fix: create new version comparison function

[terriko]

We had been using packaging's version parsing tools, but as they move more towards pep440 compliance they aren't as useful for comparing arbitrary versions that may not follow the same scheme. This moves us to our own function. It may need some further tweaking for special cases such as release candidates or dev versions.

This is a replacement for #3430 because cmp_version didn't work out as well as I'd hoped.

[codecov-commenter]

Codecov Report

Attention: 14 lines in your changes are missing coverage. Please review.

Comparison is base (143712e) 78.32% compared to head (8044a05) 78.23%.

Files	Patch %	Lines
cve_bin_tool/version_compare.py	82.92%	10 Missing and 4 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3470      +/-   ##
==========================================
- Coverage   78.32%   78.23%   -0.09%     
==========================================
  Files         760      761       +1     
  Lines       11497    11560      +63     
  Branches     1343     1356      +13     
==========================================
+ Hits         9005     9044      +39     
- Misses       2053     2099      +46     
+ Partials      439      417      -22     

Flag	Coverage Δ
win-longtests	78.23% <88.33%> (-0.09%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[terriko]

This new implementation passes all tests now, which is satisfying but also makes me suspicious that I need more tests because there's definitely cases I know I'm missing.

[terriko]

Had to fix kerberos reporting. For some reason we were expecting 10 vulns, but even cvedetails is reporting 9 for this version:
https://www.cvedetails.com/version/1235909/MIT-Kerberos-5-1.15.1.html

[terriko]

Updating the branch just for the cve-scan job (which was fixed by specifying a version of python)

[terriko]

Okay, I think I've resolved everything except the pre-check function idea. I think I might open a separate issue for that and let someone else work on it, if you don't mind. (Mostly because I don't want to take up more of your time and it's been ahrd to find someone to review this code as is...)

[terriko]

Thanks @antoniogi -- I'm very glad to have had a fresh set of eyes on this.