`pre-commit` manager misclassifies bare SHA `rev` values as versions #42264

shaanmajid · 2026-03-30T20:18:43Z

shaanmajid
Mar 30, 2026

How are you running Renovate?

Self-hosted Renovate CLI

Which platform you running Renovate on?

GitHub.com

Which version of Renovate are you using?

43.101.1

Please tell us more about your question or problem

The pre-commit manager can produce incorrect lookup results when a .pre-commit-config.yaml entry uses a bare commit SHA in rev without a # frozen: comment.

In the current code path:

Bare rev values are extracted as currentValue: <sha> under the github-tags datasource.
Only # frozen: entries are rewritten into currentDigest: <sha> plus currentValue: <comment version>.
github-tags does not define its own defaultVersioning, so it falls back to Renovate's global default, semver-coerced.
semver-coerced uses semver.coerce(), so some bare SHAs are treated as valid versions.

The root cause is that extractDependency() always assigns rev to currentValue, and the later regex enrichment only corrects the special # frozen: form. So a bare SHA is passed into normal version lookup, even though it is not a version.

For a bare SHA, the downstream behavior depends onwhether semver.coerce() can derive a version-like value from the string, and on what real tags exist in the repository:

If coercion produces a low pseudo-version such as 0.0.0, Renovate can propose bogus tag-based updates.
If coercion produces a high pseudo-version such as 9.0.0 or 20.0.0, Renovate can silently no-op because existing tags sort below it.
If coercion fails, the dependency is skipped as invalid-value.

MRE

renovate.json:

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "pre-commit": {
    "enabled": true
  }
}

.pre-commit-config.yaml:

repos:
  # Tag pin (semver, should update normally)
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v5.0.0
    hooks:
      - id: trailing-whitespace

  # Bare SHA; may be coerced into a pseudo-version
  - repo: https://github.com/python-jsonschema/check-jsonschema
    rev: 9f48a48aa91a6040d749ad68ec70907d907a5a7f
    hooks:
      - id: check-metaschema

  # Bare SHA; may be coerced into a different pseudo-version
  - repo: https://github.com/crate-ci/typos
    rev: 0c6edcf1df76b8f52847d4d5a3102c15df4ec64c
    hooks:
      - id: typos

  # Frozen SHA; should work correctly
  - repo: https://github.com/astral-sh/ruff-pre-commit
    rev: 895ebb389825c29bd4e0addcf7579d6c69d199cc # frozen: v0.9.6
    hooks:
      - id: ruff

Example outcoms from current behavior:

`rev`	`semver.coerce()`	Likely effect
`9f48a48aa91a6040d749ad68ec70907d907a5a7f`	`9.0.0`	Often a silent no-op
`0c6edcf1df76b8f52847d4d5a3102c15df4ec64c`	`0.0.0`	Can produce bogus updates
`a00caac4f0cec045f7f67d222c3fcd0744285c51`	`null`	Skipped as `invalid-value`

Expected behavior

Bare SHA pins without a # frozen: comment should not enter semver version lookup at all. They do not carry a comparable version, so they should be skipped as something like skipReason: 'unspecified-version' instead of being emitted as currentValue.

# frozen: entries should continue to work as they do now, because they provide both:

A real version in currentValue.
The pinned commit in currentDigest.

Suggested fix

Detect bare 40-character hex SHAs in the pre-commit extraction path when there is no # frozen: comment, and do not emit them as currentValue. Instead, skip them as unspecified-version so they never enter the github-tags + semver-coerced lookup flow.

Logs (if relevant)

