Skip to content

Commit 0ee84ae

Browse files
MaxymVlasovMaxymVlasov
committed
chore(security): Pin pre-commit hooks by SHA, as it is immutable
1 parent 79085a6 commit 0ee84ae

File tree

2 files changed

+12
-9
lines changed

2 files changed

+12
-9
lines changed

.github/renovate.json5

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,4 +15,7 @@
1515
commitMessageLowerCase: "never",
1616
// Disable auto-rebase on every commit to avoid reaching Github limits on macos runners
1717
rebaseWhen: "conflicted",
18+
"pre-commit": {
19+
enabled: false, // Use pre-commit.ci freeze instead
20+
},
1821
}

.pre-commit-config.yaml

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ ci:
77

88
repos:
99
- repo: https://github.com/pre-commit/pre-commit-hooks
10-
rev: v5.0.0
10+
rev: cef0300fd0fc4d2a87a85fa2093c6b283ea36f4b # frozen: v5.0.0
1111
hooks:
1212
# Git style
1313
- id: check-added-large-files
@@ -43,19 +43,19 @@ repos:
4343

4444
# Detect hardcoded secrets
4545
- repo: https://github.com/gitleaks/gitleaks
46-
rev: v8.26.0
46+
rev: a248f9279b38aeff5bbd4c85cc6f15b64d27e794 # frozen: v8.27.0
4747
hooks:
4848
- id: gitleaks
4949

5050
# Dockerfile
5151
- repo: https://github.com/hadolint/hadolint
52-
rev: v2.13.1-beta
52+
rev: c3dc18df7a501f02a560a2cc7ba3c69a85ca01d3 # frozen: v2.13.1-beta
5353
hooks:
5454
- id: hadolint
5555

5656
# YAML
5757
- repo: https://github.com/jumanjihouse/pre-commit-hook-yamlfmt
58-
rev: 0.2.3
58+
rev: 8d1b9cadaf854cb25bb0b0f5870e1cc66a083d6b # frozen: 0.2.3
5959
hooks:
6060
- id: yamlfmt
6161
args:
@@ -66,7 +66,7 @@ repos:
6666
- --implicit_start
6767

6868
- repo: https://github.com/adrienverge/yamllint.git
69-
rev: v1.37.1
69+
rev: 79a6b2b1392eaf49cdd32ac4f14be1a809bbd8f7 # frozen: v1.37.1
7070
hooks:
7171
- id: yamllint
7272
types:
@@ -77,15 +77,15 @@ repos:
7777

7878
# JSON5
7979
- repo: https://github.com/pre-commit/mirrors-prettier
80-
rev: v4.0.0-alpha.8
80+
rev: f12edd9c7be1c20cfa42420fd0e6df71e42b51ea # frozen: v4.0.0-alpha.8
8181
hooks:
8282
- id: prettier
8383
# https://prettier.io/docs/en/options.html#parser
8484
files: .json5$
8585

8686
# Bash
8787
- repo: https://github.com/jumanjihouse/pre-commit-hooks
88-
rev: 3.0.0
88+
rev: 38980559e3a605691d6579f96222c30778e5a69e # frozen: 3.0.0
8989
hooks:
9090
- id: shfmt
9191
args:
@@ -99,15 +99,15 @@ repos:
9999

100100
# Python
101101
- repo: https://github.com/astral-sh/ruff-pre-commit
102-
rev: v0.11.11
102+
rev: d19233b89771be2d89273f163f5edc5a39bbc34a # frozen: v0.11.12
103103
hooks:
104104
- id: ruff
105105
args:
106106
- --fix
107107
- id: ruff-format
108108

109109
- repo: https://github.com/pre-commit/mirrors-mypy.git
110-
rev: v1.15.0
110+
rev: 7010b10a09f65cd60a23c207349b539aa36dbec1 # frozen: v1.16.0
111111
hooks:
112112
- id: mypy
113113
alias: mypy-py313

0 commit comments

Comments
 (0)