From 16ba565de10ed1f00b277512d604f2d26bb3a9cb Mon Sep 17 00:00:00 2001
From: Will Murphy <will.murphy@anchore.com>
Date: Mon, 15 Jan 2024 05:57:04 -0500
Subject: [PATCH] log that data is being modified

Signed-off-by: Will Murphy <will.murphy@anchore.com>
---
 src/vunnel/providers/debian/parser.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/vunnel/providers/debian/parser.py b/src/vunnel/providers/debian/parser.py
index d11b1e40..02d603dd 100644
--- a/src/vunnel/providers/debian/parser.py
+++ b/src/vunnel/providers/debian/parser.py
@@ -354,6 +354,9 @@ def _normalize_json(self, ns_cve_dsalist=None):  # noqa: PLR0912,PLR0915,C901
                             # HACK: when we can represent per-package severity or have a good mechanism
                             # for overriding upstream data, we should take this out.
                             if vid == "CVE-2023-44487":
+                                self.logger.info(
+                                    "clearing severity on CVE-2023-44487, see https://github.com/anchore/grype-db/issues/108#issuecomment-1796301073",
+                                )
                                 vuln_record["Vulnerability"]["Severity"] = "Unknown"
 
                             # add fixedIn