potiuk opened a new pull request, #273: URL: https://github.com/apache/airflow-steward/pull/273
## Summary - **Pattern #1 (leading bracketed tag) broadened.** Old form matched only `[Security Report|Issue|Vulnerability|Bug]` with square brackets. New form matches any `[...]` *or* `(...)` leading tag whose body contains the word *security* or *important*, applied case-insensitive. Catches `(Security Issue)`, `[ Security Vulnerability ]`, `[IMPORTANT]`, `(Important — please read)`, etc. - **Pattern #9 (new) — trailing external-tracker IDs.** Strips trailing IDs from common public-disclosure tracker brands — `(ZDRES-…)`, `[HUNTR-…]`, `(GHSL-…)` — in either square- or round-bracket form. Documented as a per-project-extensible alternation (`SNYK-…`, `BDSA-…`, internal bug-bounty platforms). - Both changes land in two places kept in sync: the adopter-facing template `projects/_template/title-normalization.md` and the example cascade in `.claude/skills/security-cve-allocate/SKILL.md`. ## Motivation Real airflow-s tracker subject: `[ Security Report ] LDAP Filter Injection in FAB Auth Manager _search_ldap reachable via /auth/token (ZDRES-223)`. The leading `[ Security Report ]` *did* match the old pattern, but no pattern covered the trailing `(ZDRES-223)` — the cleaned CVE title still carried the reporter-internal tracker ID. The broader leading regex also future-proofs the cascade against `(...)`-style and `[IMPORTANT]`-style reporter prefixes, which the old form silently skipped. Verified locally — the new cascade collapses the example to `LDAP Filter Injection in FAB Auth Manager _search_ldap reachable via /auth/token`. ## Test plan - [ ] Pattern #1 strips `[Security X]`, `(Security X)`, `[IMPORTANT]`, `(Important …)` in any casing. - [ ] Pattern #1 leaves `[NotSecurity]` / `[Securityish]` alone (word-boundary required). - [ ] Pattern #9 strips `(ZDRES-NNN)`, `[HUNTR-NNN]`, `(GHSL-YYYY-NNN)` and leaves `(CVE-…)` / `(Apache Airflow 2.5)` / `(GHSA-…)` / `(split from #N)` untouched (handled by other patterns). - [ ] Skill-validator suite passes (no fixture updates needed; the template's regex is referenced as documentation). 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
