Commit 00abbf4
authored
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4&size=40){kind=avatar}
deps: update dependency jdx/mise to v2026.4.7 (#1363)
> ℹ️ **Note**
>
> This PR body was truncated due to platform limits.
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [jdx/mise](https://redirect.github.com/jdx/mise) | minor | `2026.3.8`
→ `2026.4.7` |
---
### Release Notes
<details>
<summary>jdx/mise (jdx/mise)</summary>
###
[`v2026.4.7`](https://redirect.github.com/jdx/mise/releases/tag/v2026.4.7):
: Native ARM64 Python on Windows
[Compare
Source](https://redirect.github.com/jdx/mise/compare/v2026.4.6...v2026.4.7)
This patch release fixes precompiled Python installation on Windows
ARM64 machines. Previously, mise always downloaded the x86\_64 Python
build on Windows regardless of architecture, which caused failures when
loading native ARM64 libraries. mise now correctly downloads the aarch64
build on Windows ARM64 systems.
##### Fixed
- **Precompiled Python on Windows ARM64** -- On Windows ARM64, mise
unconditionally selected the x86\_64 precompiled Python build, ignoring
the host architecture. This caused runtime errors such as `[WinError
193] %1 is not a valid Win32 application` when loading native ARM64
DLLs. mise now downloads the native `aarch64-pc-windows-msvc` build on
ARM64 Windows while continuing to use x86\_64 on x64 Windows.
[#​8961](https://redirect.github.com/jdx/mise/pull/8961) by
[@​JohanLorenzo](https://redirect.github.com/JohanLorenzo)
##### New Contributors
- [@​JohanLorenzo](https://redirect.github.com/JohanLorenzo) made
their first contribution in
[#​8961](https://redirect.github.com/jdx/mise/pull/8961)
**Full Changelog**:
<https://github.com/jdx/mise/compare/v2026.4.6...v2026.4.7>
###
[`v2026.4.6`](https://redirect.github.com/jdx/mise/releases/tag/v2026.4.6):
: Tera templates in miserc.toml, shim race condition fix, and SPM
self-hosted support
[Compare
Source](https://redirect.github.com/jdx/mise/compare/v2026.4.5...v2026.4.6)
This release adds Tera template support to `.miserc.toml` files for
dynamic early-stage configuration, fixes a race condition during shim
creation that affected multi-backend setups, and improves SPM backend
compatibility with self-hosted GitHub Enterprise and GitLab instances.
Several other bug fixes improve environment variable handling across
tasks, redaction, and the vfox backend.
##### Highlights
- **Tera templates in `.miserc.toml`** -- Use environment variables, XDG
directories, and OS-level functions like `arch()` and `os()` directly in
your `.miserc.toml` configuration, enabling dynamic early-stage settings
such as platform-specific ceiling paths.
- **Shim race condition fixed** -- Multi-backend setups where different
plugins provide overlapping shims no longer intermittently fail during
`mise reshim` or `mise install`.
- **SPM self-hosted instance support** -- The SPM backend now
automatically derives the correct API URL for self-hosted GitHub
Enterprise and GitLab instances from the tool URL.
##### Added
- **Tera template support in `.miserc.toml`** -- `.miserc.toml` files
now support Tera templates with a limited context available during early
initialization: OS environment variables, `config_root`, `cwd`, XDG
directories, and built-in functions/filters. Templates that fail to
render gracefully fall back to raw content.
[#​8867](https://redirect.github.com/jdx/mise/pull/8867) by
[@​richardthe3rd](https://redirect.github.com/richardthe3rd)
```toml
# .miserc.toml
ceiling_paths = ["{{ env.HOME }}"]
ignored_config_paths = ["{{ xdg_config_home }}/mise/shared.toml"]
```
- **`sing-box` added to the built-in registry** -- Install the sing-box
universal proxy platform via `mise use sing-box`.
[#​8944](https://redirect.github.com/jdx/mise/pull/8944) by
[@​tony-sol](https://redirect.github.com/tony-sol)
##### Fixed
- **Shim race condition with overlapping backends** -- When multiple
plugins provide the same shim (e.g., `nodejs` via the default registry
and `asdf:nodejs`), concurrent `make_shim` calls could race on file
removal, producing intermittent "No such file or directory" errors. The
file removal now tolerates already-deleted files.
[#​8947](https://redirect.github.com/jdx/mise/pull/8947) by
[@​brander-john](https://redirect.github.com/brander-john)
- **`mise env --redacted` missing tools-only redactions** -- Env vars
declared with both `tools = true` and `redact = true` were not included
in the redaction filter for `mise env --redacted`. Both the standard and
tools-only redaction sets are now checked.
[#​8956](https://redirect.github.com/jdx/mise/pull/8956) by
[@​jakedgy](https://redirect.github.com/jakedgy)
- **SPM backend API URL for self-hosted instances** -- When using the
SPM backend with a full URL pointing to a self-hosted GitHub Enterprise
or GitLab instance, mise now derives the correct API URL from the host
instead of always falling back to `api.github.com`. Explicit `api_url`
options still take precedence.
[#​8955](https://redirect.github.com/jdx/mise/pull/8955) by
[@​ThomasDutartre](https://redirect.github.com/ThomasDutartre)
- **vfox backend missing dependency env** -- When a vfox backend plugin
declared `depends` on another tool, the dependency's binaries were not
available on PATH during plugin Lua hooks (`BackendListVersions`,
`BackendInstall`, `BackendExecEnv`). Dependency environment is now
properly propagated, matching the behavior of other backends.
[#​8952](https://redirect.github.com/jdx/mise/pull/8952) by
[@​cprecioso](https://redirect.github.com/cprecioso)
- **Task usage Tera templates failing with flags** -- Task `usage` field
defaults using `{{ env.VAR }}` Tera templates would fail with "Variable
not found in context" whenever any flags were passed. The task argument
parser now uses the full computed environment instead of an empty map.
[#​8957](https://redirect.github.com/jdx/mise/pull/8957) by
[@​jdx](https://redirect.github.com/jdx)
- **Clarified attestation settings placement** -- The help messages for
Python and Ruby attestation settings now specify that they must be
placed under `[settings]` in `mise.toml`, not under `[python]` or
`[ruby]` where they are silently ignored.
[#​8939](https://redirect.github.com/jdx/mise/pull/8939) by
[@​fru1tworld](https://redirect.github.com/fru1tworld)
##### New Contributors
- [@​ThomasDutartre](https://redirect.github.com/ThomasDutartre)
made their first contribution in
[#​8955](https://redirect.github.com/jdx/mise/pull/8955)
- [@​jakedgy](https://redirect.github.com/jakedgy) made their
first contribution in
[#​8956](https://redirect.github.com/jdx/mise/pull/8956)
- [@​brander-john](https://redirect.github.com/brander-john) made
their first contribution in
[#​8947](https://redirect.github.com/jdx/mise/pull/8947)
- [@​fru1tworld](https://redirect.github.com/fru1tworld) made
their first contribution in
[#​8939](https://redirect.github.com/jdx/mise/pull/8939)
**Full Changelog**:
<https://github.com/jdx/mise/compare/v2026.4.5...v2026.4.6>
###
[`v2026.4.5`](https://redirect.github.com/jdx/mise/releases/tag/v2026.4.5):
: GitLab and Forgejo token support, env file diagnostics, and shell
fixes
[Compare
Source](https://redirect.github.com/jdx/mise/compare/v2026.4.4...v2026.4.5)
This release extends mise's authentication support to GitLab and Forgejo
backends, surfaces env files in diagnostic commands, and fixes several
bugs in bash shell hooks, Windows tool installation, and PATH handling.
