See https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories#affected-versions

These seem to preempt version comparison logic. We may have support for them in VulnerableCode