Overcommit v0.29.0 Release Notes

  • ๐Ÿ”’ Important Security Fix

    • ๐Ÿ›  Fix vulnerability where disabling signature verification would not be caught by signature verification, allowing an attacker to bypass the check. If you disable signature verification in your configuration, you must rename the option to verify_signatures and should audit your hooks.

    ๐Ÿ†• New Features

    • ๐Ÿ‘ Allow nested arrays in include and exclude options so lists of file glob patterns can be shared across hook configurations via YAML references
    • โž• Add NginxTest pre-commit hook that checks nginx configuration files with nginx -t
    • ๐Ÿ”ง Respect core.commentchar configuration when reading commit messages

    ๐Ÿ”„ Changes

    • ๐Ÿ”Œ Rename verify_plugin_signatures to verify_signatures

    ๐Ÿ› Bug Fixes

    • ๐Ÿ›  Fix Jscs pre-commit hook to handle the new jscs exit codes introduced as of 2.2.0
    • ๐Ÿ›  Fix Scalastyle pre-commit hook to fail with non-zero exit statuses