don't insert new vuln row on updates

reconciler/src/main/java/edu/rit/se/nvip/ReconcilerController.java

@@ -172,6 +172,7 @@ private CompositeVulnerability handleReconcilerJob(String cveId) {
         int newRawCount = wrapper.setNewToUneval();
         // get an existing vuln from prior reconciliation if one exists
         CompositeVulnerability existing = vulnRepo.getCompositeVulnerability(cveId);
+        boolean newVuln = existing == null;
         // filter in waves by priority
         FilterReturn firstWaveReturn = filterHandler.runFilters(wrapper.firstFilterWave()); //high prio sources
         FilterReturn secondWaveReturn = filterHandler.runFilters(wrapper.secondFilterWave()); //either empty or low prio depending on filter status of high prio sources
@@ -196,7 +197,7 @@ private CompositeVulnerability handleReconcilerJob(String cveId) {
         // we do this because publish dates and mod dates should be determined by all sources, not just those with good descriptions
         out.setPotentialSources(rawVulns);
 
-        vulnRepo.insertOrUpdateVulnerabilityFull(out, existing == null);
+        vulnRepo.insertOrUpdateVulnerabilityFull(out, newVuln);
 
         logger.info("Finished job for cveId " + out.getCveId());