Update range's vulnerability before entity update to fix index uniqueness error (#8140)

Author: drewgillies

src/NuGetGallery.Services/PackageManagement/PackageVulnerabilityService.cs

@@ -231,7 +231,6 @@ private void UpdateRangesOfPackageVulnerability(PackageVulnerability vulnerabili
             var newRanges = vulnerability.AffectedRanges
                 .Except(existingVulnerability.AffectedRanges, rangeComparer)
                 .ToList();
-            _entitiesContext.VulnerableRanges.AddRange(newRanges);
             foreach (var newRange in newRanges)
             {
                 _logger.LogInformation(
@@ -240,7 +239,8 @@ private void UpdateRangesOfPackageVulnerability(PackageVulnerability vulnerabili
                     newRange.PackageVersionRange,
                     vulnerability.GitHubDatabaseKey);
 
-                newRange.Vulnerability = existingVulnerability;
+                newRange.Vulnerability = existingVulnerability; // this needs to happen before we update _entitiesContext, otherwise index uniqueness conflicts occur
+                _entitiesContext.VulnerableRanges.Add(newRange);
                 existingVulnerability.AffectedRanges.Add(newRange);
                 ProcessNewVulnerabilityRange(newRange, packagesToUpdate);
             }