Logs


 INFO: Renovate started
       "renovateVersion": "0.0.0-semantic-release"
DEBUG: Using RE2 regex engine
DEBUG: Parsing configs
DEBUG: No config file found on disk - skipping
DEBUG: No additional config file found specified - skipping
DEBUG: Converting GITHUB_COM_TOKEN into a global host rule
DEBUG: File config
       "config": {}
DEBUG: Additional file config
       "config": {}
DEBUG: CLI config
       "config": {"platform": "local"}
DEBUG: Env config
       "config": {
         "hostRules": [
           {"hostType": "github", "matchHost": "github.com", "token": "***********"}
         ]
       }
DEBUG: Resolved global extends
       "config": undefined
DEBUG: Combined config
       "config": {
         "hostRules": [
           {"hostType": "github", "matchHost": "github.com", "token": "***********"}
         ],
         "platform": "local"
       }
DEBUG: Enabling forkProcessing while in non-autodiscover mode
DEBUG: Enabling onboardingNoDeps while in non-autodiscover mode
DEBUG: Found valid git version: 2.53.0
DEBUG: Setting global hostRules
DEBUG: Adding token authentication for github.com (hostType=github) to hostRules
DEBUG: Using baseDir: /var/folders/7p/7p8txc0n2xb6_dj13c46ld900000gn/T/renovate
DEBUG: Using cacheDir: /var/folders/7p/7p8txc0n2xb6_dj13c46ld900000gn/T/renovate/cache
DEBUG: Using containerbaseDir: /var/folders/7p/7p8txc0n2xb6_dj13c46ld900000gn/T/renovate/cache/containerbase
DEBUG: Initializing Renovate internal cache into /var/folders/7p/7p8txc0n2xb6_dj13c46ld900000gn/T/renovate/cache/renovate/renovate-cache-v1
DEBUG: Commits limit = null
DEBUG: Setting global hostRules
DEBUG: Adding token authentication for github.com (hostType=github) to hostRules
DEBUG: validatePresets()
ERROR: Unsupported node environment detected. Please update your node version.
       "versions": {
         "node": "25.8.1",
         "acorn": "8.16.0",
         "ada": "3.4.3",
         "amaro": "1.1.8",
         "ares": "1.34.6",
         "brotli": "1.2.0",
         "cldr": "48.0",
         "icu": "78.3",
         "lief": "0.17.0",
         "llhttp": "9.3.1",
         "merve": "1.2.0",
         "modules": "141",
         "napi": "10",
         "nbytes": "0.1.3",
         "ncrypto": "0.0.1",
         "nghttp2": "1.68.1",
         "nghttp3": "",
         "ngtcp2": "",
         "openssl": "3.6.1",
         "simdjson": "4.4.2",
         "simdutf": "7.3.3",
         "sqlite": "3.51.3",
         "tz": "2026a",
         "undici": "7.22.0",
         "unicode": "17.0",
         "uv": "1.52.1",
         "uvwasi": "0.0.23",
         "v8": "14.1.146.11-node.21",
         "zlib": "1.2.12",
         "zstd": "1.5.7"
       },
       "range": "^24.11.0"
DEBUG: Reinitializing hostRules for repo
DEBUG: Clearing hostRules
DEBUG: Adding token authentication for github.com (hostType=github) to hostRules
 INFO: Repository started (repository=local)
       "renovateVersion": "0.0.0-semantic-release"
DEBUG: Using localDir: /Users/shaan/code/pre-commit-sha-mre (repository=local)
DEBUG: PackageFiles.clear() - Package files deleted (repository=local)
DEBUG: Resetting npmrc (repository=local)
DEBUG: Resetting npmrc (repository=local)
DEBUG: checkOnboarding() (repository=local)
DEBUG: isOnboarded() (repository=local)
DEBUG: findFile(renovate.json) (repository=local)
DEBUG: Got file list using git (repository=local)
DEBUG: Config file exists, fileName: renovate.json (repository=local)
DEBUG: Repo is onboarded (repository=local)
DEBUG: Got file list using git (repository=local)
DEBUG: Found renovate.json config file (repository=local)
DEBUG: Repository config (repository=local)
       "fileName": "renovate.json",
       "config": {
         "$schema": "https://docs.renovatebot.com/renovate-schema.json",
         "pre-commit": {"enabled": true}
       }
DEBUG: migrateAndValidate() (repository=local)
DEBUG: No config migration necessary (repository=local)
DEBUG: Found repo ignorePaths (repository=local)
       "ignorePaths": ["**/node_modules/**", "**/bower_components/**"]
DEBUG: No vulnerability alerts found (repository=local)
DEBUG: No baseBranches (repository=local)
DEBUG: extract() (repository=local)
DEBUG: Got file list using git (repository=local)
DEBUG: Using file pattern: /(^|/)tasks/[^/]+\.ya?ml$/ for manager ansible (repository=local)
