[PR] chore(skills): drop leftover "not CVE worthy" mentions in security skills [airflow-steward]

Sat, 16 May 2026 10:58:51 -0700 


potiuk opened a new pull request, #185:
URL: https://github.com/apache/airflow-steward/pull/185

   ## Summary
   
   The closing-disposition convention is `invalid` (not `not CVE worthy`). The 
two security skills mostly already reflect that, but five list-style references 
to the old name lingered. This PR drops them.
   
   | File | Lines | Edit |
   |---|---|---|
   | `.claude/skills/security-issue-invalidate/SKILL.md` | 333 | Drop `*"not 
CVE worthy"*` from the quoted disposition-strings example list |
   | `.claude/skills/security-issue-sync/SKILL.md` | 985 | Drop from Step 1d 
closed-bucket scan condition |
   | `.claude/skills/security-issue-sync/SKILL.md` | 1204 | Drop from Step 2b 
"all earlier closes" rule |
   | `.claude/skills/security-issue-sync/SKILL.md` | 1939 | Drop from Step 4 
archive-from-board rationale |
   | `.claude/skills/security-issue-sync/SKILL.md` | 2042 | Drop from Step 5 
"when to skip regeneration" rule |
   
   Net diff: 5 deletions, 0 additions of new wording — every touched list still 
reads cleanly with `invalid / duplicate / wontfix`.
   
   ## Context
   
   On the `airflow-s/airflow-s` adopter tracker, `not CVE worthy` was a 
separate label that lived alongside `invalid` from earlier conventions. We've 
now:
   
   - Re-labeled every historical issue carrying `not CVE worthy` to `invalid` 
(7 issues, open + closed).
   - Deleted the `not CVE worthy` label from the tracker.
   - Added an adopter-side `security-issue-invalidate.md` override capturing 
the "INVALID can have a PR attached" / "keep scope label on close" 
Airflow-specific rules.
   
   With those local cleanups landed, the framework's own residual references to 
`not CVE worthy` are the last lingering use of the old term and would otherwise 
confuse new adopters who set up the skills fresh.
   
   ## Test plan
   
   - [x] `grep -i "not cve worthy"` on 
`.claude/skills/security-issue-{sync,invalidate}/SKILL.md` returns no matches.
   - [x] Each of the 5 touched lines reads cleanly after the edit (verified by 
hand — the affected lists become `invalid / duplicate / wontfix` etc.).
   - [ ] Skill rendering on github.com is unchanged otherwise — only the 
dropped term differs.
   
   🤖 Generated with [Claude Code](https://claude.com/claude-code)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to