UNCLASSIFIED - NO CUI

Update VAT CVE-2021-26291 reference to false positive

Update VAT CVE-2021-26291 reference to false positive.

"The reported CVE is on the 3.6.3 version of “maven-artifact.jar”, but the CVE itself is pertaining to Apache Maven version 3.8.1 - These are 2 different packages, and thus we consider this to be a false positive report."

The expiring approval was associated to this CVE. Thanks.

cc: @andymaks

UNCLASSIFIED - NO CUI