Pre-Commit Hook Support Now Available

GitHub has expanded Dependabot's capabilities to include native support for pre-commit hooks, a popular framework for managing Git hooks. This brings automated dependency management to a critical part of many development workflows.

How It Works

By adding pre-commit as a package ecosystem in your dependabot.yml configuration, Dependabot will:

• Parse .pre-commit-config.yaml files to identify all configured hooks
• Check for new releases by monitoring each hook's repository for new tags or commits
• Open pull requests automatically to update the rev field with new versions
• Include changelogs and release notes so teams can review changes before merging

Key Features

The implementation includes several developer-friendly capabilities:

• Tag and SHA-based revisions: Works with hooks pinned to Git tags (e.g., v4.5.0) or commit SHAs
• Grouped updates: Combine multiple hook updates into a single pull request using Dependabot's existing grouped updates configuration
• Multi-host support: Compatible with GitHub, GitLab, Bitbucket, and other Git hosting providers
• Smart filtering: Automatically skips local and meta hook definitions that don't require version updates
• YAML preservation: Updates the rev value and inline version comments while maintaining your existing file structure

Getting Started

To enable pre-commit support, configure it in your Dependabot version updates settings. For detailed instructions and configuration options, refer to GitHub's Dependabot configuration documentation.