Fix affected package merge functionality

Signed-off-by: Tushar Goel <[email protected]>

Author: TG1999

vulnerabilities/importer.py

@@ -188,7 +188,7 @@ def merge(
             purls.add(pkg.package)
         if len(purls) > 1:
             raise UnMergeablePackageError("Cannot merge with different purls", purls)
-        return purls.pop(), sorted(affected_version_ranges), sorted(fixed_versions)
+        return purls.pop(), list(affected_version_ranges), sorted(fixed_versions)
 
     def to_dict(self):
         """

vulnerabilities/tests/test_affected_package.py

@@ -57,6 +57,19 @@ def test_affected_package_merge():
                 ),
             ),
             AffectedPackage(package=PackageURL(type="npm", name="foo"), fixed_version="2.0.0"),
+            AffectedPackage(
+                package=PackageURL(type="npm", name="foo"),
+                affected_version_range=GemVersionRange(
+                    constraints=(
+                        VersionConstraint(
+                            comparator=">=", version=RubygemsVersion(string="10.2.0")
+                        ),
+                        VersionConstraint(
+                            comparator="<=", version=RubygemsVersion(string="10.5.0")
+                        ),
+                    )
+                ),
+            ),
         ]
     )
     expected = (
@@ -69,7 +82,13 @@ def test_affected_package_merge():
                     VersionConstraint(comparator=">=", version=RubygemsVersion(string="5.2.0")),
                     VersionConstraint(comparator="<=", version=RubygemsVersion(string="5.2.6.2")),
                 )
-            )
+            ),
+            GemVersionRange(
+                constraints=(
+                    VersionConstraint(comparator=">=", version=RubygemsVersion(string="10.2.0")),
+                    VersionConstraint(comparator="<=", version=RubygemsVersion(string="10.5.0")),
+                )
+            ),
         ],
         ["1.0.0", "2.0.0"],
     )