Fix dedupe logic to work with compact mode for the purl endpoint

[dacoburn]

The dedupe logic in socketdev/core/dedupe.py was failing when processing compact format API responses that omit optional fields like category, file, start, and end. The code assumed these fields would always be present, causing KeyError exceptions when accessing them directly with alert["category"] syntax. Additionally, the consolidation logic was incorrectly adding these missing fields to the output with None values, polluting the response with fields that weren't present in the original data.

Root Cause

The alert_key() and alert_identity() functions used direct dictionary access (alert["category"]) instead of safe access (alert.get("category")) for optional fields. The consolidation logic in consolidate_and_merge_alerts() also unconditionally added optional fields to the output dictionary even when they weren't present in the source data, resulting in unwanted null values in the API response.

Fix

1. Updated alert_key() method: Changed alert["category"] to alert.get("category") to safely handle missing fields
2. Updated alert_identity() function: Applied the same safe access pattern for the category field
3. Refactored alert consolidation logic: Modified the alert map building to only include fields (category, file, start, end) in the output if they exist in the original alert data using conditional checks (if "field" in alert)

This ensures that compact format responses maintain their intended structure without unnecessary fields, while still supporting full format responses that include all fields.

Public Changelog

Fixed dedupe logic to properly handle compact API responses that omit optional alert fields