In ingestSecurityAdvisory we may update Package.latestAdvisory, but we don't immediately purge the cache or export the package entities. Should we do it?

/cc @szakarias