DEBUG: Using file pattern: /(^|/)(galaxy|requirements)(\.ansible)?\.ya?ml$/ for manager ansible-galaxy (repository=local)
DEBUG: Using file pattern: /(^|/)\.tool-versions$/ for manager asdf (repository=local)
DEBUG: Using file pattern: /(^|/).azuredevops/.+\.ya?ml$/ for manager azure-pipelines (repository=local)
DEBUG: Using file pattern: /azure.*pipelines?.*\.ya?ml$/ for manager azure-pipelines (repository=local)
DEBUG: Using file pattern: /(^|/)batect(-bundle)?\.ya?ml$/ for manager batect (repository=local)
DEBUG: Using file pattern: /(^|/)batect$/ for manager batect-wrapper (repository=local)
DEBUG: Using file pattern: /(^|/)WORKSPACE(|\.bazel|\.bzlmod)$/ for manager bazel (repository=local)
DEBUG: Using file pattern: /\.WORKSPACE\.bazel$/ for manager bazel (repository=local)
DEBUG: Using file pattern: /\.bzl$/ for manager bazel (repository=local)
DEBUG: Using file pattern: /(^|/|\.)MODULE\.bazel$/ for manager bazel-module (repository=local)
DEBUG: Using file pattern: /(^|/)\.bazelversion$/ for manager bazelisk (repository=local)
DEBUG: Using file pattern: /\.bicep$/ for manager bicep (repository=local)
DEBUG: Using file pattern: /(^|/)\.?bitbucket-pipelines\.ya?ml$/ for manager bitbucket-pipelines (repository=local)
DEBUG: Using file pattern: /(^|/)bitrise\.ya?ml$/ for manager bitrise (repository=local)
DEBUG: Using file pattern: /buildkite\.ya?ml/ for manager buildkite (repository=local)
DEBUG: Using file pattern: /\.buildkite/.+\.ya?ml$/ for manager buildkite (repository=local)
DEBUG: Using file pattern: /(^|/)project\.toml$/ for manager buildpacks (repository=local)
DEBUG: Using file pattern: /(^|/)bun\.lockb?$/ for manager bun (repository=local)
DEBUG: Using file pattern: /(^|/)package\.json$/ for manager bun (repository=local)
DEBUG: Using file pattern: /(^|/)\.bun-version$/ for manager bun-version (repository=local)
DEBUG: Using file pattern: /(^|/)Gemfile$/ for manager bundler (repository=local)
DEBUG: Using file pattern: /\.cake$/ for manager cake (repository=local)
DEBUG: Using file pattern: /(^|/)Cargo\.toml$/ for manager cargo (repository=local)
DEBUG: Using file pattern: /(^|/)\.circleci/.+\.ya?ml$/ for manager circleci (repository=local)
DEBUG: Using file pattern: /(^|/)cloudbuild\.ya?ml/ for manager cloudbuild (repository=local)
DEBUG: Using file pattern: /(^|/)Podfile$/ for manager cocoapods (repository=local)
DEBUG: Using file pattern: /(^|/)([\w-]*)composer\.json$/ for manager composer (repository=local)
DEBUG: Using file pattern: /(^|/)conanfile\.(txt|py)$/ for manager conan (repository=local)
DEBUG: Using file pattern: /(^|/)\.copier-answers(\..+)?\.ya?ml/ for manager copier (repository=local)
DEBUG: Using file pattern: /(^|/)cpanfile$/ for manager cpanfile (repository=local)
DEBUG: Using file pattern: /^\.crow(?:/[^/]+)?\.ya?ml$/ for manager crow (repository=local)
DEBUG: Using file pattern: /(^|/)(?:deps|bb)\.edn$/ for manager deps-edn (repository=local)
DEBUG: Using file pattern: /(^|/)devbox\.json$/ for manager devbox (repository=local)
DEBUG: Using file pattern: /^.devcontainer/devcontainer.json$/ for manager devcontainer (repository=local)
DEBUG: Using file pattern: /^.devcontainer.json$/ for manager devcontainer (repository=local)
DEBUG: Using file pattern: /(^|/)(?:docker-)?compose[^/]*\.ya?ml$/ for manager docker-compose (repository=local)
DEBUG: Using file pattern: /(^|/|\.)([Dd]ocker|[Cc]ontainer)file$/ for manager dockerfile (repository=local)
DEBUG: Using file pattern: /(^|/)([Dd]ocker|[Cc]ontainer)file[^/]*$/ for manager dockerfile (repository=local)
DEBUG: Using file pattern: /(^|/)\.drone\.yml$/ for manager droneci (repository=local)
DEBUG: Using file pattern: /(^|/)fleet\.ya?ml/ for manager fleet (repository=local)
DEBUG: Using file pattern: /(?:^|/)gotk-components\.ya?ml$/ for manager flux (repository=local)
DEBUG: Using file pattern: /(^|/)\.fvm/fvm_config\.json$/ for manager fvm (repository=local)
DEBUG: Using file pattern: /(^|/)\.fvmrc$/ for manager fvm (repository=local)
DEBUG: Using file pattern: /(^|/)\.gitmodules$/ for manager git-submodules (repository=local)
DEBUG: Using file pattern: /(^|/)(workflow-templates|\.(?:github|gitea|forgejo)/(?:workflows|actions))/.+\.ya?ml$/ for manager github-actions (repository=local)