##### Highlights
- **GitLab and Forgejo token support** -- mise now resolves
authentication tokens for GitLab and Forgejo backends using the same
rich priority chain already available for GitHub: env vars, token files,
CLI tool configs (glab/fj), credential commands, and git credential
helpers.
- **Env files in diagnostics** -- `mise config ls` and `mise doctor` now
show env files loaded via `MISE_ENV_FILE` or `_.file` directives, making
it easier to trace where environment variables come from.
- **Bash duplicate trust warning fixed** -- Entering an untrusted
project directory in bash no longer prints the trust warning twice per
`cd`.
##### Added
- **GitLab and Forgejo token resolution** -- The GitLab and Forgejo
backends now support the same multi-source token resolution as GitHub:
environment variables (`MISE_GITLAB_TOKEN`, `MISE_FORGEJO_TOKEN`, etc.),
per-host token files (`gitlab_tokens.toml`, `forgejo_tokens.toml`), CLI
tool integration (glab, fj), `credential_command`, and `git credential
fill`. A new `mise token` command replaces the old `mise github token`
and adds `mise token gitlab` and `mise token forgejo` subcommands for
debugging token resolution.
[#​8868](https://redirect.github.com/jdx/mise/pull/8868) by
[@​roele](https://redirect.github.com/roele)
```sh
mise token github
mise token gitlab --unmask
mise token forgejo forgejo.mycompany.com
```
- **Env files in `config ls` and `doctor`** -- Env files loaded via the
`MISE_ENV_FILE` setting or `_.file` config directives now appear in
`mise config ls` output (with env var keys shown in verbose mode) and in
`mise doctor` output (both text and JSON).
[#​8853](https://redirect.github.com/jdx/mise/pull/8853) by
[@​SamSoldatenko](https://redirect.github.com/SamSoldatenko)
##### Fixed
- **Double `.exe` extension on Windows (aqua backend)** -- When a
package's Windows override URL already includes `.exe`, mise no longer
appends a second `.exe` suffix. This affected 37 aqua registry packages
including `cli/cli`, `kubernetes/kubectl`, `gruntwork-io/terragrunt`,
and `rust-lang/rustup`.
[#​8863](https://redirect.github.com/jdx/mise/pull/8863) by
[@​yusei-wy](https://redirect.github.com/yusei-wy)
- **Duplicate trust warning in bash** -- Entering an untrusted project
directory in bash triggered the trust warning from both the `chpwd` hook
and `PROMPT_COMMAND`, producing a duplicate message. The bash activation
script now coordinates between the two hooks so the warning appears
exactly once.
[#​8920](https://redirect.github.com/jdx/mise/pull/8920) by
[@​timothysparg](https://redirect.github.com/timothysparg)
- **Config root injected into PATH via `_.source`** -- When a sourced
script prepended to `PATH` (e.g., `export PATH="/custom:$PATH"`), an
empty path component could resolve to the config root directory and get
injected into `PATH`. Empty path segments are now filtered out.
[#​8936](https://redirect.github.com/jdx/mise/pull/8936) by
[@​jdx](https://redirect.github.com/jdx)
- **Spurious dependency warnings during install** -- When `mise.toml`
configured both a language runtime and a package from that ecosystem
(e.g., `node` + `npm:prettier`), mise would warn that npm was missing
during version resolution even though node was configured and would be
installed first. The warning is now suppressed when the providing tool
is present in the toolset.
[#​8923](https://redirect.github.com/jdx/mise/pull/8923) by
[@​jdx](https://redirect.github.com/jdx)
##### Changed
- **`mise github token` renamed to `mise token github`** -- The old
`mise github token` command still works but is hidden from help output.
The new `mise token` command group adds `github`, `gitlab`, and
`forgejo` subcommands.
[#​8868](https://redirect.github.com/jdx/mise/pull/8868) by
[@​roele](https://redirect.github.com/roele)
##### New Contributors
- [@​SamSoldatenko](https://redirect.github.com/SamSoldatenko)
made their first contribution in
[#​8853](https://redirect.github.com/jdx/mise/pull/8853)
- [@​yusei-wy](https://redirect.github.com/yusei-wy) made their
first contribution in
[#​8863](https://redirect.github.com/jdx/mise/pull/8863)
- [@​timothysparg](https://redirect.github.com/timothysparg) made
their first contribution in
[#​8920](https://redirect.github.com/jdx/mise/pull/8920)
**Full Changelog**:
<https://github.com/jdx/mise/compare/v2026.4.4...v2026.4.5>
###
[`v2026.4.4`](https://redirect.github.com/jdx/mise/releases/tag/v2026.4.4):
: Tool Dependencies, .NET Runtimes, and Task Argument Forwarding
[Compare
Source](https://redirect.github.com/jdx/mise/compare/v2026.4.3...v2026.4.4)
A feature-packed release that adds user-defined tool dependencies, .NET
runtime-only installs, argument forwarding to task dependencies, and
stronger supply-chain security for lockfiles -- along with a large batch
of bug fixes across multiple backends and shells.
##### Highlights
- **Declare tool dependencies in `mise.toml`** -- A new `depends` field
lets you ensure one tool is fully installed before another starts,
useful for tools with runtime dependencies on each other.
- **Pass arguments through task dependency chains** -- Task dependencies
can now reference the parent task's arguments using `{{usage.*}}`
templates, enabling parameterized build/deploy pipelines.
- **.NET runtime-only installs** -- Install just the .NET runtime (or
ASP.NET Core runtime) without the full SDK using the new `runtime` tool
option.
- **Stronger lockfile provenance verification** -- `mise lock` now
cryptographically verifies provenance for the current platform at lock
time, and a new `locked_verify_provenance` setting enables
re-verification at install time.
##### Added
- **User-specified tool dependencies** -- Declare explicit installation
dependencies between tools in `mise.toml` with a new `depends` field,
ensuring one tool is fully installed before another starts.
[#​8776](https://redirect.github.com/jdx/mise/pull/8776) by
[@​cprecioso](https://redirect.github.com/cprecioso)
```toml
[tools]
erlang = "27"
elixir = { version = "1.18", depends = ["erlang"] }
```
- **.NET runtime-only installs** -- Install .NET runtimes alongside or
instead of SDKs using the `runtime` tool option. Valid values: `dotnet`,
`aspnetcore`, `windowsdesktop`.
[#​8524](https://redirect.github.com/jdx/mise/pull/8524) by
[@​fragon10](https://redirect.github.com/fragon10)
```toml
[tools]
dotnet = ["9", { version = "8.0.14", runtime = "dotnet" }]
```
- **Task dependency argument forwarding** -- Task dependencies can
reference parent task arguments using `{{usage.*}}` templates in
`depends`, `depends_post`, and `wait_for`. Arguments flow through entire
dependency chains.
