This issue came up when searching the production logs and seeing error like these:

failed to scan all layer contents: Error parsing version segment: strconv.ParseInt: parsing "2023080721291691443750": value out of range

This is due to the current server lib trying to parse all the composite version parts into Uint64s.

Currently we use https://github.com/Masterminds/semver for the gobin and ruby packages as well as in the osv package when parsing vulnerability data. There is also https://pkg.go.dev/golang.org/x/mod/semver that could potentially suit the gobin package better than what we use currently.

Our internal claircore.Version type is defined here: https://github.com/crozzy/claircore/blob/main/version.go#L13 so any semver solution needs to be able to convert into this type.

Currently there is a PR to handle the ParseInt error https://github.com/quay/claircore/pull/1093 but wanted to get something on the board to track this.