DEBUG: Using file pattern: /(^|/)action\.ya?ml$/ for manager github-actions (repository=local)
DEBUG: Using file pattern: /\.gitlab-ci\.ya?ml$/ for manager gitlabci (repository=local)
DEBUG: Using file pattern: /\.gitlab-ci\.ya?ml$/ for manager gitlabci-include (repository=local)
DEBUG: Using file pattern: /(^|/)gleam.toml$/ for manager gleam (repository=local)
DEBUG: Using file pattern: /(^|/)go\.mod$/ for manager gomod (repository=local)
DEBUG: Using file pattern: /\.gradle(\.kts)?$/ for manager gradle (repository=local)
DEBUG: Using file pattern: /(^|/)gradle\.properties$/ for manager gradle (repository=local)
DEBUG: Using file pattern: /(^|/)gradle/.+\.toml$/ for manager gradle (repository=local)
DEBUG: Using file pattern: /(^|/)buildSrc/.+\.kt$/ for manager gradle (repository=local)
DEBUG: Using file pattern: /\.versions\.toml$/ for manager gradle (repository=local)
DEBUG: Using file pattern: /(^|/)versions.props$/ for manager gradle (repository=local)
DEBUG: Using file pattern: /(^|/)versions.lock$/ for manager gradle (repository=local)
DEBUG: Using file pattern: /(^|/)gradle/wrapper/gradle-wrapper\.properties$/ for manager gradle-wrapper (repository=local)
DEBUG: Using file pattern: /\.cabal$/ for manager haskell-cabal (repository=local)
DEBUG: Using file pattern: /(^|/)requirements\.ya?ml$/ for manager helm-requirements (repository=local)
DEBUG: Using file pattern: /(^|/)values\.ya?ml$/ for manager helm-values (repository=local)
DEBUG: Using file pattern: /(^|/)helmfile\.ya?ml(?:\.gotmpl)?$/ for manager helmfile (repository=local)
DEBUG: Using file pattern: /(^|/)helmfile\.d/.+\.ya?ml(?:\.gotmpl)?$/ for manager helmfile (repository=local)
DEBUG: Using file pattern: /(^|/)Chart\.ya?ml$/ for manager helmv3 (repository=local)
DEBUG: Using file pattern: /(^|/)bin/hermit$/ for manager hermit (repository=local)
DEBUG: Using file pattern: /(^|/)manifest\.json$/ for manager homeassistant-manifest (repository=local)
DEBUG: Using file pattern: /^Formula/[^/]+[.]rb$/ for manager homebrew (repository=local)
DEBUG: Using file pattern: /\.html?$/ for manager html (repository=local)
DEBUG: Using file pattern: /(^|/)plugins\.(txt|ya?ml)$/ for manager jenkins (repository=local)
DEBUG: Using file pattern: /(^|/)jsonnetfile\.json$/ for manager jsonnet-bundler (repository=local)
DEBUG: Using file pattern: /^.+\.main\.kts$/ for manager kotlin-script (repository=local)
DEBUG: Using file pattern: /(^|/)kustomization\.ya?ml$/ for manager kustomize (repository=local)
DEBUG: Using file pattern: /(^|/)project\.clj$/ for manager leiningen (repository=local)
DEBUG: Using file pattern: /(^|/|\.)pom\.xml$/ for manager maven (repository=local)
DEBUG: Using file pattern: /^(((\.mvn)|(\.m2))/)?settings\.xml$/ for manager maven (repository=local)
DEBUG: Using file pattern: /(^|/)\.mvn/extensions\.xml$/ for manager maven (repository=local)
DEBUG: Using file pattern: /(^|\/).mvn/wrapper/maven-wrapper.properties$/ for manager maven-wrapper (repository=local)
DEBUG: Using file pattern: /(^|\/)mvnw(.cmd)?$/ for manager maven-wrapper (repository=local)
DEBUG: Using file pattern: /(^|/)package\.js$/ for manager meteor (repository=local)
DEBUG: Using file pattern: /(^|/)Mintfile$/ for manager mint (repository=local)
DEBUG: Using file pattern: **/{,.}mise{,.*}.toml for manager mise (repository=local)
DEBUG: Using file pattern: **/{,.}mise/config{,.*}.toml for manager mise (repository=local)
DEBUG: Using file pattern: **/.config/mise{,.*}.toml for manager mise (repository=local)
DEBUG: Using file pattern: **/.config/mise/{mise,config}{,.*}.toml for manager mise (repository=local)
DEBUG: Using file pattern: **/.config/mise/conf.d/*.toml for manager mise (repository=local)
DEBUG: Using file pattern: **/.rtx{,.*}.toml for manager mise (repository=local)
DEBUG: Using file pattern: /(^|/)mix\.exs$/ for manager mix (repository=local)
DEBUG: Using file pattern: /(^|/)flake\.nix$/ for manager nix (repository=local)
DEBUG: Using file pattern: /(^|/)\.node-version$/ for manager nodenv (repository=local)
DEBUG: Using file pattern: /(^|/)package\.json$/ for manager npm (repository=local)
DEBUG: Using file pattern: /(^|/)pnpm-workspace\.yaml$/ for manager npm (repository=local)
