Bad semver parsing?

[shekohex]

Do the checklist before filing an issue:

• Is this related to the actions-rs Actions?
  If you think it's a problem related to Github Actions in general, use GitHub Community forum instead: https://github.community
• You've read the Contributing section about bugs reporting: https://github.com/actions-rs/.github/blob/master/CONTRIBUTING.md#reporting-bugs
• Is this something you can debug and fix? Send a pull request! Bug fixes and documentation fixes are welcome.

Description

audit-check or cargo-audit does not parse the semver of x.x.x-beta.x versions correctly?

Workflow code

name: Security Audit

on:
  schedule:
    - cron: '0 0 * * *'
  push:
    paths:
      - '**/Cargo.toml'
      - '**/Cargo.lock'
  pull_request:

jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2

      - uses: actions-rs/audit-check@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

Action output

I got this issue opened by github-actions user:

Multiple memory safety issues

Details
Package	actix-web
Version	4.0.0-beta.1
URL	actix/actix-web#289
Date	2018-06-08
Patched versions	>=0.7.15

Affected versions contain multiple memory safety issues, such as:

• Unsoundly coercing immutable references to mutable references
• Unsoundly extending lifetimes of strings
• Adding the Send marker trait to objects that cannot be safely sent between threads

This may result in a variety of memory corruption scenarios, most likely use-after-free.

A signficant refactoring effort has been conducted to resolve these issues.

See advisory page for additional details.

Expected behavior

Notice the version of actix-web I use? it is 4.0.0-beta.1 and this bug is patched and fixed like 3 years ago! version 0.7.15.

it should not report a bug

Additional context

I'm not sure, but the problem is the code is private .. So I could only share a subset of it.
Also, feel free to guide me to open the same issue at another repo if it is not related to audit-check action.

[mhutter]

This is a bug in cargo-audit, tracked in rustsec/rustsec#300. It was fixed in v0.15 of cargo-audit.

[Rydgel]

Is there a way to use the latest version of cargo-audit in this action?