add semver support for excluded packages

[yaroslavya]

Is your feature request related to a problem? Please describe. Currently once version of the package in excluded packages is changed license validation step fails. This adds unneeded friction to ci/cd pipelines. While this might be the intention for some being able to provide an npm semver compliant version would benefit at least some of the users.

Describe the solution you'd like Allow semver, so instead of always providing the exact version one can use some of the following:

{
  "dependencies": {
    "foo": "1.0.0 - 2.9999.9999",
    "bar": ">=1.0.2 <2.1.2",
    "baz": ">1.0.2 <=2.3.4",
    "boo": "2.0.1",
    "qux": "<1.0.0 || >=2.3.1 <2.4.5 || >=2.5.2 <3.0.0",
    "asd": "http://asdf.com/asdf.tar.gz",
    "til": "~1.2",
    "elf": "~1.2.3",
    "two": "2.x",
    "thr": "3.3.x",
    "lat": "latest",
    "dyl": "file:../dyl"
  }
}

Describe alternatives you've considered AFAIK the only alternative would be to either change the version of the packages or exclude the license completely, that is not secure.