chore(deps): bump commit-check from 2.6.1 to 2.7.0

[dependabot]

Bumps commit-check from 2.6.1 to 2.7.0.

Release notes

Sourced from commit-check's releases.

v2.7.0

🎉 Major features and improvements

• feat: block force pushes via pre-push hook by @​shenxianpeng in #412

🚀 New features and improvements

• feat: add 156 common imperative verbs to imperatives list by @​shenxianpeng in #414

📝 Documentation updates

• docs: improve Why Commit Check comparison table by @​shenxianpeng in #413

Full Changelog: commit-check/commit-check@v2.6.1...v2.7.0

Changelog

Sourced from commit-check's changelog.

v2.7.0 (unreleased)

New Features

* **Force push detection and blocking** — Added ``--no-force-push`` CLI flag and
  ``check-no-force-push`` pre-push hook that inspect pushed ref ancestry via
  ``git merge-base --is-ancestor`` to detect and block ``git push --force`` and
  ``git push -f``. A new ``[push]`` TOML config section with
  ``allow_force_push`` (default ``true``) controls the behavior. Environment
  variable ``CCHK_ALLOW_FORCE_PUSH`` is also supported.


validate_push() API — New commit_check.api.validate_push()
function for programmatic push safety checks, matching the --no-force-push
CLI behavior without spawning a subprocess.


Standalone mode — When --no-force-push is run outside a pre-push hook
(no stdin), it checks whether pushing HEAD to its configured upstream
would require force, using git ls-remote and optional git fetch to
resolve the remote commit.


v2.6.0 (2026-04-20)
New Features

• Lower-noise CLI failure output — Added --no-banner to suppress the ASCII art header while preserving detailed errors and suggestions.
• Compact failure mode — Added --compact to print one [FAIL] line per failing check for CI logs and automation-friendly terminal output. This mode also suppresses the banner.

Bug Fixes

* Fixed ``print_error_header`` state handling so repeated validations stay consistent when ``--compact`` is used.
v2.5.0 (2026-04-03)
New Features

• Co-author bypass in ignore_authors — _should_skip_commit_validation() now parses Co-authored-by: trailers in the commit message body. If any co-author name matches ignore_authors, all commit checks are skipped. Useful for AI bots that co-author commits (e.g., coderabbitai[bot]).
• Organization-level config inheritance via inherit_from — New top-level TOML key that loads a parent config from a GitHub shorthand (github:owner/repo:path), a local file path, or an HTTPS URL, then deep-merges it with local settings. HTTP (non-TLS) URLs are rejected to prevent MITM attacks.
• Git config author validation — AuthorValidator now checks git config user.name / user.email first (the identity used for the next commit), falling back to git log if unset. Previously, a misconfigured identity would pass if the last commit had a valid author.

Bug Fixes

</tr></table> 

... (truncated)

Commits

• e44b79a feat: add 156 common imperative verbs to imperatives list (#414)
• 284c6df docs: improve Why Commit Check comparison table (#413)
• 657d391 feat: block force pushes via pre-push hook (#412)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Commit-Check ✔️