* Check that the author_id, project_id, and other fields match
  the expected output when creating the vulnerability.
* Downcase the cvss severity fields for consistent comparison.