fix(shim): avoid panic if user has malformed lockfile (#8461)
### Description
Since this function is now possibly getting user input, we shouldn't
hard crash if whatever they have listed in their lockfile doesn't pass
the `semver` crate's version requirement.
This shouldn't happen as all lockfiles are generated with fully resolved
versions, but this prevents a panic if that expectation changes.
### Testing Instructions
Added unit tests that would trigger a panic previously
