GitHub Actions versions are bumped to pre-release versions

[nihalgonsalves]

Dependabot seems to bump some GitHub Actions to their pre-release versions, notably setup-node.

Package manager/ecosystem

github_actions

Manifest contents prior to update

Workflow file

Relevant YAML:

- name: Use Node.js 14.x
  uses: actions/setup-node@v1
  with:
    node-version: '14.x'

Updated dependency

Bumps actions/setup-node from v1 to v2.1.2.

nihalgonsalves/node-typescript-eslint-template#181

What you expected to see, versus what you actually saw

• Expected: v1.4.4, the latest release here
• Actual: v2.1.2 (beta), the pre-release here

Images of the diff or a link to the PR, issue or logs

• Dependabot config

  - package-ecosystem: github-actions
    directory: "/"
    schedule:
      interval: daily

• PR by Dependabot: Bump actions/setup-node from v1 to v2.1.2 nihalgonsalves/node-typescript-eslint-template#181

Other info

Additionally, the addition of the version numbers (other than the major version) is a bit unexpected, since GitHub's own docs always use @v1 / @v2 / etc - thus staying on an automatic update of minor/patch versions. This would be my preferred behaviour too. Here's an issue that reports it: #2304

[peaceiris]

This is a duplicate of #2303 and #2304

[henryiii]

As a workaround, I've been using

ignore:
  # Official actions have moving tags like v1
  # that are used, so they don't need updates here
  - dependency-name: "actions/*"

but for some reason that seems to be ignoring jwlawson/actions-setup-cmake@v1.3.

[TheRealWaldo]

@peaceiris I do not see #2304 as being a duplicate; it's more of a feature request for a different way to manage dependencies, where this is more of a bug.

[peaceiris]

Yes, this is a duplicate of #2303