Description
Describe the bug
Hello!
Not necessarily a bug, but there wasn't really an option for security issues.
I inherited a project from another team that utilizes scikit-learn v0.24, and when doing a Sonatype NexusIQ dependency scan, it threw a flag for CVE-2020-11023 (link below). I was confused at first, because scikit-learn is a python machine learning application, and the CVE that popped up deals with the jQuery javascript library. I did a "go to file" repository search on github of your project, and did indeed find three jQuery files that all utilize v3.1.1.
So, I'm kinda hoping I'm just an idiot and missing something plain (not too experienced in python project structure or NexusIQ scanning). Either way, when your project is added as a dependency and scanned it does "pop hot". Just wanted to let you guys know in case there is some jQuery utilization in your project.
https://nvd.nist.gov/vuln/detail/CVE-2020-11023
Steps/Code to Reproduce
N/A
Expected Results
N/A
Actual Results
NexusIQ level 6 security vulnerability
Versions
scikit-learn v0.24
jQuery v3.1.1