potiuk opened a new pull request, #402: URL: https://github.com/apache/airflow-steward/pull/402
## Summary Two patterns observed in airflow-s manual title-cleanups during the 2026-05-29/30 bulk sync that the existing cascade did not catch — both have a clear structural home elsewhere in the CVE record: ### Pattern 1 — trailing prior-CVE-relationship parentheticals The cross-CVE relationship is structurally captured by the Gate #3 cross-CVE clause in the public summary; embedding the relationship in the title is noise to downstream advisory consumers. Shapes observed: - \`(CVE-YYYY-NNNNN)\` - \`(possible CVE-YYYY-NNNNN variant)\` — from #345 - \`(incomplete fix for CVE-YYYY-NNNNN)\` — from #351 - \`(fix-bypass of CVE-YYYY-NNNNN)\` — from #352 ### Pattern 2 — trailing reporter-name attribution parentheticals Reporter attribution lives in the credits field, never in the public title. Shape: \`(<name> follow-up)\` where \`<name>\` matches name-like tokens (word chars, dots, hyphens, single inline spaces). Catches \`(Evan Ricafort follow-up)\` from #346. ### Substantive content stays intact \`(GCSToSFTPOperator + GCSTimeSpanFileTransformOperator)\` on the GCS path-traversal tracker is **not** stripped (no CVE ID, doesn't end in \`follow-up\`). ### Sync skill stays in lock-step The matching Step 1d signal row in \`security-issue-sync\` now enumerates the two new patterns so the proposal-time detector and the pre-push Gate #4 reflect the cascade. ## Test plan - [x] Validated against 9 cases: 4 session-derived fixes (all pass), 3 synthetic CVE-relationship variants (all pass), 1 substantive technical parenthetical (preserved), 1 \`<word> follow-up\` edge case (stripped — narrow scope acceptable since \`follow-up\` in airflow-s titles is exclusively reporter-attribution) - [ ] Next sync pass on a tracker with one of these parentheticals surfaces the strip proposal 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