[#​8893](https://redirect.github.com/jdx/mise/pull/8893) by
[@​jdx](https://redirect.github.com/jdx)
```toml
[tasks.build]
usage = 'arg "<app>"'
run = 'echo "building {{usage.app}}"'
[tasks.deploy]
usage = 'arg "<app>"'
depends = [{ task = "build", args = ["{{usage.app}}"] }]
run = 'echo "deploying {{usage.app}}"'
```
- **`install_before` enforced on transitive npm dependencies** -- The
`install_before` supply-chain cutoff is now forwarded to transitive
dependency resolution using each package manager's native mechanism
(`npm --before`, `bun --minimum-release-age`, `pnpm
--config.minimumReleaseAge`).
[#​8851](https://redirect.github.com/jdx/mise/pull/8851) by
[@​risu729](https://redirect.github.com/risu729)
- **`locked_verify_provenance` setting** -- New setting (also
auto-enabled by `MISE_PARANOID`) that forces cryptographic provenance
re-verification at install time even when the lockfile already has
checksum and provenance data. `mise lock` now also performs full
verification for the current platform at lock time.
[#​8901](https://redirect.github.com/jdx/mise/pull/8901) by
[@​jdx](https://redirect.github.com/jdx)
- **`turso` added to the built-in registry** -- Install the Turso CLI
via `mise use turso`.
[#​8884](https://redirect.github.com/jdx/mise/pull/8884) by
[@​kenn](https://redirect.github.com/kenn)
##### Fixed
- **`--env=VALUE` and `-E=VALUE` flag parsing** -- The equals-sign form
of the environment flag (e.g., `mise --env=production`) was silently
ignored, causing fallback to the default environment. Both `--env=VALUE`
and `--env VALUE` forms now work correctly.
[#​8889](https://redirect.github.com/jdx/mise/pull/8889) by
[@​jdx](https://redirect.github.com/jdx)
- **PEP 440 `.dev` versions filtered in fuzzy matching** -- Versions
like `2026.3.3.162408.dev0` no longer incorrectly satisfy stable version
requests. The version regex now matches `.dev` in addition to `-dev`.
[#​8849](https://redirect.github.com/jdx/mise/pull/8849) by
[@​richardthe3rd](https://redirect.github.com/richardthe3rd)
- **Stale lockfile entries pruned during `mise lock <tool>`** -- Running
`mise lock node` after a version change no longer leaves duplicate
entries for the old and new versions.
[#​8599](https://redirect.github.com/jdx/mise/pull/8599) by
[@​altendky](https://redirect.github.com/altendky)
- **Spurious direnv warning suppressed** -- The `failed to update
DIRENV_DIFF` warning no longer appears when the direnv diff environment
variable is empty.
[#​8857](https://redirect.github.com/jdx/mise/pull/8857) by
[@​yaleman](https://redirect.github.com/yaleman)
- **Duplicate trust warning in zsh** -- Entering an untrusted project
directory in zsh no longer shows the `mise trust` warning twice.
[#​8898](https://redirect.github.com/jdx/mise/pull/8898) by
[@​timothysparg](https://redirect.github.com/timothysparg)
- **Plain `.tool-versions` no longer requires trust for task listing**
-- Files without Tera template syntax (`{{`, `{%`, `{#`) are skipped
during the trust check in `mise task ls`.
[#​8876](https://redirect.github.com/jdx/mise/pull/8876) by
[@​dportalesr](https://redirect.github.com/dportalesr)
- **Tool options preserved with CLI version overrides** -- `filter_bins`
and other tool options are no longer lost when specifying a version via
CLI (e.g., `mise bin-paths tool@version`).
[#​8888](https://redirect.github.com/jdx/mise/pull/8888) by
[@​jdx](https://redirect.github.com/jdx)
- **Alias-specific options respected** -- Tools configured with
`tool_alias` now correctly use the alias-specific `asset_pattern` and
other options instead of inheriting from the original tool.
[#​8892](https://redirect.github.com/jdx/mise/pull/8892) by
[@​jdx](https://redirect.github.com/jdx)
- **Precompiled Python uses lockfile URL** -- Precompiled Python
installs now honor the download URL recorded in `mise.lock` instead of
always recomputing it, fixing reproducibility for locked installs.
[#​8750](https://redirect.github.com/jdx/mise/pull/8750) by
[@​hehaoqian](https://redirect.github.com/hehaoqian)
- **Ruby build revisions in lockfiles** -- Precompiled Ruby binaries
from `jdx/ruby` now support build revision tags (e.g., `3.3.11-1`),
preventing lockfile breakage when binaries are rebuilt with different
checksums.
[#​8900](https://redirect.github.com/jdx/mise/pull/8900) by
[@​jdx](https://redirect.github.com/jdx)
- **Swift installs on unsupported Ubuntu versions** -- Swift installs on
Ubuntu versions newer than 24.04 now fall back to the 24.04 binary
instead of 404ing.
[#​8916](https://redirect.github.com/jdx/mise/pull/8916) by
[@​jdx](https://redirect.github.com/jdx)
##### Changed
- **Go settings renamed to `go.*` namespace** -- All `go_*` settings
(e.g., `go_set_goroot`) have been renamed to the nested `go.*` format
(e.g., `go.set_goroot`) for consistency with other language settings.
The old names are preserved as deprecated aliases.
[#​8598](https://redirect.github.com/jdx/mise/pull/8598) by
[@​jdbruijn](https://redirect.github.com/jdbruijn)
##### Breaking Changes
- **Deprecated settings removed** -- The following settings, deprecated
for 18+ months, have been removed. If you are still using them, switch
to their replacements:
[#​8904](https://redirect.github.com/jdx/mise/pull/8904) by
[@​jdx](https://redirect.github.com/jdx)
- `asdf` -- use `disable_backends` instead
- `vfox` -- use `disable_backends` instead
- `cargo_binstall` -- use `cargo.binstall` instead
- `disable_default_shorthands` -- use `disable_default_registry` instead
- `pipx_uvx` -- use `pipx.uvx` instead
- `python_compile` -- use `python.compile` instead
- `python_default_packages_file` -- use `python.default_packages_file`
instead
- `python_patch_url` -- use `python.patch_url` instead
- `python_patches_directory` -- use `python.patches_directory` instead
- `python_precompiled_arch` -- use `python.precompiled_arch` instead
- `python_precompiled_os` -- use `python.precompiled_os` instead
- `python_pyenv_repo` -- use `python.pyenv_repo` instead
- `python_venv_stdlib` -- use `python.venv_stdlib` instead
##### New Contributors
- [@​cprecioso](https://redirect.github.com/cprecioso) made their
first contribution in
[#​8776](https://redirect.github.com/jdx/mise/pull/8776)
- [@​fragon10](https://redirect.github.com/fragon10) made their
first contribution in
[#​8524](https://redirect.github.com/jdx/mise/pull/8524)
- [@​dportalesr](https://redirect.github.com/dportalesr) made
their first contribution in
[#​8876](https://redirect.github.com/jdx/mise/pull/8876)
- [@​timothysparg](https://redirect.github.com/timothysparg) made
their first contribution in
[#​8898](https://redirect.github.com/jdx/mise/pull/8898)
- [@​hehaoqian](https://redirect.github.com/hehaoqian) made their
first contribution in
[#​8750](https://redirect.github.com/jdx/mise/pull/8750)
- [@​jdbruijn](https://redirect.github.com/jdbruijn) made their
first contribution in
[#​8598](https://redirect.github.com/jdx/mise/pull/8598)
- [@​yaleman](https://redirect.github.com/yaleman) made their
first contribution in
[#​8857](https://redirect.github.com/jdx/mise/pull/8857)
- [@​kenn](https://redirect.github.com/kenn) made their first
contribution in
[#​8884](https://redirect.github.com/jdx/mise/pull/8884)
**Full Changelog**:
<https://github.com/jdx/mise/compare/v2026.4.3...v2026.4.4>
###
[`v2026.4.3`](https://redirect.github.com/jdx/mise/releases/tag/v2026.4.3):
: Fix seccomp build on armv7
[Compare
Source](https://redirect.github.com/jdx/mise/compare/aqua-registry-v2026.4.2...v2026.4.3)
A small patch release that fixes a compile error preventing mise from
building on 32-bit ARM (armv7) targets.
