Dependabot now supports pre-commit hooks

Source: GitHub Changelog

GitHub Dependabot now natively supports automatic dependency updates for pre-commit hooks. By adding pre-commit as a package ecosystem in your dependabot.yml configuration, Dependabot will parse your .pre-commit-config.yaml, check each hook’s repository for new tags or releases, and open pull requests to update the rev field. This is fully integrated into your existing Dependabot workflow.

Supported features

• Tag and SHA-based revisions – Works with hooks pinned to Git tags (e.g., v4.5.0) or commit SHAs.
• Grouped updates – Combine multiple hook updates into a single pull request using Dependabot’s existing grouped updates configuration.
• Changelog and release notes – Pull requests include changelogs and release notes from hook repositories so you can review what’s changed before merging.
• YAML formatting preservation – Updates modify the rev value and any inline version comments (e.g., # frozen:) to reflect the new version, while keeping your existing structure intact.
• Graceful handling of local and meta repos – Dependabot automatically skips local and meta hook definitions that don’t require version updates.
• Multi-host support – Works with hooks hosted on GitHub, GitLab, Bitbucket, and other Git hosting providers.

Getting started

1. Follow the guide to configure pre-commit support in Dependabot version updates.
2. Join the discussion in the dependabot-core repository: .