⬆ Bump prek from 0.3.2 to 0.3.9

[dependabot]

Bumps prek from 0.3.2 to 0.3.9.

Release notes

Sourced from prek's releases.

0.3.9

Release Notes

Released on 2026-04-13.

Highlight

prek auto-update is now stricter about pinned revisions and more useful in CI. It now keeps rev and # frozen: comments in sync, can detect impostor commits when validating pinned SHAs, and lets you use prek auto-update --check to fail on both available updates and frozen-ref mismatches without rewriting the config.

Examples:

$ prek auto-update
# updates revs and repairs stale `# frozen:` comments
$ prek auto-update --freeze
writes frozen SHAs with matching # frozen: <tag> comments
$ prek auto-update --check
exits non-zero when updates are available, a # frozen: comment is stale,
or a pinned SHA does not belong to the fetched upstream refs

Enhancements

• Check and sync frozen comments during auto-update (#1896)
• Handle impostor commits in auto-update (#1919)
• Add experimental language: dotnet support (#1871)
• Honor repo and worktree core.hooksPath (#1892)
• Add prek run --no-fail-fast to override config file (#1859)
• Add forbid-new-submodules as builtin hook (#1853)
• Clean stale patch files in cache gc (#1877)
• Display auto-update results by config entry (#1922)
• Restrict patch directory permissions (#1876)
• Show tag names in auto-update --freeze output (#1916)
• Use a bitset for hook stages (#1860)

Bug fixes

• Canonicalize CWD and GIT_ROOT paths (#1878)
• Ensure quotes are added for non-string revisions in auto-update (#1936)

Documentation

• Update docs for case of hooks modifying files with a non-zero exit code (#1879)

... (truncated)

Changelog

Sourced from prek's changelog.

0.3.9

Released on 2026-04-13.

Highlight

prek auto-update is now stricter about pinned revisions and more useful in CI. It now keeps rev and # frozen: comments in sync, can detect impostor commits when validating pinned SHAs, and lets you use prek auto-update --check to fail on both available updates and frozen-ref mismatches without rewriting the config.

Examples:

$ prek auto-update
# updates revs and repairs stale `# frozen:` comments
$ prek auto-update --freeze
writes frozen SHAs with matching # frozen: <tag> comments
$ prek auto-update --check
exits non-zero when updates are available, a # frozen: comment is stale,
or a pinned SHA does not belong to the fetched upstream refs

Enhancements

• Check and sync frozen comments during auto-update (#1896)
• Handle impostor commits in auto-update (#1919)
• Add experimental language: dotnet support (#1871)
• Honor repo and worktree core.hooksPath (#1892)
• Add prek run --no-fail-fast to override config file (#1859)
• Add forbid-new-submodules as builtin hook (#1853)
• Clean stale patch files in cache gc (#1877)
• Display auto-update results by config entry (#1922)
• Restrict patch directory permissions (#1876)
• Show tag names in auto-update --freeze output (#1916)
• Use a bitset for hook stages (#1860)

Bug fixes

• Canonicalize CWD and GIT_ROOT paths (#1878)
• Ensure quotes are added for non-string revisions in auto-update (#1936)

Documentation

• Update docs for case of hooks modifying files with a non-zero exit code (#1879)

Contributors

... (truncated)

Commits

• 3a9b9fe Ensure quotes are added for non-string revisions in auto-update (#1936)
• 501d1db Bump version to 0.3.9 (#1934)
• dc98c47 Honor repo and worktree core.hooksPath (#1892)
• 08c1f70 Remove bracket from auto-update project header (#1933)
• 4292fe2 Update pre-commit hook crate-ci/typos to v1.45.0 (#1930)
• adafad0 Update GitHub Actions (#1929)
• f0bf283 Update dependency uv to v0.11.3 (#1928)
• 059f272 Display auto-update results by config entry (#1922)
• 7899b90 Handle --no-lazy-fetch not available
• ff0769a Handle impostor commits in auto-update
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codspeed-hq]

Merging this PR will not alter performance

✅ 20 untouched benchmarks

---

_{Comparing dependabot/uv/prek-0.3.9 (8ae6719) with master (c394156)¹}

Footnotes

1. No successful run was found on master (4fa826c) during the generation of this report, so c394156 was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩

[github-actions]

📝 Docs preview

Last commit 8ae6719 at: https://0ecbd846.fastapitiangolo.pages.dev