fix: improve sanitation of python version strings to match CPEs

[jahzielv]

for #25991

Checklist for submitter

If some of the following don't apply, delete the relevant line.

• Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes.
  See Changes files for more information.
• Added/updated automated tests
• A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it)
• Manual QA for all new/changed functionality

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 63.84%. Comparing base (aa16261) to head (423a8c7).
Report is 15 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #26538      +/-   ##
==========================================
- Coverage   63.85%   63.84%   -0.02%     
==========================================
  Files        1661     1662       +1     
  Lines      159221   159297      +76     
  Branches     4181     4181              
==========================================
+ Hits       101671   101699      +28     
- Misses      49613    49657      +44     
- Partials     7937     7941       +4     

Flag	Coverage Δ
backend	64.67% <100.00%> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[iansltx]

This feels like it should be 3.14.0a3, per https://www.cve.org/CVERecord?id=CVE-2024-12254

[jahzielv]

@iansltx could this be an issue with the semver changes we made recently?

[iansltx]

Not sure. Would probably require digging into the vuln feed to see the information that's there. As mentioned in chat, I think that the CPE wouldn't even generate without the recent fix in place, but maybe we're matching the wrong CPE?