Extract pre-commit dependency version from comment in PR description

[AbhishekBhaskar]

What are you trying to accomplish?

Fixes the issue where PR descriptions showed raw commit hashes instead of the version from comments when using frozen SHA format in .pre-commit-config.yaml.

Problem:
When users pin pre-commit hooks using SHA with a version comment:

repos:
  - repo: https://github.com/tofuutils/pre-commit-opentofu
    rev: 04bfdda8eb902a604850282feec57563f388d71e # v2.2.1
    hooks:
      - id: tofu_fmt

The PR description incorrectly displayed:

Bumps `https://github.com/tofuutils/pre-commit-opentofu` from 04bfdda8eb902a604850282feec57563f388d71e to 2.2.2

Instead of the expected:

Bumps `https://github.com/tofuutils/pre-commit-opentofu` from v2.2.1 to 2.2.2

Solution:
Added a registration mechanism for ecosystems to customize how humanized_previous_version is computed, then registered a builder for pre_commit that extracts the version from the comment metadata.

Anything you want to highlight for special attention from reviewers?

Changes:
dependency.rb:

• Added @humanized_previous_version_builders class variable
• Added register_humanized_previous_version_builder and humanized_previous_version_builder_for_package_manager class methods
• Refactored humanized_previous_version to check for a registered builder before falling back to default behavior

pre_commit.rb:

• Registered a humanized_previous_version_builder that extracts versions from comments using COMMENT_VERSION_PATTERN

How will you know you've accomplished your goal?

If the PR description correctly shows the extracted version from comment.

Checklist

• I have run the complete test suite to ensure all tests and linters pass.
• I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
• I have written clear and descriptive commit messages.
• I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
• I have ensured that the code is well-documented and easy to understand.

[Copilot]

Pull request overview

This PR adds an extension point in Dependabot::Dependency to let ecosystems customize how humanized_previous_version is rendered, and uses it in the pre_commit ecosystem to display comment-pinned versions (e.g., # v2.2.1) instead of raw SHAs in PR descriptions.

Changes:

• Add a per-ecosystem registration mechanism for humanized_previous_version formatting in Dependabot::Dependency.
• Register a pre_commit builder that extracts a version from the rev: comment.
• Add specs covering the new registration behavior and the pre_commit extraction behavior.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
common/lib/dependabot/dependency.rb	Adds builder registry + refactors humanized_previous_version into default/custom paths.
common/spec/dependabot/dependency_spec.rb	Adds unit tests for builder registration and fallback behavior.
pre_commit/lib/dependabot/pre_commit.rb	Registers the pre_commit humanized-previous-version builder using comment parsing.
pre_commit/spec/dependabot/pre_commit_spec.rb	Adds pre_commit-focused specs for extracting version from comment metadata.
.rubocop_todo.yml	Adds a new Metrics/ClassLength exclusion for Dependency.

[Copilot]

Adding common/lib/dependabot/dependency.rb to the global RuboCop todo exclusions (Metrics/ClassLength) increases long-term lint debt. Since the class-length increase here is driven by the new humanized_previous_version refactor, it would be better to adjust the implementation (e.g., keep the existing logic inline, or extract functionality into a separate helper/module) so the file remains compliant without extending .rubocop_todo.yml exclusions.

[kbukum1]

Looks good to me except the suggestion made https://github.com/dependabot/dependabot-core/pull/14403/changes#r2908144625. If you consider that it will be great.

Just was thinking: Not that important

I also was thinking if we can make it similar to other registrations like version class that has default but any package manager can extend and register themself and anywhere it can be used. But after thinking it may be hard to commonize things and properly provide required parameters. 

[AbhishekBhaskar]

Looks good to me except the suggestion made https://github.com/dependabot/dependabot-core/pull/14403/changes#r2908144625. If you consider that it will be great.

Just was thinking: Not that important

I also was thinking if we can make it similar to other registrations like version class that has default but any package manager can extend and register themself and anywhere it can be used. But after thinking it may be hard to commonize things and properly provide required parameters. 

@kbukum1 the new functionality added in the Dependency class is tightly coupled to it and extracting it to a separate module requires significant refactoring of how humanized_previous_version accesses instance methods like previous_ref, ref_changed?, previous_version, etc. Similar large files have also been added to the .rubocop_todo.yml's exclusion list.

[kbukum1]

LGTM