3.x version that is compatible with Bootstrap 4.4.1, or upgrade Bootstrap to a version that supports jQuery 4.0.0, such as Bootstrap 5. The latter may require a more significant migration effort.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: package.json#L62

Potential issue: The project upgrades jQuery to version 4.0.0 while still using
Bootstrap 4.4.1. According to official documentation, Bootstrap 4.4.1 is not compatible
with jQuery 4.0.0. The application's JavaScript code, specifically in `tooltip.js` and
`product_detail.js`, makes calls to Bootstrap's jQuery plugins like `.tooltip()`,
`.popover()`, and `.scrollspy()`. These functions are executed on page load. Due to the
version incompatibility, these plugin calls will fail at runtime, causing UI features
such as tooltips, popovers, and scroll-based navigation highlighting to break across the
application.