When rolling out the jquery security update for Stretch I noticed that jquery is present in the openstack-mitaka-jessie component which gets applied to jessie and stretch. As stretch has a higher version than openstack-mitaka-jessie this would lead to a package downgrade which would deinstall other packages along.
We should omit the pin on stretch. Or alternatively we can simply remove the libjs-jquery package (the only binary package built from the jquery source package) from the component; we're not going to install new hosts on jessie and all the existing jessie hosts already have the package installed locally.