DEBUG: Using file pattern: /(^|/)\.yarnrc\.yml$/ for manager npm (repository=local)
DEBUG: Using file pattern: /\.(?:cs|fs|vb)proj$/ for manager nuget (repository=local)
DEBUG: Using file pattern: /\.(?:props|targets)$/ for manager nuget (repository=local)
DEBUG: Using file pattern: /(^|/)dotnet-tools\.json$/ for manager nuget (repository=local)
DEBUG: Using file pattern: /(^|/)global\.json$/ for manager nuget (repository=local)
DEBUG: Using file pattern: /(^|/)\.nvmrc$/ for manager nvm (repository=local)
DEBUG: Using file pattern: /(^|/)src/main/features/.+\.json$/ for manager osgi (repository=local)
DEBUG: Using file pattern: /(^|/)pyproject\.toml$/ for manager pep621 (repository=local)
DEBUG: Using file pattern: /(^|/)[\w-]*requirements([-._]\w+)?\.(txt|pip)$/ for manager pip_requirements (repository=local)
DEBUG: Using file pattern: /(^|/)setup\.py$/ for manager pip_setup (repository=local)
DEBUG: Using file pattern: /(^|/)Pipfile$/ for manager pipenv (repository=local)
DEBUG: Using file pattern: /(^|/)pyproject\.toml$/ for manager pixi (repository=local)
DEBUG: Using file pattern: /(^|/)pixi\.toml$/ for manager pixi (repository=local)
DEBUG: Using file pattern: /(^|/)pyproject\.toml$/ for manager poetry (repository=local)
DEBUG: Using file pattern: /(^|/)\.pre-commit-config\.ya?ml$/ for manager pre-commit (repository=local)
DEBUG: Using file pattern: /(^|/)pubspec\.ya?ml$/ for manager pub (repository=local)
DEBUG: Using file pattern: /(^|/)Puppetfile$/ for manager puppet (repository=local)
DEBUG: Using file pattern: /(^|/)\.python-version$/ for manager pyenv (repository=local)
DEBUG: Using file pattern: /.+\.container$/ for manager quadlet (repository=local)
DEBUG: Using file pattern: /.+\.image$/ for manager quadlet (repository=local)
DEBUG: Using file pattern: /.+\.volume$/ for manager quadlet (repository=local)
DEBUG: Using file pattern: renovate.json for manager renovate-config-presets (repository=local)
DEBUG: Using file pattern: renovate.json5 for manager renovate-config-presets (repository=local)
DEBUG: Using file pattern: .github/renovate.json for manager renovate-config-presets (repository=local)
DEBUG: Using file pattern: .github/renovate.json5 for manager renovate-config-presets (repository=local)
DEBUG: Using file pattern: .gitlab/renovate.json for manager renovate-config-presets (repository=local)
DEBUG: Using file pattern: .gitlab/renovate.json5 for manager renovate-config-presets (repository=local)
DEBUG: Using file pattern: .renovaterc for manager renovate-config-presets (repository=local)
DEBUG: Using file pattern: .renovaterc.json for manager renovate-config-presets (repository=local)
DEBUG: Using file pattern: .renovaterc.json5 for manager renovate-config-presets (repository=local)
DEBUG: Using file pattern: /(^|/)\.ruby-version$/ for manager ruby-version (repository=local)
DEBUG: Using file pattern: /(^|/)runtime.txt$/ for manager runtime-version (repository=local)
DEBUG: Using file pattern: /\.sbt$/ for manager sbt (repository=local)
DEBUG: Using file pattern: /project/[^/]*\.scala$/ for manager sbt (repository=local)
DEBUG: Using file pattern: /project/build\.properties$/ for manager sbt (repository=local)
DEBUG: Using file pattern: /(^|/)repositories$/ for manager sbt (repository=local)
DEBUG: Using file pattern: /(^|/)\.scalafmt.conf$/ for manager scalafmt (repository=local)
DEBUG: Using file pattern: /(^|/)setup\.cfg$/ for manager setup-cfg (repository=local)
DEBUG: Using file pattern: /(^|/)Package\.swift/ for manager swift (repository=local)
DEBUG: Using file pattern: **/*.tf for manager terraform (repository=local)
DEBUG: Using file pattern: **/*.tofu for manager terraform (repository=local)
DEBUG: Using file pattern: /(^|/)\.terraform-version$/ for manager terraform-version (repository=local)
DEBUG: Using file pattern: /(^|/)terragrunt\.hcl$/ for manager terragrunt (repository=local)
DEBUG: Using file pattern: /(^|/)\.terragrunt-version$/ for manager terragrunt-version (repository=local)
DEBUG: Using file pattern: /\.tflint\.hcl$/ for manager tflint-plugin (repository=local)
DEBUG: Using file pattern: /^\.travis\.ya?ml$/ for manager travis (repository=local)
DEBUG: Using file pattern: /\.typ$/ for manager typst (repository=local)
