PR created that *downgrades* semver v2 compliant nuget package

[AArnott]

Package ecosystem
NuGet

Manifest location and content prior to update

/.github/dependabot.yml

version: 2
updates:
- package-ecosystem: npm
  directory: /src/nerdbank-streams
  schedule:
    interval: monthly
- package-ecosystem: nuget
  directory: /
  schedule:
    interval: monthly

What you expected to see, versus what you actually saw

Dependabot created dotnet/Nerdbank.Streams#463, which downgrades StyleCop.Analyzers 1.2.0-beta.376 to 1.2.0-beta.66.
Note that this package is using semver v2 rules and that 376 should therefore be seen as better than 66. It seems that Dependabot is treating it as a semver v1 version.

Native package manager behavior

NuGet Package Manager recognizers that .376 is better than .66.

Images of the diff or a link to the PR, issue or logs

dotnet/Nerdbank.Streams#463

-   <PackageReference Include="StyleCop.Analyzers" Version="1.2.0-beta.376" PrivateAssets="all" />
+   <PackageReference Include="StyleCop.Analyzers" Version="1.2.0-beta.66" PrivateAssets="all" />

[SteveDesmond-ca]

Additional examples from the past few days:
ecoAPM/SrcSet#29
ecoAPM/StatiqPipelines#10
ecoAPM/StatiqPipelines#11
ecoAPM/ecoAPM.com#29

[SteveDesmond-ca]

Doing some more digging this morning, it seems dependabot might not support pre-release dependencies, for either just .NET, or maybe many language ecosystems?

#1972 seems like our exact problem here, and #1972 (comment) even points to the offending line of code. Not sure if it's better to close this as duplicate, or keep a more modern issue open, since #1972 is almost 2 years old at this point.

See #1926, #1928, #2250 for the desired functionality.

[AArnott]

Thanks for finding the dupes. I'll leave it open for a few days in case it helps draw the desired attention, but ultimately I agree, we should close as a dupe.

[SteveDesmond-ca]

FWIW, #1972 finally looks to be getting some attention, as it was labelled and assigned last week.