CVE-2021-3121 reports CVE in wrong package
https://security.alpinelinux.org/vuln/CVE-2021-3121
the CVE is for gogo protobuf which is a different project from google protobuf. We don't have the gogo protobuf package in our repository.
How can i mark it as "this does not affect us"?