Update version comment when hashes are updated in pull requests

[david-a-wheeler]

It'd be great if dependabot updated "pin version" comments when updating hashes. Currently I don't dare "just merge" some dependabot pull requests, because they are predictably incorrect (they don't update the version number).

Here's an example created by dependabot: https://github.com/coreinfrastructure/best-practices-badge/pull/1779/files

Note that this PR wants to update this line:

• uses: actions/checkout@ec3a7ce # pin @v2.4.0
  to:
• uses: actions/checkout@a12a394 # pin @v2.4.0

However, the "# pin @v2.4.0" should be correspondingly updated.

This has already been raised, with a slightly different comment format, here:
#4691

I think a simple regex could handle typical variations of the version information.

[jeffwidman]

Thanks, I added this as another comment format we should support in #4691 (comment), and then going to close this as a duplicate request.