CPANSA-MDK-Common: fix affected_versions expression

[stigtsp]

Cc: @garu

[garu]

Hey brian! To give a bit more context, we were going through the generated DB.pm and saw some issues when checking affected_version ranges. In order to be easily parseable by tools (including cpan-audit), versions should be grouped in arrays where each element is OR'ed together with their neighbors, and a single element may contain a range, separated by a comma and AND'ed together.

This way, a string like "=1.1.11,=1.1.24,>=1.2.9,<=1.2.14" would be roughly translated to "exactly 1.1.11 AND exactly 1.1.24 (which is already impossible) AND greater-equal than 1.2.9 AND lower-equal than 1.2.14" which is not what it actually means. To express the actual affected versions the YAML should have been instead:

    - "=1.1.11"
    - "=1.1.24"
    - ">=1.2.9,<=1.2.14"

meaning "exactly 1.1.11 OR exactly 1.1.24 OR (greater-equal than 1.2.9 AND lower-equal than 1.2.14)"

Almost all the YAML on CPANSA does exactly that, except for this one and the one fixed in #118.

After those are merged, the entire CPANSA database will have consistent affected_versions aggregations in their strings.