From b7de04d161726fbb277eaa95fb0d658dbb6a9536 Mon Sep 17 00:00:00 2001
From: Takashi Kokubun <takashikkbn@gmail.com>
Date: Sun, 16 Oct 2022 22:47:49 -0700
Subject: [PATCH] Disable dependabot for auto-request-review for now

because you have to manually update the version tag comment.
It feels unsafe to trust third party git tags when you need to pass
MATZBOT_GITHUB_TOKEN to it. Git commit sha alone isn't human-readable
and I'm reluctant to remove the comment either. It doesn't seem worth
the effort to review changes for every release of this action.
---
 .github/dependabot.yml                    | 3 +++
 .github/workflows/auto_request_review.yml | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index b18fd29357..97adcabffe 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -4,3 +4,6 @@ updates:
     directory: '/'
     schedule:
       interval: 'weekly'
+    ignore:
+      # It doesn't update the version comment for us
+      - dependency-name: 'necojackarc/auto-request-review'
diff --git a/.github/workflows/auto_request_review.yml b/.github/workflows/auto_request_review.yml
index d499a84d5a..8275927fd3 100644
--- a/.github/workflows/auto_request_review.yml
+++ b/.github/workflows/auto_request_review.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Request review based on files changes and/or groups the author belongs to
-        uses: necojackarc/auto-request-review@b5e81876454003a4ccb9b89cb205c67d77d7035b # v0.7.0, checking sha
+        uses: necojackarc/auto-request-review@b5e81876454003a4ccb9b89cb205c67d77d7035b # v0.8.0, checking sha
         with:
           # scope: public_repo
           token: ${{ secrets.MATZBOT_GITHUB_TOKEN }}