DEBUG: Using file pattern: **/ProjectSettings/ProjectVersion.txt for manager unity3d (repository=local)
DEBUG: Using file pattern: /(^|/)\.vela\.ya?ml$/ for manager velaci (repository=local)
DEBUG: Using file pattern: /(^|/)vendir\.yml$/ for manager vendir (repository=local)
DEBUG: Using file pattern: /^\.woodpecker(?:/[^/]+)?\.ya?ml$/ for manager woodpecker (repository=local)
DEBUG: Matched 1 file(s) for manager pre-commit: .pre-commit-config.yaml (repository=local)
DEBUG: Matched 1 file(s) for manager renovate-config-presets: renovate.json (repository=local)
DEBUG: Found version v5.0.0 (repository=local)
DEBUG: Found github dependency (repository=https://github.com/pre-commit/pre-commit-hooks)
DEBUG: Found version 9f48a48aa91a6040d749ad68ec70907d907a5a7f (repository=local)
DEBUG: Found github dependency (repository=https://github.com/python-jsonschema/check-jsonschema)
DEBUG: Found version 0c6edcf1df76b8f52847d4d5a3102c15df4ec64c (repository=local)
DEBUG: Found github dependency (repository=https://github.com/crate-ci/typos)
DEBUG: Found version 895ebb389825c29bd4e0addcf7579d6c69d199cc (repository=local)
DEBUG: Found github dependency (repository=https://github.com/astral-sh/ruff-pre-commit)
DEBUG: manager extract durations (ms) (repository=local)
       "managers": {"pre-commit": 6, "renovate-config-presets": 1}
DEBUG: Found pre-commit package files (repository=local)
DEBUG: Found 1 package file(s) (repository=local)
 INFO: Dependency extraction complete (repository=local)
       "stats": {
         "managers": {"pre-commit": {"fileCount": 1, "depCount": 4}},
         "total": {"fileCount": 1, "depCount": 4}
       }
DEBUG: PackageFiles.add() - Package file saved for base branch (repository=local)
DEBUG: Package releases lookups complete (repository=local)
DEBUG: LibYears: no currentVersionTimestamp for crate-ci/typos (repository=local)
DEBUG: Repository libYears (repository=local)
       "libYears": {"managers": {"pre-commit": 1.9651954591577878}, "total": 1.9651954591577878},
       "dependencyStatus": {"outdated": 3, "total": 4}
DEBUG: branchifyUpgrades (repository=local)
DEBUG: detectSemanticCommits() (repository=local)
DEBUG: getCommitMessages (repository=local)
DEBUG: semanticCommits: detected "unknown" (repository=local)
DEBUG: semanticCommits: disabled (repository=local)
DEBUG: 4 flattened updates found: pre-commit/pre-commit-hooks, crate-ci/typos, crate-ci/typos, astral-sh/ruff-pre-commit (repository=local)
DEBUG: Returning 4 branch(es) (repository=local)
DEBUG: Branch is not pending, removing pending upgrades (repository=local, branch=renovate/pre-commit-pre-commit-hooks-6.x)
DEBUG: Branch is not pending, removing pending upgrades (repository=local, branch=renovate/crate-ci-typos-0.x)
DEBUG: Branch is not pending, removing pending upgrades (repository=local, branch=renovate/crate-ci-typos-1.x)
DEBUG: Branch is not pending, removing pending upgrades (repository=local, branch=renovate/astral-sh-ruff-pre-commit-0.x)
DEBUG: config.repoIsOnboarded=true (repository=local)
DEBUG: packageFiles with updates (repository=local)
       "config": {
         "pre-commit": [
           {
             "deps": [
               {
                 "datasource": "github-tags",
                 "depName": "pre-commit/pre-commit-hooks",
                 "depType": "repository",
                 "packageName": "pre-commit/pre-commit-hooks",
                 "currentValue": "v5.0.0",
                 "updates": [
                   {
                     "bucket": "major",
                     "newVersion": "v6.0.0",
                     "newValue": "v6.0.0",
                     "releaseTimestamp": "2025-08-09T19:24:33.000Z",
                     "newVersionAgeInDays": 233,
                     "newMajor": 6,
                     "newMinor": 0,
                     "newPatch": 0,
                     "updateType": "major",
                     "isBreaking": true,
                     "libYears": 0.8439155251141552,
                     "branchName": "renovate/pre-commit-pre-commit-hooks-6.x"
                   }
                 ],
                 "versioning": "semver-coerced",
                 "warnings": [],
                 "sourceUrl": "https://github.com/pre-commit/pre-commit-hooks",
                 "registryUrl": "https://github.com",
