Use str to pass versions to avoid debundling issue

news/9348.bugfix.rst

@@ -0,0 +1,2 @@
+Avoid parsing version to make the version check more robust against lousily
+debundled downstream distributions.

src/pip/_internal/req/req_install.py

@@ -432,8 +432,16 @@ class InstallRequirement:
         if not existing_dist:
             return
 
-        existing_version = existing_dist.parsed_version
-        if not self.req.specifier.contains(existing_version, prereleases=True):
+        # pkg_resouces may contain a different copy of packaging.version from
+        # pip in if the downstream distributor does a poor job debundling pip.
+        # We avoid existing_dist.parsed_version and let SpecifierSet.contains
+        # parses the version instead.
+        existing_version = existing_dist.version
+        version_compatible = (
+            existing_version is not None and
+            self.req.specifier.contains(existing_version, prereleases=True)
+        )
+        if not version_compatible:
             self.satisfied_by = None
             if use_user_site:
                 if dist_in_usersite(existing_dist):