Overcommit 0.29.1

A bugfix release that addresses a breakage in hook signing.

• Raise error when hooks are defined with invalid names (i.e. non-alphanumeric
  characters)
• Fix hook signing when specifying hook name
• Fix BundleCheck pre-commit hook to not report false negatives when running
  via overcommit --run with local changes

Overcommit 0.29.0

Edit: This release ended up having a different bug related to signing hooks. Please use 0.29.1 or newer (but still read these release notes for details)

This release includes an important security patch relevant for developers who use Overcommit in open source projects. Special thanks to @danuker for responsibly disclosing the issue.

The most notable change with signature verification is that now you'll need to run overcommit --sign if you are running Overcommit for your repo for the very first time, regardless of whether you have it enabled. This means CI runs will need to include overcommit --sign before overcommit --run if you use that feature, since services like Travis create a new git repo for each run.

Security Fix

• Fix vulnerability where disabling signature verification would not be caught
  by signature verification, allowing an attacker to bypass the check. If you
  disable signature verification in your configuration, you must rename the
  option to verify_signatures and should audit your hooks. Make sure to uninstall any version of Overcommit before 0.29.0, otherwise an attacker could simply downgrade your version via the Gemfile to run a vulnerable version

New Features

• Allow nested arrays in include and exclude options so lists of file
  glob patterns can be shared across hook configurations via YAML references
• Add NginxTest pre-commit hook that checks nginx configuration files with
  nginx -t
• Respect core.commentchar configuration when reading commit messages

Changes

• Rename verify_plugin_signatures to verify_signatures

Bug Fixes

• Fix Jscs pre-commit hook to handle the new jscs
  exit codes introduced
  as of 2.2.0
• Fix Scalastyle pre-commit hook to fail with non-zero exit statuses

Overcommit 0.28.0

A major feature for this release is the added support for running Overcommit on Windows. A big thanks to @jawshooah for all the effort to make this happen.

New Features

• Add NpmInstall post-checkout, post-commit, post-merge, and post-rewrite hooks
• Add PuppetLint pre-commit hook that checks Puppet code with
  puppet-lint
• Add BowerInstall post-checkout, post-commit, post-merge, and post-rewrite hooks
• Add BundleInstall post-checkout, post-commit, post-merge, and post-rewrite hooks
• Add Sqlint pre-commit hook that checks SQL code with
  sqlint
• Add Windows support
• Add Hlint pre-commit hook that checks Haskell files with
  hlint
• Add ExecutePermissions pre-commit hook that checks file mode for
  unnecessary execute permissions

Changes

• Ensure applicable_files hook helper returns files in lexicographic order

Overcommit 0.27.0

This large release contains a significant number of new features. Two important ones worth mentioning:

• First class Bundler support: You can now specify the gemfile option in your .overcommit.yml to point to a Gemfile that you want to have Bundler load as the context for your hook runs. This allows you to enforce particular versions or git revisions are used for various gems (including Overcommit itself).
• Adding existing Git hook scripts: You can easily migrate your existing Git hook scripts to work with Overcommit without writing any Ruby code. See the README section on Adding Existing Git Hooks for details.

New Features

• Add HtmlHint pre-commit hook that checks HTML files with
  HTMLHint
• Add support to the hook execute helper for accepting an optional list of
  splittable command arguments for transparently dealing with really long file
  lists and the operating system command length limit
• Add modified_files helper to PostCheckout and PostRewrite hooks
• Add rewritten_commits helper to PostRewrite hooks
• Add gemfile option to configuration file which allows a Gemfile to be
  loaded by Bundler to enforce particular gem versions during hook runs
• Add support for OVERCOMMIT_DEBUG environment variable which toggles the
  display of additional verbose output from executed commands
• Add support for defining
  hooks based on your existing git hooks
  within your .overcommit.yml (no Ruby code required)
• Add support for filtering all hooks except a small list via the ONLY
  environment variable (similar to SKIP except a whitelist instead of
  blacklist)

Changes

• Don't display "No applicable hook-type hooks to run" message unless debug
  mode is enabled

Bug Fixes

• Fix pre-commit hook bug where amending a commit which breaks a symlink would
  result in that symlink not being included in the list of modified files
• Fix CaseConflicts pre-commit hook handling of large sets of files
• Fix SemiStandard/Standard hooks to read from STDOUT instead of STDERR
  and handle new output format
• Fix commit-msg hooks to handle large commit messages auto-generated by the
  --verbose flag for git commit

Overcommit 0.26.0

Includes a pretty crucial fix for a bug where renaming a file as part of a commit amendment would cause pre-commit hooks to crash. Other cool feature to look out for is the new env hook option, which allows you to configure the environment variables you'd like to run your hook with (useful for command line applications that are configurable only via environment variables).

New Features

• Add EmptyMessage commit-msg hook that reports commits messages that are
  empty or contain only whitespace
• Add env hook configuration option that allows you to set values for
  environment variables during the course of a particular hook's run

Bug Fixes

• Fix handling of paths with spaces in the name
• Fix CaseConflicts pre-commit hook to not fail on initial commit
• Fix handling of files removed or renamed in a commit amendment

Overcommit 0.25.0

A relatively small release with a few new hooks and some bug fixes.

One major breaking change to note that will likely affect a large number of users is the renaming of the Rubocop hook to RuboCop, matching the capitalization of the project itself in order to reduce confusion.

