DISPUTED joblib v1.4.2 was discovered to contain a deserialization
vulnerability via the component
joblib.numpy_pickle::NumpyArrayWrapper().read_array(). NOTE: this is
disputed by the supplier because NumpyArrayWrapper is only used during
caching of trusted content.