Dependabot update actions/labeler v4.0.2 to 4.1.0

[hhelmken]

Description:
In our repository we use Dependabot to update our GitHub Actions. Dependabot created a pull request for updating this action from v4.0.2 to 4.1.0. With this change GitHub Action prints this log output while downloading the action:

Download action repository 'actions/labeler@4.1.0' (SHA:ee18d5d34efd9b4f7dafdb0e363cb688eb438044)

This commit sha is referring to this commit. Do you have any idea what is going on here? I'm not sure if this is an issue of this action or Dependabot itself.

Platform:

• Ubuntu
• macOS
• Windows

Runner type:

• Hosted
• Self-hosted

Repro steps:
Use this action and configure Dependabot to update GitHub Actions.

[panticmilos]

hi @hhelmken, thank you for the report we will take a look at it.

[panticmilos]

hi @hhelmken, yeah that seems weird, can you maybe provide the run that led to this behavior?

[hhelmken]

hi @panticmilos, I created a reproduction repository: https://github.com/hhelmken/action-labeler-dependabot/pull/1

[panticmilos]

hi @hhelmken, I am maybe missing something but the commit SHA actually points to the release commit of version v4.1.0, and I have just tested it and it worked the same way.

I will close this issue for now, but if I missed something feel free to ping me or reopen it :)

[bewuethr]

We just had the same happen; 4.1.0 doesn't exist as a release or tag, just as a branch, though?

[bewuethr]

Just to follow up on this, 4.1.0 doesn't seem to be a GitHub release or Git tag; it's a branch associated with a closed PR (#421), and also the message on the only commit in that branch. Both are from August 2022, and look like the should maybe deleted to avoid confusing dependabot?