Supported here:
https://guides.rubygems.org/specification-reference/#metadata Useful for
running https://github.com/MaximeD/gem_updater

The original array was defining the shellwords like this:
`["git", "commit", "-m", "\"Resolve", "conflicts\"", "-i", "some-file"]`

This combined with the most recent git version failed with:
```
error: pathspec 'conflicts"' did not match any file(s) known to git
```

This PR just simplifies the commit message to work with the %w array
literal.

While installing overcommit git hooks i noticed that tildes are not
expanded to home folders for the `hooksPath` config, the result was a
tilde folder in the current directory.

This PR addresses that by switching `File.absolute_path` to
`File.expand_path`. The [underlaying
implementation](https://github.com/ruby/ruby/blob/v3_3_4/file.c#L3753)
in Ruby is exactly the same just with this difference in how `~` is
handled.

---------

Co-authored-by: Shane da Silva <shane@dasilva.io>

A `ReDoS vulnerability in REXML` has been identified in versions <3.3.9

Details in GitHub:
 - GHSA-2rxp-v6pw-ch6m

This is a small bump to the latest patched version. This should resolve
anybody getting the following `bundle audit` error when using
overcommit:

```
Name: rexml
Version: 3.3.8
CVE: CVE-2024-49761
GHSA: GHSA-2rxp-v6pw-ch6m
Criticality: High
URL: GHSA-2rxp-v6pw-ch6m
Title: REXML ReDoS vulnerability
Solution: update to '>= 3.3.9'
```

Fixes sds#789

`psych` is no longer a default gem, but current and old ruby still ships
with it. When we `require 'yaml'`, we activate that gem in whatever
version that is bundled with ruby. Later on, we load bundler, and we
`Bundler.setup`, which will then activate whatever version specified in
the lock file. More often than not, they might not match.

The approach in this PR is to strip the `yaml` dependency completely
from the hook scripts, while retaining the ability to configure the
Gemfile using it.

…#860)

For example, running `overcommit --diff main` from a feature branch will
run pre-commit hooks against the diff between the two branches.

I was able to very easily leverage existing code for the bulk of the
feature - this is mainly just adding the cli option, a hook context to
do the execution and some tests based on the existing `--run-all` test.

---

For background, my team is responsible for a couple of really old,
really large rails apps. Getting them completely in compliance with our
various linters is a huge task that isn't getting done anytime soon
(things are funky to the point that we've even observed breakages with
"safe" auto-correct functions).

I introduced/started heavily encouraging overcommit so that we at least
don't add _new_ linting offenses and things will naturally improve over
time. It's been great, but offenses still slip through though here and
there, especially with juniors who might be getting away with not having
a local install (and/or abusing `OVERCOMMIT_DISABLE=1`).

An option like this would allow me to leverage the very useful "only
apply to changed lines" logic within a ci environment and help enforce
my desired "no new linting offenses" policy.

Setting `gemfile: false` in `.overcommit.yml` is supposed to disable
Bundler. However, a recently-introduced bug causes `false` to be
interpreted as the name of the gemfile. Bundler looks for a gemfile
named "false", which fails, leading overcommit's hooks to crash.

This PR fixes the bug by adjusting the regex used to parse the
`gemfile:` line in the config. Now, `false` is no longer interpreted as
a gemfile name.

I added an integration test to verify the fix.

Fixes sds#862

…t.yml (sds#865)

Related to sds#863 and [this
comment](sds#862 (comment)):

> Having a similar problem since we had this line in our
`.overcommit.yml`:
> 
> ```yaml
> gemfile: Gemfile # enforce bundled version of overcommit
> ```
>
> And now overcommit doesn't strip out the inline comment, resulting in
this weird looking error message:
>
> ```
> Problem loading 'Gemfile # enforce bundled version of overcommit':
/path/to/project/Gemfile # enforce bundled version of overcommit not
found
> ```

I think adding support for comments in the `gemfile:` regexp is likely
overkill and may still not be enough when the next person tries to use
yet another YAML feature in that line, but perhaps this little warning
would help someone else avoid tripping.

