Vulnerabilities not always sorted by severity in Dependency List

The vulnerabilities listed in the Dependency List aren't always sorted by severity; for instance, Critical vulnerabilities can be listed after High ones (see screenshot below).

I think the original intention was to sort by severity: #10077 (comment 178544237).

Screenshot

Implementation plan

Sorting happens in Dependency List Service. This sorting algorithm assumes that vulnerabilities associated with dependency are already sorted. But with recent changes to the parsing function, that's no longer true and is needed to be fixed.

Add tests to cover cases for unsorted vulnerabilities for one dependency.
Update the sorting method to sort vulnerabilities in dependencies first.

Example project

https://staging.gitlab.com/secure-team-test/dependency-list-test/-/dependencies

Edited Nov 09, 2020 by Tetiana Chupryna