                 "mostRecentTimestamp": "2025-08-09T19:24:33.000Z",
                 "currentVersion": "v5.0.0",
                 "currentVersionTimestamp": "2024-10-05T18:42:33.000Z",
                 "currentVersionAgeInDays": 541,
                 "isSingleVersion": true,
                 "fixedVersion": "v5.0.0"
               },
               {
                 "datasource": "github-tags",
                 "depName": "python-jsonschema/check-jsonschema",
                 "depType": "repository",
                 "packageName": "python-jsonschema/check-jsonschema",
                 "currentValue": "9f48a48aa91a6040d749ad68ec70907d907a5a7f",
                 "updates": [],
                 "versioning": "semver-coerced",
                 "warnings": [],
                 "sourceUrl": "https://github.com/python-jsonschema/check-jsonschema",
                 "registryUrl": "https://github.com",
                 "mostRecentTimestamp": "2026-03-26T02:46:01.000Z",
                 "currentVersion": "9f48a48aa91a6040d749ad68ec70907d907a5a7f",
                 "fixedVersion": "9f48a48aa91a6040d749ad68ec70907d907a5a7f"
               },
               {
                 "datasource": "github-tags",
                 "depName": "crate-ci/typos",
                 "depType": "repository",
                 "packageName": "crate-ci/typos",
                 "currentValue": "0c6edcf1df76b8f52847d4d5a3102c15df4ec64c",
                 "updates": [
                   {
                     "bucket": "non-major",
                     "newVersion": "v0.4.0",
                     "newValue": "v0.4.0",
                     "releaseTimestamp": "2021-05-22T01:45:24.000Z",
                     "newVersionAgeInDays": 1773,
                     "newMajor": 0,
                     "newMinor": 4,
                     "newPatch": 0,
                     "updateType": "minor",
                     "isBreaking": true,
                     "branchName": "renovate/crate-ci-typos-0.x"
                   },
                   {
                     "bucket": "major",
                     "newVersion": "v1.44.0",
                     "newValue": "v1.44.0",
                     "releaseTimestamp": "2026-02-27T16:31:16.000Z",
                     "newVersionAgeInDays": 31,
                     "newMajor": 1,
                     "newMinor": 44,
                     "newPatch": 0,
                     "updateType": "major",
                     "isBreaking": true,
                     "branchName": "renovate/crate-ci-typos-1.x"
                   }
                 ],
                 "versioning": "semver-coerced",
                 "warnings": [],
                 "sourceUrl": "https://github.com/crate-ci/typos",
                 "registryUrl": "https://github.com",
                 "currentVersion": "0c6edcf1df76b8f52847d4d5a3102c15df4ec64c",
                 "isSingleVersion": true,
                 "fixedVersion": "0c6edcf1df76b8f52847d4d5a3102c15df4ec64c"
               },
               {
                 "datasource": "github-tags",
                 "depName": "astral-sh/ruff-pre-commit",
                 "depType": "repository",
                 "packageName": "astral-sh/ruff-pre-commit",
                 "currentValue": "v0.9.6",
                 "currentDigest": "895ebb389825c29bd4e0addcf7579d6c69d199cc",
                 "replaceString": "895ebb389825c29bd4e0addcf7579d6c69d199cc # frozen: v0.9.6",
                 "autoReplaceStringTemplate": "{{newDigest}} # frozen: {{newValue}}",
                 "updates": [
                   {
                     "bucket": "non-major",
                     "newVersion": "v0.15.8",
                     "newValue": "v0.15.8",
                     "newDigest": "aca6d4c8045a504e2812ea4bedff1d0a09e437bc",
                     "releaseTimestamp": "2026-03-26T19:29:45.000Z",
                     "newVersionAgeInDays": 4,
                     "newMajor": 0,
                     "newMinor": 15,
                     "newPatch": 8,
                     "updateType": "minor",
                     "isBreaking": true,
                     "libYears": 1.1212799340436326,
                     "branchName": "renovate/astral-sh-ruff-pre-commit-0.x"
                   }