Running `overcommit` with the `--diff` flag results in errors for
version `0.67.0`.

```sh
bundle exec overcommit --diff HEAD
```

It results on the following:

```ruby
Running pre-commit hooks
Check for case-insensitivity conflicts................[CaseConflicts] FAILED
Hook raised unexpected error
uninitialized constant Overcommit::Hook::PreCommit::CaseConflicts::Set

      repo_files = Set.new(applicable_files)
                   ^^^
.bundle/ruby/3.1.0/gems/overcommit-0.67.0/lib/overcommit/hook/pre_commit/case_conflicts.rb:8:in `run'
.bundle/ruby/3.1.0/gems/overcommit-0.67.0/lib/overcommit/hook/base.rb:47:in `block in run_and_transform'
.bundle/ruby/3.1.0/gems/overcommit-0.67.0/lib/overcommit/utils.rb:260:in `with_environment'
.bundle/ruby/3.1.0/gems/overcommit-0.67.0/lib/overcommit/hook/base.rb:47:in `run_and_transform'
.bundle/ruby/3.1.0/gems/overcommit-0.67.0/lib/overcommit/hook_runner.rb:162:in `run_hook'
.bundle/ruby/3.1.0/gems/overcommit-0.67.0/lib/overcommit/hook_runner.rb:98:in `block in consume'
.bundle/ruby/3.1.0/gems/overcommit-0.67.0/lib/overcommit/hook_runner.rb:94:in `loop'
.bundle/ruby/3.1.0/gems/overcommit-0.67.0/lib/overcommit/hook_runner.rb:94:in `consume'
Analyze with RuboCop........................................[RuboCop] FAILED
Hook raised unexpected error
uninitialized constant Overcommit::GitRepo::Set

      lines = Set.new
              ^^^
.bundle/ruby/3.1.0/gems/overcommit-0.67.0/lib/overcommit/git_repo.rb:69:in `extract_modified_lines'
.bundle/ruby/3.1.0/gems/overcommit-0.67.0/lib/overcommit/hook_context/diff.rb:17:in `modified_lines_in_file'
/nix/store/0sj7d3r1kf95f27028j93j0sx3v6p1kw-ruby-3.1.6/lib/ruby/3.1.0/forwardable.rb:238:in `modified_lines_in_file'
.bundle/ruby/3.1.0/gems/overcommit-0.67.0/lib/overcommit/message_processor.rb:145:in `message_on_modified_line?'
.bundle/ruby/3.1.0/gems/overcommit-0.67.0/lib/overcommit/message_processor.rb:138:in `block in remove_ignored_messages'
.bundle/ruby/3.1.0/gems/overcommit-0.67.0/lib/overcommit/message_processor.rb:138:in `select'
.bundle/ruby/3.1.0/gems/overcommit-0.67.0/lib/overcommit/message_processor.rb:138:in `remove_ignored_messages'
.bundle/ruby/3.1.0/gems/overcommit-0.67.0/lib/overcommit/message_processor.rb:45:in `handle_modified_lines'
.bundle/ruby/3.1.0/gems/overcommit-0.67.0/lib/overcommit/message_processor.rb:39:in `hook_result'
.bundle/ruby/3.1.0/gems/overcommit-0.67.0/lib/overcommit/hook/base.rb:263:in `process_hook_return_value'
.bundle/ruby/3.1.0/gems/overcommit-0.67.0/lib/overcommit/hook/base.rb:48:in `run_and_transform'
.bundle/ruby/3.1.0/gems/overcommit-0.67.0/lib/overcommit/hook_runner.rb:162:in `run_hook'
.bundle/ruby/3.1.0/gems/overcommit-0.67.0/lib/overcommit/hook_runner.rb:98:in `block in consume'
.bundle/ruby/3.1.0/gems/overcommit-0.67.0/lib/overcommit/hook_runner.rb:94:in `loop'
.bundle/ruby/3.1.0/gems/overcommit-0.67.0/lib/overcommit/hook_runner.rb:94:in `consume'

✗ One or more pre-commit hooks failed
```

The problems are fixed once `set` is required in the context that the
sub command is run.

`run_all.rb` also requires `set` where the module is
[defined](https://github.com/sds/overcommit/blob/main/lib/overcommit/hook_context/run_all.rb#L3).