SONATYPE-2019-0115 is to report the Jquery 3.3.1 CVE. There are a couple of issues.
It is only being reported for PrimeFaces 7.0 when it should be reported for all versions of Primefaces 1.0-7.0 because they all use Jquery < 3.4.0.
This has been fixed in PrimeFaces 7.0.4 could you mark that as the fix version for this one? See this ticket that it has been upgraded to Jquery 3.4.1 in PF 7.0.4. JQuery: Upgrade to 3.4.1 · Issue #4747 · primefaces/primefaces · GitHub