test: stricter regex to avoid false CodeQL alarms

Will fix:

https://github.com/nedbat/coveragepy/security/code-scanning/3
https://github.com/nedbat/coveragepy/security/code-scanning/4

(though tbh, not sure how to close those as fixed?)

Author: nedbat

tests/test_html.py

@@ -663,8 +663,8 @@ def compare_html(
     """Specialized compare function for our HTML files."""
     __tracebackhide__ = True    # pytest, please don't show me this function.
     scrubs = [
-        (r'/coverage.readthedocs.io/?[-.\w/]*', '/coverage.readthedocs.io/VER'),
-        (r'coverage.py v[\d.abcdev]+', 'coverage.py vVER'),
+        (r'/coverage\.readthedocs\.io/?[-.\w/]*', '/coverage.readthedocs.io/VER'),
+        (r'coverage\.py v[\d.abcdev]+', 'coverage.py vVER'),
         (r'created at \d\d\d\d-\d\d-\d\d \d\d:\d\d [-+]\d\d\d\d', 'created at DATE'),
         (r'created at \d\d\d\d-\d\d-\d\d \d\d:\d\d', 'created at DATE'),
         # Occasionally an absolute path is in the HTML report.

tests/test_xml.py

@@ -465,7 +465,7 @@ def compare_xml(expected: str, actual: str, actual_extra: bool = False) -> None:
         (r' timestamp="\d+"', ' timestamp="TIMESTAMP"'),
         (r' version="[-.\w]+"', ' version="VERSION"'),
         (r'<source>\s*.*?\s*</source>', '<source>%s</source>' % re.escape(source_path)),
-        (r'/coverage.readthedocs.io/?[-.\w/]*', '/coverage.readthedocs.io/VER'),
+        (r'/coverage\.readthedocs\.io/?[-.\w/]*', '/coverage.readthedocs.io/VER'),
     ]
     compare(expected, actual, scrubs=scrubs, actual_extra=actual_extra)