This kind of reminds me how I saw some teams deal with a vulnerability scanner flagging an OSS dependency as having a reported vulnerability. The dependency was always OSS anyways. Copy & paste the entire thing into your project. Voila, dependency scanner doesn't find any problems any longer.