##### Fixed
- **seccomp network filter build on armv7** -- The seccomp sandbox code
that restricts network access during `mise exec` failed to compile on
armv7 targets. The `libc::SYS_socket` and `libc::SYS_socketpair`
constants are `i32` on 32-bit platforms but the rule map expects `i64`
keys, causing a type mismatch. An explicit `as i64` cast fixes the build
while remaining a no-op on 64-bit platforms.
[#​8869](https://redirect.github.com/jdx/mise/pull/8869) by
[@​jdx](https://redirect.github.com/jdx)
**Full Changelog**:
<https://github.com/jdx/mise/compare/v2026.4.2...v2026.4.3>
###
[`v2026.4.2`](https://redirect.github.com/jdx/mise/releases/tag/v2026.4.2):
: Process sandboxing for exec and run
[Compare
Source](https://redirect.github.com/jdx/mise/compare/aqua-registry-v2026.4.1...aqua-registry-v2026.4.2)
> **Note:** This release's build failed so no binary assets were
published. Use v2026.4.3 instead, which includes all changes from this
release plus a build fix.
This release introduces experimental process sandboxing for `mise exec`
and `mise run`, allowing you to restrict filesystem access, network
access, and environment variables for executed processes.
##### Added
- **Process sandboxing for `mise x` and `mise run`** *(experimental)* --
A new lightweight sandboxing layer lets you lock down what processes
spawned by mise can access. On Linux it uses Landlock for filesystem
restrictions and seccomp-bpf for network filtering; on macOS it uses
`sandbox-exec` (Seatbelt) with generated profiles. Requires
`experimental = true` in settings.
[#​8845](https://redirect.github.com/jdx/mise/pull/8845) by
[@​jdx](https://redirect.github.com/jdx)
```bash
# Block all filesystem and network access
mise x --deny-all -- node script.js
# Block network only
mise x --deny-net -- npm run build
# Block writes except to ./dist
mise x --allow-write=./dist -- npm run build
```
Task-level configuration is also supported:
```toml
[tasks.build]
run = "npm run build"
deny_net = true
allow_write = ["./dist"]
```
##### Fixed
- **Docs: correct `RUNTIME.osType` and `RUNTIME.archType` values** --
Fixed inconsistent documentation for runtime template variables and
simplified examples.
[#​8785](https://redirect.github.com/jdx/mise/pull/8785) by
[@​esteve](https://redirect.github.com/esteve)
**Full Changelog**:
<https://github.com/jdx/mise/compare/v2026.4.1...v2026.4.2>
###
[`v2026.4.1`](https://redirect.github.com/jdx/mise/releases/tag/v2026.4.1):
: Per-tool install_before and musl detection fixes
[Compare
Source](https://redirect.github.com/jdx/mise/compare/v2026.4.0...aqua-registry-v2026.4.1)
This release adds per-tool `install_before` overrides for more granular
control over version freshness, fixes musl/glibc detection in minimal
Docker containers, and ensures the `-q` flag works correctly with `mise
prepare`.
#### Added
- **Per-tool `install_before` option** -- You can now set
`install_before` on individual tools to override the global setting.
This is useful when some tools need tighter freshness windows than
others. Precedence is: `--before` CLI flag > per-tool `install_before` >
global `install_before` setting.
[#​8842](https://redirect.github.com/jdx/mise/pull/8842) by
[@​sargunv-headway](https://redirect.github.com/sargunv-headway)
```toml
[settings]
install_before = "7d" # default for all tools
[tools.trivy]
version = "latest"
install_before = "1d" # trivy updates are time-sensitive, use a shorter
window
```
- **Registry: dbt-fusion** -- `dbt-fusion` is now available as a short
name in the mise registry, backed by `aqua:getdbt.com/dbt-fusion`.
[#​8837](https://redirect.github.com/jdx/mise/pull/8837) by
[@​ryan-pip](https://redirect.github.com/ryan-pip)
#### Fixed
- **Musl detection in minimal Docker containers** -- A musl-compiled
mise binary running in a minimal container (scratch, busybox,
distroless) with no `/lib/ld-*` files would incorrectly identify the
platform as glibc, causing it to select the wrong lockfile entries or
tool variants. When no dynamic linker is found at runtime, mise now
falls back to the binary's compile-time target. Additionally, a new
`MISE_LIBC` environment variable (`musl` or `gnu`) allows explicitly
overriding the detection.
[#​8825](https://redirect.github.com/jdx/mise/pull/8825) by
[@​davireis](https://redirect.github.com/davireis)
```dockerfile
ENV MISE_LIBC=musl
RUN mise install
```
- **`mise prepare -q` not suppressing output** -- The `-q` (quiet) flag
was not suppressing status messages in `mise prepare` because they used
`miseprintln!()` which bypasses the logging system. These messages now
use standard logging macros that respect the quiet setting.
[#​8792](https://redirect.github.com/jdx/mise/pull/8792) by
[@​Marukome0743](https://redirect.github.com/Marukome0743)
- **Wrong option in `mise prepare` docs example** -- The
`ansible-galaxy` example in the prepare documentation used `-f` (force)
instead of `-r` (requirements file).
[#​8839](https://redirect.github.com/jdx/mise/pull/8839) by
[@​rndmh3ro](https://redirect.github.com/rndmh3ro)
#### New Contributors
- [@​Marukome0743](https://redirect.github.com/Marukome0743) made
their first contribution in
[#​8792](https://redirect.github.com/jdx/mise/pull/8792)
- [@​sargunv-headway](https://redirect.github.com/sargunv-headway)
made their first contribution in
[#​8842](https://redirect.github.com/jdx/mise/pull/8842)
- [@​Rohan5commit](https://redirect.github.com/Rohan5commit) made
their first contribution in
[#​8844](https://redirect.github.com/jdx/mise/pull/8844)
- [@​ryan-pip](https://redirect.github.com/ryan-pip) made their
first contribution in
[#​8837](https://redirect.github.com/jdx/mise/pull/8837)
- [@​rndmh3ro](https://redirect.github.com/rndmh3ro) made their
first contribution in
[#​8839](https://redirect.github.com/jdx/mise/pull/8839)
**Full Changelog**:
<https://github.com/jdx/mise/compare/v2026.4.0...v2026.4.1>
###
[`v2026.4.0`](https://redirect.github.com/jdx/mise/releases/tag/v2026.4.0):
: Linked version fixes, monorepo task aliases, and Azure Developer CLI
[Compare
Source](https://redirect.github.com/jdx/mise/compare/v2026.3.18...v2026.4.0)
This release fixes a panic when using `mise link` with aqua-backed
tools, resolves bare task alias lookup in monorepo configurations, and
handles a `rustup check` exit code that was incorrectly treated as an
error.
