fix(vulnerabilities): strip equals for nuget in Github alerts

[Churro]

Changes

While testing a solution for #29600, I found that GitHub vuln alerts for nuget don't raise security fix PRs. This change strips = analogous to what was done before for maven and go, so that package rules become applicable to nuget deps.

The underlying issue is that GitHub prefixes the version in the vulnerableRequirements field with =, e.g., vulnerableRequirements": "= 2.0.0", eventually leading to package rules that include "matchCurrentVersion": "= 2.0.0". The beginning = causes the rule never to match, resulting in no security fix PRs.

Context

• GitHub vulnerability alerts: do not limit to single version #29600

Documentation (please check one with an [x])

• I have updated the documentation, or
• No documentation update is required

How I've tested my work (please select one)

I have verified these changes via:

• Code inspection only, or
• Newly added/modified unit tests, or
• No unit tests but ran on a real repository, or
• Both unit tests + ran on a real repository

Test repo: https://github.com/renovate-demo/29600-github-vuln-alerts-nuget/pulls

[renovate-release]

🎉 This PR is included in version 37.408.3 🎉

The release is available on:

• GitHub release
• npm package (@latest dist-tag)
• 37.408.3

Your semantic-release bot 📦🚀