Where does the dependency on com.sdl.delivery:cil:pom:11.0.0.0-1064 come from?

When attempting to build a Java DXA 2.2.3 application, we see warnings about a dependency on com.sdl.delivery:cil:pom:11.0.0.0-1064 and com.sdl.web:cil:pom:11.0.0.0-1064 which can not be resolved. Various searches through the relevant online maven repositories (e.g. https://repo1.maven.org/maven2/com/sdl/dxa/dxa-framework/2.2.3/dxa-framework-2.2.3.pom) don’t turn up any examples where these dependencies are created.

Sure enough, a look here:

https://mvnrepository.com/artifact/com.sdl.web/cil
https://mvnrepository.com/artifact/com.sdl.delivery/cil

shows that this version isn’t present. Should we be referencing a different online maven repository?

It’s a warning, not an error, so perhaps we can just carry on and ignore it, but without knowing where it comes from, it’s hard to assess the risks in this. If it is safe to ignore, what is the best way to set up our POMs to avoid this warning?

Why do we end up trying to resolve this version? It’s not in our own POMs or apparently in any of the DXA POMs we can see.

This seems to be a related question DXA 1.7 dependencies not in Maven Central / not needed, however the answer does not give much insight into the problem.