#### Added
- **Registry: azd (Azure Developer CLI)** -- `azd` is now available as a
short name in the mise registry, backed by `aqua:Azure/azure-dev`.
Install with `mise use -g azd@latest`.
[#​8828](https://redirect.github.com/jdx/mise/pull/8828) by
[@​rajeshkamal5050](https://redirect.github.com/rajeshkamal5050)
#### Fixed
- **Panic with linked versions on aqua-backed tools** -- Running `mise
doctor`, `mise reshim`, or any command that calls `list_bin_paths` on an
aqua-backed tool with a linked version (created via `mise link`) would
panic with a `StripPrefixError`. The root cause was that non-version
link names like `"brew"` or `"mylink"` were passed to the aqua registry
as version strings, where they unexpectedly matched semver constraints
and produced absolute paths. Linked versions are now detected early and
skip the aqua registry lookup entirely, returning `install_path/bin`
directly. [#​8801](https://redirect.github.com/jdx/mise/pull/8801)
by [@​nikobockerman](https://redirect.github.com/nikobockerman)
- **`mise outdated` failing for Rust** -- `rustup check` returns exit
code 100 when toolchain updates are available, which is normal behavior.
Previously, mise treated this as a command failure, causing `mise
outdated` to report an error for `core:rust`. The exit code is now
handled correctly.
[#​8832](https://redirect.github.com/jdx/mise/pull/8832) by
[@​shalk](https://redirect.github.com/shalk)
- **Bare task aliases not resolving in monorepo mode** -- In a monorepo
with `config_roots` configured, running `mise run prl` (a bare alias)
would fail with "no task //:prl found", even though `mise run //:prl`
worked. The issue was that `expand_colon_task_syntax` expanded bare
aliases to `//:prl`, but the task loader then skipped config root
discovery entirely. Both bare and prefixed alias forms now resolve
correctly, and tab completion also works for monorepo-prefixed aliases.
[#​8819](https://redirect.github.com/jdx/mise/pull/8819) by
[@​nkakouros](https://redirect.github.com/nkakouros)
- **Task help not shown for metadata-only usage specs** -- When a task
script defined `#USAGE long_about`, `before_help`, `after_help`, or
`examples` without any `arg` or `flag` directives, `mise run task
--help` would show the generic "This task does not accept any arguments"
message instead of the usage-based help with the detailed description.
[#​8824](https://redirect.github.com/jdx/mise/pull/8824) by
[@​nkakouros](https://redirect.github.com/nkakouros)
#### New Contributors
- [@​shalk](https://redirect.github.com/shalk) made their first
contribution in
[#​8832](https://redirect.github.com/jdx/mise/pull/8832)
- [@​jedymatt](https://redirect.github.com/jedymatt) made their
first contribution in
[#​8833](https://redirect.github.com/jdx/mise/pull/8833)
- [@​nikobockerman](https://redirect.github.com/nikobockerman)
made their first contribution in
[#​8801](https://redirect.github.com/jdx/mise/pull/8801)
- [@​rajeshkamal5050](https://redirect.github.com/rajeshkamal5050)
made their first contribution in
[#​8828](https://redirect.github.com/jdx/mise/pull/8828)
**Full Changelog**:
<https://github.com/jdx/mise/compare/v2026.3.18...v2026.4.0>
###
[`v2026.3.18`](https://redirect.github.com/jdx/mise/releases/tag/v2026.3.18):
: Python provenance verification, Go sub-module fixes, and shim
recursion guards
[Compare
Source](https://redirect.github.com/jdx/mise/compare/v2026.3.17...v2026.3.18)
This release adds supply-chain security improvements for Python, fixes
several shim recursion issues that could cause system hangs, and
improves Go backend version resolution for deeply nested sub-modules.
#### Highlights
- **Python provenance verification** -- Precompiled Python binaries from
`astral-sh/python-build-standalone` can now be verified using GitHub
Artifact Attestations, with downgrade protection in lockfiles.
- **Shim recursion guards** -- Two separate infinite-recursion bugs
involving mise shims have been fixed, preventing fork bombs in
devcontainer environments and when using `exec()` templates with
mise-managed tools.
- **Go sub-module support** -- Deeply nested Go sub-modules that return
no versions from `go list -versions` now correctly install with
`@latest` instead of incorrectly resolving to a parent module's version.
#### Added
- **Python GitHub Artifact Attestations** -- Precompiled Python binaries
are now verified against GitHub Artifact Attestations from
`astral-sh/python-build-standalone`, following the same pattern already
used for Ruby. A new `python.github_attestations` setting (env:
`MISE_PYTHON_GITHUB_ATTESTATIONS`) overrides the global
`github_attestations` setting for Python specifically. When enabled,
`mise lock` records `provenance = "github-attestations"` in lockfile
entries, and `mise install` verifies downloaded tarballs. If a lockfile
records provenance but verification is disabled at install time, the
install fails with a downgrade-attack error.
[#​8820](https://redirect.github.com/jdx/mise/pull/8820) by
[@​malept](https://redirect.github.com/malept)
```toml
# settings.toml or mise.toml [settings]
[python]
github_attestations = true # defaults to the global github_attestations
value
```
- **Registry: svgo** -- `svgo` (SVG Optimizer) is now available as
`npm:svgo`.
[#​8817](https://redirect.github.com/jdx/mise/pull/8817) by
[@​3w36zj6](https://redirect.github.com/3w36zj6)
#### Fixed
- **Shim infinite recursion with system shims on PATH** -- When tools
are installed via `mise install --system` (e.g. in Docker/devcontainer
images), a second shims directory is created at
`MISE_SYSTEM_DATA_DIR/shims`. If both the user and system shims
directories were on PATH, invoking a shim for a tool not in any config
file would hang indefinitely. The PATH fallback now skips both shims
directories and rejects any binary that canonicalizes to the mise binary
itself. [#​8816](https://redirect.github.com/jdx/mise/pull/8816)
by [@​andrewthauer](https://redirect.github.com/andrewthauer)
- **Fork bomb from `exec()` templates, credential commands, and git
credentials** -- Three subprocess-spawning code paths inherited mise
shims in PATH. When the subprocess invoked a mise-managed tool (e.g. `gh
auth token` in an `exec()` template or `credential_command`), the shim
re-entered mise, triggering the same subprocess again -- causing
infinite recursion. Observed as load average >1800 on affected systems.
A new shared `path_env_without_shims()` helper now strips the shims
directory from PATH in all three call sites.
[#​8802](https://redirect.github.com/jdx/mise/pull/8802) by
[@​antonioacg](https://redirect.github.com/antonioacg)
- **Go backend `--locked` mode** -- The Go backend was missing a
`supports_lockfile_url() -> false` override, causing `mise install
--locked` to fail for any go-backend tool since their lockfile entries
never contain download URLs.
[#​8790](https://redirect.github.com/jdx/mise/pull/8790) by
[@​palootcenas-outreach](https://redirect.github.com/palootcenas-outreach)
- **Go deeply nested sub-module version resolution** -- `mise ls-remote`
for deeply nested Go sub-modules (e.g.
