Anaconda being flagged in Tenable

Tenable scans are constantly being flagged in tenable. In particular mysql (CVE-2019-3822, CVE-2019-2805, CVE-2019-2740). We don’t use mysql, but if you conda remove mysql, it downgrades other packages, and then curl becomes flagged in tenable. This has been ongoing for several months.

What is the policy for security remediation in anaconda? I need to provide something to our CISO about this. Are there plans on updating these modules soon?