https://docs.github.com/en/code-security/reference/supply-chain-security/supported-ecosystems-and-repositories#pre-commit
You can use a # frozen: comment after the rev value to pin a hook to a particular version or version prefix. Dependabot uses this comment to determine whether an update is needed and which tag to resolve.
Example on Apache Airflow:
https://github.com/apache/airflow/blob/fd9241cdf0bb64d5b3c4619be83619db62671824/.pre-commit-config.yaml#L301
https://docs.github.com/en/code-security/reference/supply-chain-security/supported-ecosystems-and-repositories#pre-commit
You can use a
# frozen:comment after therevvalue to pin a hook to a particular version or version prefix. Dependabot uses this comment to determine whether an update is needed and which tag to resolve.Example on Apache Airflow:
https://github.com/apache/airflow/blob/fd9241cdf0bb64d5b3c4619be83619db62671824/.pre-commit-config.yaml#L301