New Features

• Add Vint pre-commit hook that checks Vim script with
  Vint
• Add Scalariform pre-commit hook that checks formatting of Scala code with
  Scalariform
• Add SlimLint pre-commit hook that analyzes Slim templates with
  Slim-Lint

Changes

• Include SVG files in ImageOptim, XmlLint, and XmlSyntax pre-commit
  hooks by default
• Make IndexTags hooks quiet by default
• Rename Rubocop pre-commit hook to RuboCop to match the project's proper
  name

Bug Fixes

• Fix HardTabs and TrailingWhitespace pre-commit hooks to include
  line information in errors, making it work as expected when
  problem_on_unmodified_line is set to something other than report
• Fix handling of changing a symlink to a directory on commit amendment so it
  is not included in the list of modified files for pre-commit hooks
• Handle empty commit messages in CapitalizedSubject, SingleLineSubject,
  HardTabs, TextWidth, and TrailingPeriod commit-msg hooks

Overcommit 0.24.0

This marks a major milestone for Overcommit. A host of new types of hooks are now possible and of course new hooks to go with them. A special thanks to @jawshooah for the tremendous amount of work he has put into this release.

A major change from the previous version is that almost all hooks are now opt-in by default. Since Overcommit is starting to get used on a wide variety of projects, having to manually disable all the hooks you don't want to run for every new project was becoming a nuisance, and so it made sense to switch to having to opt-in to (almost) all hooks. This should make the tool more generally useful and easier to get started with.

However, this means developers who are upgrading will have to manually copy the default configuration from 0.23.0 (or whichever version they were running previously) in order to have Overcommit behave the same way as it was previously. It may be worthwhile to manually go through all the hooks yourself rather than copying over, however.

Another major change is the order in which ALL hook configurations are applied. Previously, a hook's configuration was determined by applying the default and repo-specific configuration in the following order:

config/default.yml[ALL] → .overcommit.yml[ALL] → config/default.yml[hook] → .overcommit.yml[hook]

This was a bit unintuitive, as a hook-specific config in the default configuration could override the repo-specific ALL hook configuration. This has been changed so configuration is applied in the following order:

config/default.yml[ALL] → config/default.yml[hook] → .overcommit.yml[ALL] → .overcommit.yml[hook]

See #117 for the full discussion.

New Features

• Add required_library/required_libraries hook option which specifies
  a list of paths a hook should load with Kernel.require before running
• Add JsLint pre-commit hook that checks the style of JavaScript files with
  JSLint
• Add RubyLint pre-commit hook that statically analyzes Ruby files with
  ruby-lint
• Add Jsl pre-commit hook that checks the style of JavaScript files with
  JavaScript Lint
• Add CapitalizedSubject commit message hook
• Add GoVet pre-commit hook that examines Go source files with
  vet
• Add XmlSyntax pre-commit hook to check that XML files are valid
• Add CaseConflicts pre-commit hook which checks for file names in the same
  directory which differ by letter casing
• Preserve existing git hooks in a repository when installing Overcommit hooks,
  and restore them on uninstall
• Add RSpec pre-push hook that runs RSpec tests before
  pushing to remote
• Add ProtectedBranches pre-push hook that prevents destructive pushes
  (deletions or force pushes) to specified branches
• Add SpellCheck commit-msg hook to check commit messages for misspelled words
• Add support for pre-rebase hooks
• Add SubmoduleStatus post-checkout, post-commit, post-merge, and
  post-rewrite hooks that warn when submodules are uninitialized, out of date
  with the current index, or contain merge conflicts

Changes

• Disable ShellCheck pre-commit hook by default
• Switch ImageOptim hook to use executable instead of Ruby API
• Improve CoffeeLint pre-commit hook to differentiate between errors and
  warnings
• Improve GoLint pre-commit hook to extract file and line information
• Change configuration loading behavior to prefer user-defined ALL hook
  configuration over default ALL configuration, and user-defined hook
  configuration over default ALL configuration
• Change hook summary message to mention warnings if there were any
• Disable almost all hooks by default. You will now need to explicitly enable
  almost all hooks yourself in your .overcommit.yml. If you are migrating from
  overcommit 0.23.0 and want to use the default configuration that shipped
  with that version, copy the default configuration from 0.23.0
• Update ScssLint pre-commit hook to properly handle special exit code that
  signals all files were filtered by exclusions (new as of scss-lint 0.36.0)
• Update childprocess dependency to minimum 0.5.6
• Change default value for problem_on_unmodified_line from warn to report
• Update Rubocop pre-commit hook to pass --display-cop-names flag so
  cop names appear in output
• Drop support for returning :good/:bad results from hooks (was deprecated in
  0.15.0)
• Remove PryBinding pre-commit hook since its functionality is provided by the
  Rubocop pre-commit hook

Bug Fixes

• Fix LocalPathsInGemfile to not report lints for commented paths
• Fix CssLint pre-commit hook to ignore blank lines in csslint output
• Fix error instructions typo in BundleCheck pre-commit hook
• Fix bug where stashed changes were not restored when plugin signature
  validation failed
• Don't clear working tree after pre-commit hook when only submodule changes
  are present
• Restore file modification times of unstaged files in addition to staged files
  in pre-commit hook runs