Harmonize CVEToPackageInfo and CVEToOSV

Order the work so it's only done if necessary, and add the previous edge
case fix to CVEToOSV as well.

vulnfeeds/cmd/nvd-cve-osv/main.go

@@ -289,7 +289,7 @@ func CVEToOSV(CVE cves.CVE, repos []string, cache git.RepoTagsCache, directory s
 			}
 		}
 
-		if versions.HasLastAffectedVersions() && !hasAnyLastAffectedCommits {
+		if versions.HasLastAffectedVersions() && !hasAnyLastAffectedCommits && !hasAnyFixedCommits {
 			return fmt.Errorf("[%s]: Failed to convert last_affected version tags to commits: %#v %w", CVE.ID, versions, ErrUnresolvedFix)
 		}
 	}
@@ -372,17 +372,17 @@ func CVEToPackageInfo(CVE cves.CVE, repos []string, cache git.RepoTagsCache, dir
 		}
 	}
 
+	if versions.HasFixedVersions() && !hasAnyFixedCommits {
+		return fmt.Errorf("[%s]: Failed to convert fixed version tags to commits: %#v %w", CVE.ID, versions, ErrUnresolvedFix)
+	}
+
 	hasAnyLastAffectedCommits := false
 	for _, repo := range repos {
 		if versions.HasLastAffectedCommits(repo) {
 			hasAnyLastAffectedCommits = true
 		}
 	}
 
-	if versions.HasFixedVersions() && !hasAnyFixedCommits {
-		return fmt.Errorf("[%s]: Failed to convert fixed version tags to commits: %#v %w", CVE.ID, versions, ErrUnresolvedFix)
-	}
-
 	if versions.HasLastAffectedVersions() && !hasAnyLastAffectedCommits && !hasAnyFixedCommits {
 		return fmt.Errorf("[%s]: Failed to convert last_affected version tags to commits: %#v %w", CVE.ID, versions, ErrUnresolvedFix)
 	}