potiuk opened a new pull request, #478:
URL: https://github.com/apache/airflow-steward/pull/478
## What
`normalise_severity()` now lower-cases the ASF qualitative severity words
**`moderate`** and **`important`** (in addition to the CVSS set it already
handled).
## Why
`normalise_severity` only lower-cased `{none, low, medium, high, critical}`.
The ASF qualitative rating words `Moderate` and `Important` fell through
unchanged, so a tracker scored `Moderate` landed **capitalized** in the CVE
record's `metrics[].other` *"Textual description of severity"* — inconsistent
with the lower-case [ASF severity-rating
convention](https://security.apache.org/blog/severityrating/) and with the CVSS
words that *were* lower-cased.
Adding `moderate`/`important` to the set makes the full ASF rating set
(`low` / `moderate` / `important` / `critical`) emit lower-case. Unknown values
are still passed through stripped-but-unchanged.
Tests extended to cover `Moderate`/`Important` → lower-case.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
