Add spec for "Remediations don't address more than one vulnerability when parsing reports"
This adds only a spec as the proper fix was merged at some point and we want to know if this behavior breaks.
Related to #296218 (closed)
Edited by Michał Zając