False positive on netty-tcnative

[aikebah]

For #3865 only netty-tcnative-classes received a suppression for the false netty:netty CPE link. However also other libraries of the netty tcnative multimodule project are affected by the same FP as can be seen from the issue-comments:

It fails for us in 6.5.3 as well, did anyone still notice the issue on latest version?

[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.5.3:check (default-cli) on project zookeeper:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '0.0':
[ERROR]
[ERROR] netty-tcnative-2.0.48.Final.jar: CVE-2021-43797, CVE-2019-16869, CVE-2015-2156, CVE-2021-37136, CVE-2014-3488, CVE-2021-37137, CVE-2019-20445, CVE-2019-20444, CVE-2021-21295, CVE-2021-21409, CVE-2021-21290

For more info see discussion on the PR: apache/zookeeper#1817

Originally posted by @nkalmar in #3865 (comment)

[gmariotti]

Was this supposed to be fixed in 7.0.0? Because if yes, then the error is still there

[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.0.0:check (default) on project ***REDACTED***: 
[ERROR] 
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0': 
[ERROR] 
[ERROR] netty-tcnative-boringssl-static-2.0.48.Final-osx-x86_64.jar: CVE-2015-1346(7.5), CVE-2011-1797(9.3), CVE-2017-7000(8.8), CVE-2015-1205(7.5)
[ERROR] 
[ERROR] See the dependency-check report for more details.
[ERROR] -> [Help 1]

[aikebah]

@gmariotti Please open up a FP report for it.