[BUG] Removed reliance on LegacyVersion from pkg_resources can break pip modules

[Legrems]

Description
This PR [https://github.com/pypa/setuptools/pull/2822] remove the reliance on LegacyVersion.

Since then, the pip modules could be broken, if there is an InvalidVersion (before, it was only a LegacyVersion) on the pip repo you're using.

Since we were using a custom pip repo (mirror + some custom packages), with some old version, some method on the pip modules would not work. In particular:

• pip.list_all_versions
• pip.installed (this call pip.list_all_versions)
• Probably some others method that call pip.list_all_versions

Setup
Nothing really specific to salt.

Steps to Reproduce the behavior
Have an invalid version in the pip repo history, and then you can't even install the current latest version (which could be valid), since the list_all_versions is failing due to this.

Expected behavior
At least ignore the non-standard version, except of failing completly

Versions Report
3006.8

I will provide a PR soon, since it was quite critical (and we couldn't remove the package from the repo)

[welcome]

Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
Please be sure to review our Code of Conduct. Also, check out some of our community resources including:

• Community Wiki
• Salt’s Contributor Guide
• Join our Community Slack
• IRC on LiberaChat
• Salt Project YouTube channel
• Salt Project Twitch channel

There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar.
If you have additional questions, email us at saltproject@vmware.com. We’re glad you’ve joined our community and look forward to doing awesome things with you!

[ahrex]

I've just hit this bug on macOS, with the following reproduction:

Get an example package:

% pip3 index versions macholib
WARNING: pip index is currently an experimental command. It may be removed/changed in a future release without prior warning.
macholib (1.16.3)
Available versions: 1.16.3, 1.16.2, 1.16, 1.15.2, 1.15.1, 1.15, 1.14, 1.13, 1.11, 1.10, 1.9, 1.8, 1.7, 1.6, 1.5.1, 1.5, 1.4.3, 1.4.2, 1.4.1, 1.4, 1.3, 1.2.1, 1.2, 1.1, 1.0, 1.2.dev-r25
  INSTALLED: 1.15.2
  LATEST:    1.16.3

Trigger the problem:

% sudo salt-call --local pip.list_all_versions macholib
[ERROR   ] An un-handled exception was caught by Salt's global exception handler:
InvalidVersion: Invalid version: '1.2.dev-r25'
Traceback (most recent call last):
  File "/opt/salt/salt-call", line 23, in <module>
    sys.exit(salt_call())
  File "/opt/salt/lib/python3.10/site-packages/salt/scripts.py", line 444, in salt_call
    client.run()
  File "/opt/salt/lib/python3.10/site-packages/salt/cli/call.py", line 50, in run
    caller.run()
  File "/opt/salt/lib/python3.10/site-packages/salt/cli/caller.py", line 95, in run
    ret = self.call()
  File "/opt/salt/lib/python3.10/site-packages/salt/cli/caller.py", line 200, in call
    ret["return"] = self.minion.executors[fname](
  File "/opt/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 159, in __call__
    ret = self.loader.run(run_func, *args, **kwargs)
  File "/opt/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 1245, in run
    return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs)
  File "/opt/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 1260, in _run_as
    ret = _func_or_method(*args, **kwargs)
  File "/opt/salt/lib/python3.10/site-packages/salt/executors/direct_call.py", line 10, in execute
    return func(*args, **kwargs)
  File "/opt/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 159, in __call__
    ret = self.loader.run(run_func, *args, **kwargs)
  File "/opt/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 1245, in run
    return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs)
  File "/opt/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 1260, in _run_as
    ret = _func_or_method(*args, **kwargs)
  File "/opt/salt/lib/python3.10/site-packages/salt/modules/pip.py", line 1702, in list_all_versions
    versions.sort(key=pkg_resources.parse_version)
  File "/opt/salt/lib/python3.10/site-packages/pkg_resources/_vendor/packaging/version.py", line 198, in __init__
    raise InvalidVersion(f"Invalid version: '{version}'")
pkg_resources.extern.packaging.version.InvalidVersion: Invalid version: '1.2.dev-r25'

With the same root issue, as exampled:

% /opt/salt/bin/python3 -i
Python 3.10.16 (main, Mar  6 2025, 02:21:35) [Clang 16.0.0 (clang-1600.0.26.3)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import pkg_resources
<stdin>:1: DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html
>>> versions = '1.16.3, 1.16.2, 1.16, 1.15.2, 1.15.1, 1.15, 1.14, 1.13, 1.11, 1.10, 1.9, 1.8, 1.7, 1.6, 1.5.1, 1.5, 1.4.3, 1.4.2, 1.4.1, 1.4, 1.3, 1.2.1, 1.2, 1.1, 1.0, 1.2.dev-r25'.split(', ')
>>> versions.sort(key=pkg_resources.parse_version)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/opt/salt/lib/python3.10/site-packages/pkg_resources/_vendor/packaging/version.py", line 198, in __init__
    raise InvalidVersion(f"Invalid version: '{version}'")
pkg_resources.extern.packaging.version.InvalidVersion: Invalid version: '1.2.dev-r25'

Any word on getting #66687 merged?