Normalized version is incorrect for `x.y.z-patch0` versions

[stevenrombauts]

A customer of ours ran into a problem where they were unable to require version 1.6.3-patch0 of npm-asset/hls.js. Composer can't find a matching version constraint:

❯ composer require npm-asset/hls.js:1.6.3-patch0
[...]
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires npm-asset/hls.js 1.6.3-patch0 (exact version match), found npm-asset/hls.js[..., 1.6.3-patch0] but these do not match your constraint and are therefore not installable. Make sure you either fix the constraint or avoid updating this package to keep the one present in the lock file (npm-asset/hls.js[1.6.3-patch0]).

Looking at the package metadata, it shows that this version is normalized to 1.6.3.0-patch:

The normalized version should be 1.6.3.0-patch0 instead (the last 0 is missing at the end):

require 'vendor/autoload.php';
(new \Composer\Semver\VersionParser())->normalize('1.6.3-patch0'); // 1.6.3.0-patch0

It looks like this affects all versions with -patchX suffix.