                 ],
                 "versioning": "semver-coerced",
                 "warnings": [],
                 "sourceUrl": "https://github.com/astral-sh/ruff-pre-commit",
                 "registryUrl": "https://github.com",
                 "mostRecentTimestamp": "2026-03-26T19:29:45.000Z",
                 "currentVersion": "v0.9.6",
                 "currentVersionTimestamp": "2025-02-10T13:05:01.000Z",
                 "currentVersionAgeInDays": 413,
                 "isSingleVersion": true,
                 "fixedVersion": "v0.9.6"
               }
             ],
             "packageFile": ".pre-commit-config.yaml"
           }
         ]
       }
DEBUG: detectSemanticCommits() (repository=local)
DEBUG: semanticCommits: returning "disabled" from cache (repository=local)
DEBUG: Repository timing splits (milliseconds) (repository=local)
       "splits": {"init": 52, "onboarding": 0, "extract": 119, "lookup": 83, "update": 0},
       "total": 255
DEBUG: Package cache statistics (repository=local)
       "get": {"count": 16, "avgMs": 5, "medianMs": 4, "maxMs": 21, "totalMs": 85},
       "set": {"count": 0, "avgMs": 0, "medianMs": 0, "maxMs": 0, "totalMs": 0}
DEBUG: Datasource cache statistics (repository=local)
       "github-tags": {"https://github.com": {"hit": 0, "miss": 0, "set": 0, "skip": 4}}
DEBUG: HTTP statistics (repository=local)
       "hosts": {},
       "requests": 0
DEBUG: HTTP cache statistics (repository=local)
DEBUG: Lookup statistics (repository=local)
       "github-tags": {"count": 4, "avgMs": 31, "medianMs": 30, "maxMs": 49, "totalMs": 122}
DEBUG: Cache fallback URLs (repository=local)
       "count": 0,
       "hits": {}
DEBUG: Git operations statistics (repository=local)
 INFO: Repository finished (repository=local)
       "cloned": undefined,
       "durationMs": 255,
       "result": undefined,
       "status": undefined,
       "enabled": undefined,
       "onboarded": undefined
DEBUG: Checking file package cache for expired items
DEBUG: Deleted 0 of 29 file cached entries in 15ms
 INFO: Renovate is exiting with a non-zero code due to the following logged errors
       "loggerErrors": [
         {
           "name": "renovate",
           "level": 50,
           "logContext": "ae5cc6c1-b520-4dbd-9c62-002be3519a11",
           "versions": {
             "node": "25.8.1",
             "acorn": "8.16.0",
             "ada": "3.4.3",
             "amaro": "1.1.8",
             "ares": "1.34.6",
             "brotli": "1.2.0",
             "cldr": "48.0",
             "icu": "78.3",
             "lief": "0.17.0",
             "llhttp": "9.3.1",
             "merve": "1.2.0",
             "modules": "141",
             "napi": "10",
             "nbytes": "0.1.3",
             "ncrypto": "0.0.1",
             "nghttp2": "1.68.1",
             "nghttp3": "",
             "ngtcp2": "",
             "openssl": "3.6.1",
             "simdjson": "4.4.2",
             "simdutf": "7.3.3",
             "sqlite": "3.51.3",
             "tz": "2026a",
             "undici": "7.22.0",
             "unicode": "17.0",
             "uv": "1.52.1",
             "uvwasi": "0.0.23",
             "v8": "14.1.146.11-node.21",
             "zlib": "1.2.12",
             "zstd": "1.5.7"
           },
           "range": "^24.11.0",
           "msg": "Unsupported node environment detected. Please update your node version."
         }
       ]

shaanmajid · 2026-03-30T20:19:07Z

shaanmajid
Mar 30, 2026
Author

Similar to #42245 ; also found during development of #42254

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

`pre-commit` manager misclassifies bare SHA `rev` values as versions #42264

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

pre-commit manager misclassifies bare SHA rev values as versions #42264

Uh oh!

shaanmajid Mar 30, 2026

How are you running Renovate?

Which platform you running Renovate on?

Which version of Renovate are you using?

Please tell us more about your question or problem

MRE

Expected behavior

Suggested fix

Logs (if relevant)

Replies: 1 comment

Uh oh!

shaanmajid Mar 30, 2026 Author

`pre-commit` manager misclassifies bare SHA `rev` values as versions #42264

shaanmajid
Mar 30, 2026

shaanmajid
Mar 30, 2026
Author