`github.com/go-kratos/kratos/cmd/kratos/v2`) would incorrectly resolve
to the root module's versions. The version fetching logic now tries the
exact tool path first and treats an empty version list as authoritative,
falling back to `@latest` for installation instead of using a parent
module's version. Results are now cached per module path.
[#​8823](https://redirect.github.com/jdx/mise/pull/8823) by
[@​roele](https://redirect.github.com/roele)
- **Flutter version sorting** -- Fixed version sorting in the Flutter
registry entry by stripping the `-stable` suffix before sorting, and
switched to per-platform URL templates.
[#​8818](https://redirect.github.com/jdx/mise/pull/8818) by
[@​roele](https://redirect.github.com/roele)
#### New Contributors
- [@​antonioacg](https://redirect.github.com/antonioacg) made
their first contribution in
[#​8802](https://redirect.github.com/jdx/mise/pull/8802)
-
[@​palootcenas-outreach](https://redirect.github.com/palootcenas-outreach)
made their first contribution in
[#​8790](https://redirect.github.com/jdx/mise/pull/8790)
**Full Changelog**:
<https://github.com/jdx/mise/compare/v2026.3.17...v2026.3.18>
###
[`v2026.3.17`](https://redirect.github.com/jdx/mise/releases/tag/v2026.3.17):
: Shims always at the front of PATH
[Compare
Source](https://redirect.github.com/jdx/mise/compare/v2026.3.16...v2026.3.17)
A small patch release with a single bug fix for `mise activate --shims`
PATH ordering.
#### Fixed
- **Shims always prepended in `--shims` mode** -- When using `mise
activate --shims`, if the shims directory was already present in `PATH`
(e.g. from a previous activation or a VS Code terminal re-sourcing the
shell config), mise would skip the prepend and leave shims at their
existing position. This meant system binaries earlier in `PATH` could
silently shadow mise-managed tools. Shims are now always moved to the
front. For fish, `MovePrependEnv` is used to reorder without
duplicating; for all other shells, `PrependEnv` is emitted
unconditionally, accepting a harmless duplicate entry in exchange for
guaranteed ordering.
[#​8757](https://redirect.github.com/jdx/mise/pull/8757) by
[@​ctaintor](https://redirect.github.com/ctaintor)
#### New Contributors
- [@​ctaintor](https://redirect.github.com/ctaintor) made their
first contribution in
[#​8757](https://redirect.github.com/jdx/mise/pull/8757)
**Full Changelog**:
<https://github.com/jdx/mise/compare/v2026.3.16...v2026.3.17>
###
[`v2026.3.16`](https://redirect.github.com/jdx/mise/releases/tag/v2026.3.16):
: Fix unnecessary GitHub API calls during locked installs
[Compare
Source](https://redirect.github.com/jdx/mise/compare/v2026.3.15...v2026.3.16)
A small patch release that fixes `mise install --locked` making
unnecessary GitHub Releases API calls even when the lockfile already
contains pre-resolved URLs and checksums.
#### Fixed
- **`mise install --locked` no longer makes unnecessary GitHub API
calls** -- The aqua backend's cosign verification path was
unconditionally downloading checksum files via the GitHub Releases API,
even when cosign was disabled in settings or the package had no cosign
configuration. This caused `mise install --locked` to fail in restricted
network environments despite the lockfile having everything needed to
install offline. The fix checks `settings.aqua.cosign` and whether the
package actually has cosign configured before attempting any download.
[#​8753](https://redirect.github.com/jdx/mise/pull/8753) by
[@​jdx](https://redirect.github.com/jdx)
**Full Changelog**:
<https://github.com/jdx/mise/compare/v2026.3.15...v2026.3.16>
###
[`v2026.3.15`](https://redirect.github.com/jdx/mise/releases/tag/v2026.3.15):
: Custom credential command for GitHub tokens
[Compare
Source](https://redirect.github.com/jdx/mise/compare/v2026.3.14...v2026.3.15)
This release adds a new `github.credential_command` setting that lets
you plug any external secret manager into mise's GitHub token
resolution, and adjusts its priority so it takes precedence over
file-based token sources.
#### Added
- **`github.credential_command` setting for custom token retrieval** --
You can now configure a shell command that mise runs to obtain a GitHub
token, enabling integration with secret managers like 1Password,
HashiCorp Vault, or any custom script. The command is executed via `sh
-c` and receives the hostname as `$1`, so it can return different tokens
for github.com and GitHub Enterprise instances. Results are cached per
host per session.
[#​8746](https://redirect.github.com/jdx/mise/pull/8746) by
[@​jdx](https://redirect.github.com/jdx)
```toml
[settings.github]
credential_command = "op read 'op://Private/GitHub Token/credential'"
```
This can also be set via the `MISE_GITHUB_CREDENTIAL_COMMAND`
environment variable.
#### Changed
- **`credential_command` priority raised above file-based sources** --
Since `credential_command` is an explicit user configuration, it now
takes priority over `github_tokens.toml` and the gh CLI's `hosts.yml`.
Previously it sat at the bottom of the resolution order alongside `git
credential fill`. The `git credential fill` fallback remains as the
lowest-priority option and is no longer blocked when
`credential_command` is set but returns no token.
[#​8748](https://redirect.github.com/jdx/mise/pull/8748) by
[@​jdx](https://redirect.github.com/jdx)
Updated token priority for github.com:
| # | Source |
| - | ---------------------------------------- |
| 1 | `MISE_GITHUB_TOKEN` env var |
| 2 | `GITHUB_API_TOKEN` env var |
| 3 | `GITHUB_TOKEN` env var |
| 4 | `credential_command` (if set) -- **new** |
| 5 | `github_tokens.toml` (per-host) |
| 6 | gh CLI token (from `hosts.yml`) |
| 7 | `git credential fill` (if enabled) |
**Full Changelog**:
<https://github.com/jdx/mise/compare/v2026.3.14...v2026.3.15>
###
[`v2026.3.14`](https://redirect.github.com/jdx/mise/releases/tag/v2026.3.14):
: GitHub token management, macOS shim fix, and Python precompiled flavor
fix
[Compare
Source](https://redirect.github.com/jdx/mise/compare/v2026.3.13...v2026.3.14)
This release introduces a new `mise github token` command and expanded
GitHub token resolution (including a config file and git credential
helper support), fixes a shim detection regression that caused hangs on
macOS, and corrects Python precompiled flavor handling for freethreaded
builds.
##### Highlights
- New `mise github token` command and `github_tokens.toml` config file
for flexible, per-host GitHub token management
- Reverted shim directory check that caused startup hangs on macOS
- Python lockfile generation now respects `precompiled_flavor` when
filtering out freethreaded builds
##### Added
- **`mise github token` command and expanded token resolution** -- Adds
`github_tokens.toml` (`~/.config/mise/github_tokens.toml`) for storing
per-host GitHub tokens that don't interfere with the gh CLI's
`hosts.yml`. Also adds opt-in `git credential fill` integration as a
last-resort fallback for environments where tokens live in system
keyrings (macOS Keychain, Windows Credential Manager, devcontainers).
The new `mise github token [--unmask] [HOST]` command shows which token
mise would use and where it came from, making it easy to debug
authentication issues. Enable git credential support with
`github.use_git_credentials = true` in settings.
