Error in running github_osv importer

[TG1999]

The import crashes with this error:

Traceback (most recent call last):
  File "/app/vulnerabilities/management/commands/import.py", line 70, in import_data
    ImportRunner(importer).run()
  File "/app/vulnerabilities/import_runner.py", line 62, in run
    count = self.process_advisories(advisory_datas=advisory_datas, importer_name=importer_name)
  File "/app/vulnerabilities/import_runner.py", line 105, in process_advisories
    for data in advisory_datas:
  File "/app/vulnerabilities/importers/github_osv.py", line 53, in advisory_data
    yield parse_advisory_data(raw_data, supported_ecosystems, advisory_url)
  File "/app/vulnerabilities/importers/osv.py", line 70, in parse_advisory_data
    purl = get_affected_purl(affected_pkg=affected_pkg, raw_id=raw_id)
  File "/app/vulnerabilities/importers/osv.py", line 223, in get_affected_purl
    return PackageURL.from_string(str(purl))
  File "/usr/local/lib/python3.9/site-packages/packageurl/__init__.py", line 508, in from_string
    raise ValueError(msg)
ValueError: Invalid purl 'pkg:npm/org.webjars.npm:json-pointer' cannot contain a "user:pass@host:port" URL Authority component: ''.

The correct purl should have been:

• pkg:maven/org.webjars.npm/json-pointer
  and not that:
• pkg:npm/org.webjars.npm:json-pointer

We have three issues:

• some bug in parsing OSV data where this is not parsed correctly: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-7mg4-w3w5-x5pc/GHSA-7mg4-w3w5-x5pc.json
• the packageurl-python should not have crashed on a colon in the namespace/name even if this is not correct for maven
• the importer should not crash on such an issue but log and keep processing instead #1856