Golang x/tools/: remediate irrelevant CVEs related to jquery

Go version

go version go1.24.1 linux/admd64

Output of go env in your module/workspace:

not relevant

What did you do?

I've been writing some software that depends on golang.org/x/tools within a corporate environment that relies on Sonatype Nexus IQ for scanning. During that time I've come across two CVEs listed against x/tools which I couldn't understand until I delved deeper into it. It seems that the following files under x/tools cause Sonatype to mark x/tools as vulnerable because the .js files depend on an outdated jquery version.

cmd/present/static/jquery.js godoc/static/jquery.js

CVE-2019-11358 CVE-2020-11023

What did you see happen?

Sonatype marks x/tools as having a medium CVE vulnerability while Qualsys brands this critical, hence it becomes an impediment to work with x/tools dependent sofware.

What did you expect to see?

Can we do something about this? Uplift or fix so that the vulnerability no longer is listed against the package? It seems very irrelevant to keep it as is.