[#​8742](https://redirect.github.com/jdx/mise/pull/8742) by
[@​jdx](https://redirect.github.com/jdx)
Updated token priority:
| # | Source |
| - | ------------------------------------------------------------------
|
| 1 | `MISE_GITHUB_ENTERPRISE_TOKEN` env var (non-github.com only) |
| 2 | `MISE_GITHUB_TOKEN` / `GITHUB_API_TOKEN` / `GITHUB_TOKEN` env vars
|
| 3 | `github_tokens.toml` (per-host) -- **new** |
| 4 | gh CLI token (from `hosts.yml`) |
| 5 | `git credential fill` (opt-in) -- **new** |
- **Registry: tart** -- Added
[tart](https://redirect.github.com/cirruslabs/tart) to the registry.
Tart provides macOS and Linux VMs on Apple Silicon using Apple's
Virtualization.framework. Install with `mise install tart`.
[#​8727](https://redirect.github.com/jdx/mise/pull/8727) by
[@​mnm364](https://redirect.github.com/mnm364)
##### Fixed
- **Shim detection reverted to fix macOS hangs** -- A recent change
([`cfcb555`](https://redirect.github.com/jdx/mise/commit/cfcb555))
switched shim detection from checking the binary name to checking if
`argv[0]` exists in the shims directory. This caused mise to hang on
startup for some users because the filesystem check could block on slow
or network filesystems, and could also falsely detect mise itself as a
shim. The simpler binary-name-based check has been restored.
[e1b8ca4](https://redirect.github.com/jdx/mise/commit/e1b8ca4c1378e019a71778d57f2044b5b1073ed9)
by [@​jdx](https://redirect.github.com/jdx)
- **Python precompiled flavor now correctly excludes freethreaded
builds** -- When any `precompiled_flavor` was specified (e.g.
`install_only_stripped`), the freethreaded build exclusion was bypassed,
causing `mise lock` to sometimes pick the freethreaded build
incorrectly. Freethreaded builds are now only included when the
requested flavor specifically includes "freethreaded".
[#​8745](https://redirect.github.com/jdx/mise/pull/8745) by
[@​risu729](https://redirect.github.com/risu729)
- **`cargo install mise` docs now use `--locked`** -- The Cargo install
command in the documentation has been updated to `cargo install --locked
mise`, preventing build failures from dependency version mismatches.
[#​8731](https://redirect.github.com/jdx/mise/pull/8731) by
[@​rtharston](https://redirect.github.com/rtharston)
##### New Contributors
- [@​rtharston](https://redirect.github.com/rtharston) made their
first contribution in
[#​8731](https://redirect.github.com/jdx/mise/pull/8731)
**Full Changelog**:
<https://github.com/jdx/mise/compare/v2026.3.13...v2026.3.14>
###
[`v2026.3.13`](https://redirect.github.com/jdx/mise/releases/tag/v2026.3.13):
: Better hook-env stability, --silent fix, and system install symlinks
[Compare
Source](https://redirect.github.com/jdx/mise/compare/v2026.3.12...v2026.3.13)
A focused bugfix release that significantly improves `hook-env`
stability, fixes the `--silent` flag to actually suppress all mise
output, and resolves broken symlinks when installing tools to
system/shared directories.
#### Fixed
- **hook-env watch\_files tracking and early-exit stability** --
Environment plugins (`MiseEnv` modules) that return `watch_files` now
properly trigger re-evaluation when those files change. Previously,
modifying a watched file (e.g. a secrets config) wouldn't cause mise to
pick up the new values until a config change or directory switch. This
PR also fixes two related stability issues: projects without a
`mise.lock` file could fail to stabilize because the nonexistent
lockfile was unconditionally added to the watch set, and directory mtime
changes could cause repeated slow-path fallbacks.
[#​8716](https://redirect.github.com/jdx/mise/pull/8716) by
[@​rpendleton](https://redirect.github.com/rpendleton)
- **`--silent` flag now fully suppresses mise output** -- The global
`--silent` flag was not being written to `Settings`, so `mise --silent
run foo` would suppress task stdout/stderr but still show mise's own
info/warn messages. Now `--silent` properly sets `quiet=true` in
settings, making it a true superset of `--quiet`: it suppresses both
mise messages and task output.
[#​8720](https://redirect.github.com/jdx/mise/pull/8720) by
[@​nkakouros](https://redirect.github.com/nkakouros)
- **`mise install --system` now creates runtime symlinks correctly** --
When installing tools to system/shared directories with `--system`, the
`latest` and partial-version symlinks (e.g. `18` -> `18.19.0`) were only
being created in the user install directory, leaving the system
directory without proper symlinks. Symlinks are now rebuilt per install
directory based on the versions actually present there, with graceful
handling of permission errors in shared/system locations.
[#​8722](https://redirect.github.com/jdx/mise/pull/8722) by
[@​jdx](https://redirect.github.com/jdx)
#### Added
- **Registry: acli (Atlassian CLI)** -- Added
[acli](https://redirect.github.com/acli) to the registry for interacting
with Atlassian Cloud services (Jira, Confluence, Bitbucket) from the
terminal. Install with `mise install acli`.
[#​8721](https://redirect.github.com/jdx/mise/pull/8721) by
[@​ggoggam](https://redirect.github.com/ggoggam)
#### New Contributors
- [@​rpendleton](https://redirect.github.com/rpendleton) made
their first contribution in
[#​8716](https://redirect.github.com/jdx/mise/pull/8716)
- [@​ggoggam](https://redirect.github.com/ggoggam) made their
first contribution in
[#​8721](https://redirect.github.com/jdx/mise/pull/8721)
**Full Changelog**:
<https://github.com/jdx/mise/compare/v2026.3.12...v2026.3.13>
###
[`v2026.3.12`](https://redirect.github.com/jdx/mise/releases/tag/v2026.3.12):
: Supply chain protection for lockfile upgrades
[Compare
Source](https://redirect.github.com/jdx/mise/compare/v2026.3.11...v2026.3.12)
A small but important release that adds supply chain protection for
lockfile upgrades and fixes zsh completions broken by the usage v3.1.0
update. This release also includes the binary assets that were missing
from v2026.3.11 due to the completions issue.
#### Security
- **Block GitHub tool upgrades when provenance is lost** -- When
upgrading a `github:` backend tool, mise now checks whether the prior
locked version had provenance verification (e.g., GitHub Attestations).
If the new version lacks provenance that the old version had, the
upgrade is blocked with an error indicating a potential supply chain
attack. The old provenance-verified lockfile entry is preserved, and the
error includes both versions for easy investigation. This check applies
to `mise lock`, `mise install`, and `mise use`.
[#​8706](https://redirect.github.com/jdx/mise/pull/8706) by
[@​jdx](https://redirect.github.com/jdx)
Example error:
```
github:example/tool@2.0.0 has no provenance verification on linux-x64,
but github:example/tool@1.5.0 had github-attestations. This could
indicate
a supply chain attack. Verify the release is authentic before
proceeding.
```
#### Fixed
- **Zsh completions updated for usage v3.1.0** -- The prerendered zsh
completion script has been regenerated to match the new output format
from usage v3.1.0, which switched from `_arguments` to `_describe` and
changed quoting behavior. This also fixes the binary build failure that
prevented v2026.3.11 from publishing release assets.
