New Package Ecosystem Support

GitHub Dependabot now natively supports automatic dependency updates for pre-commit hooks. This expands Dependabot's package ecosystem coverage to include development tool configurations, allowing teams to keep their pre-commit hooks synchronized with the latest releases alongside traditional dependency management.

How It Works

To enable pre-commit support, add pre-commit as a package ecosystem in your dependabot.yml configuration. Dependabot will automatically:

• Parse your .pre-commit-config.yaml file
• Check each hook's repository for new tags and releases
• Open pull requests to update the rev field with new versions
• Integrate seamlessly into your existing Dependabot workflow

Key Features

The implementation includes several developer-friendly capabilities:

• Tag and SHA-based revisions: Works with hooks pinned to Git tags (e.g., v4.5.0) or specific commit SHAs
• Grouped updates: Combine multiple hook updates into a single pull request using Dependabot's existing grouped updates configuration
• Changelog and release notes: Pull requests automatically include changelogs and release notes, enabling informed review before merging
• Format preservation: Updates modify only the rev value and inline version comments (e.g., # frozen:), maintaining your existing YAML structure
• Smart filtering: Automatically skips local and meta hook definitions that don't require version management
• Multi-host support: Functions with hooks hosted on GitHub, GitLab, Bitbucket, and other Git hosting providers

Getting Started

To enable this feature, configure pre-commit support in Dependabot version updates via the official documentation. For questions and discussions, join the conversation in the dependabot-core repository.