[#​8715](https://redirect.github.com/jdx/mise/pull/8715) by
[@​jdx](https://redirect.github.com/jdx)
**Full Changelog**:
<https://github.com/jdx/mise/compare/v2026.3.11...v2026.3.12>
###
[`v2026.3.11`](https://redirect.github.com/jdx/mise/releases/tag/v2026.3.11)
[Compare
Source](https://redirect.github.com/jdx/mise/compare/v2026.3.10...v2026.3.11)
> **Note:** This release has no binary assets due to a CI failure caused
by a breaking change in [usage
v3.1.0](https://redirect.github.com/jdx/usage/releases/tag/v3.1.0). The
fix is in
[#​8715](https://redirect.github.com/jdx/mise/pull/8715). All
changes below are included in the next release.
This release adds `--skip-tools` for faster task execution, GitHub token
auto-detection from `gh` CLI, optional `args`/`env` fields in task `run`
entries, and fixes across lockfiles, shims, tasks, and environment
handling.
#### Highlights
- **`mise run --skip-tools`** -- Skip tool installation when running
tasks, useful when you know tools are already installed and want faster
execution.
[#​8699](https://redirect.github.com/jdx/mise/pull/8699) by
[@​jdx](https://redirect.github.com/jdx)
- **GitHub token auto-detection from `gh` CLI** -- mise now reads GitHub
tokens from `gh`'s `hosts.yml` config, so authenticated GitHub API
requests work automatically if you're logged in with `gh auth login`.
[#​8692](https://redirect.github.com/jdx/mise/pull/8692) by
[@​jdx](https://redirect.github.com/jdx)
- **Optional `args` and `env` in task `run` entries** -- Task run
entries now support optional `args` and `env` fields for more flexible
task configuration.
[#​8687](https://redirect.github.com/jdx/mise/pull/8687) by
[@​jdx](https://redirect.github.com/jdx)
#### Added
- **`mise run --skip-tools`** -- Skip tool installation when running
tasks. [#​8699](https://redirect.github.com/jdx/mise/pull/8699) by
[@​jdx](https://redirect.github.com/jdx)
- **GitHub token from `gh` CLI** -- Automatically read tokens from `gh`
CLI's `hosts.yml` config.
[#​8692](https://redirect.github.com/jdx/mise/pull/8692) by
[@​jdx](https://redirect.github.com/jdx)
- **Task `run` entries support `args` and `env`** -- Optional fields for
more flexible task definitions.
[#​8687](https://redirect.github.com/jdx/mise/pull/8687) by
[@​jdx](https://redirect.github.com/jdx)
- **vfox: `try_get`, `try_head`, `try_download_file`** -- Non-failing
HTTP methods for Lua plugins.
[#​8697](https://redirect.github.com/jdx/mise/pull/8697) by
[@​jdx](https://redirect.github.com/jdx)
- **New registry tools:**
- [rtk](https://redirect.github.com/rtk-ai/rtk) --
[#​8683](https://redirect.github.com/jdx/mise/pull/8683) by
[@​bricelalu](https://redirect.github.com/bricelalu)
#### Fixed
- **Node: expand tilde in `default_packages_file` path** --
`~/.default-node-packages` now resolves correctly.
[#​8709](https://redirect.github.com/jdx/mise/pull/8709) by
[@​jdx](https://redirect.github.com/jdx)
- **Lockfile: skip global config lockfile by default** -- Global config
no longer generates a lockfile unless explicitly configured.
[#​8707](https://redirect.github.com/jdx/mise/pull/8707) by
[@​jdx](https://redirect.github.com/jdx)
- **Lockfile: respect existing platforms when running `mise lock`** --
Existing platform entries in lockfiles are preserved instead of being
overwritten.
[#​8708](https://redirect.github.com/jdx/mise/pull/8708) by
[@​jdx](https://redirect.github.com/jdx)
- **GitHub: rename correct binary when archive contains multiple
executables** -- Archives with multiple binaries no longer rename the
wrong one.
[#​8700](https://redirect.github.com/jdx/mise/pull/8700) by
[@​jdx](https://redirect.github.com/jdx)
- **Task: include idiomatic version files in monorepo task toolset** --
`.node-version`, `.python-version`, etc. are now picked up in monorepo
task directories.
[#​8702](https://redirect.github.com/jdx/mise/pull/8702) by
[@​jdx](https://redirect.github.com/jdx)
- **Task: strip inline args when validating `run.tasks` references** --
Task references with inline args (e.g. `"build --release"`) no longer
fail validation.
[#​8701](https://redirect.github.com/jdx/mise/pull/8701) by
[@​jdx](https://redirect.github.com/jdx)
- **Task: inherit `task_config.dir` for included TOML and file tasks**
-- Included tasks now correctly inherit the configured working
directory.
[#​8689](https://redirect.github.com/jdx/mise/pull/8689) by
[@​jdx](https://redirect.github.com/jdx)
- **Task: improve error message when task files are not executable** --
Clearer error when a file task lacks execute permission.
[#​8705](https://redirect.github.com/jdx/mise/pull/8705) by
[@​jdx](https://redirect.github.com/jdx)
- **Task: improve usage spec element support** -- Better handling of
usage spec elements in task definitions.
[#​8623](https://redirect.github.com/jdx/mise/pull/8623) by
[@​nkakouros](https://redirect.github.com/nkakouros)
- **Install: skip redundant provenance verification when lockfile has
integrity data** -- Avoids duplicate verification work.
[#​8688](https://redirect.github.com/jdx/mise/pull/8688) by
[@​jdx](https://redirect.github.com/jdx)
- **Install: skip GitHub API calls for aqua tools in `--locked` mode**
-- Locked installs no longer make unnecessary API calls.
[#​8679](https://redirect.github.com/jdx/mise/pull/8679) by
[@​jdx](https://redirect.github.com/jdx)
- **Shim: detect shims by checking shims directory instead of binary
name** -- Fixes edge cases where shim detection failed.
[#​8694](https://redirect.github.com/jdx/mis
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- At any time (no schedule defined)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/hetznercloud/cli).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuMTEwLjIiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>1 parent c4d60b3 commit 00abbf4
3 files changed
+7
-7
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
18 | 18 | | |
19 | 19 | | |
20 | 20 | | |
21 | | - | |
| 21 | + | |
22 | 22 | | |
23 | 23 | | |
24 | 24 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
18 | 18 | | |
19 | 19 | | |
20 | 20 | | |
21 | | - | |
| 21 | + | |
22 | 22 | | |
23 | 23 | | |
24 | 24 | | |
| |||
38 | 38 | | |
39 | 39 | | |
40 | 40 | | |
41 | | - | |
| 41 | + | |
42 | 42 | | |
43 | 43 | | |
44 | 44 | | |
| |||
63 | 63 | | |
64 | 64 | | |
65 | 65 | | |
66 | | - | |
| 66 | + | |
67 | 67 | | |
68 | 68 | | |
69 | 69 | | |
| |||
92 | 92 | | |
93 | 93 | | |
94 | 94 | | |
95 | | - | |
| 95 | + | |
96 | 96 | | |
97 | 97 | | |
98 | 98 | | |
| |||
115 | 115 | | |
116 | 116 | | |
117 | 117 | | |
118 | | - | |
| 118 | + | |
119 | 119 | | |
120 | 120 | | |
121 | 121 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
24 | 24 | | |
25 | 25 | | |
26 | 26 | | |
27 | | - | |
| 27 | + | |
28 | 28 | | |
29 | 29 | | |
30 | 30 | | |
| |||
0 commit comments