fix(deps): update dependency jdx/mise to v2026.5.0

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Update	Change	Pending
jdx/mise	minor	2026.4.11 → 2026.5.0	2026.5.5 (+4)

---

Release Notes

jdx/mise (jdx/mise)

v2026.5.0

Compare Source

🚀 Features

• (conda) graduate conda backend out of experimental by @​jdx in #​9544
• (deps) Add dart and flutter providers by @​tjarvstrand in #​9505
• (registry) add neo4j by @​mnm364 in #​9525
• (registry) add rustfs by @​mnm364 in #​9530
• (task) support exclusion patterns in task sources by @​jlarmstrongiv in #​9496
• (vfox) add stat function to lua file module by @​esteve in #​9497

🐛 Bug Fixes

• (backend) flag regex prerelease versions by @​jdx in #​9500
• (backend) mark -nightly/-canary/-experimental as prereleases by @​jdx in #​9523
• (backend) suppress no-versions warning for unresolved-latest backends by @​jdx in #​9548
• (backend) include dotnet prereleases from package flags by @​jdx in #​9551
• (backend) scope PEP 440 prerelease detection to Python backends by @​jdx in #​9558
• (cargo) Apply install_env during cargo install by @​c22 in #​9502
• (copr) drop epel-9 chroots since rust >= 1.91 is unavailable by @​jdx in #​9484
• (github) skip attestations on non-default api_url by @​jdx in #​9486
• (github) retry ip allow list errors without auth by @​risu729 in #​9506
• (http) update versions host tracking endpoint by @​jdx in #​9527
• (install) don't warn for configured tools when version is passed via CLI by @​jdx in #​9522
• (install) refresh latest before installing missing tools by @​jdx in #​9545
• (install) don't cache nonexistent install paths by @​jdx in #​9553
• (lockfile) don't propagate ad-hoc CLI overrides into the project lockfile by @​jdx in #​9562
• (plugin) detect plugin types after cloning by @​risu729 in #​9540
• (release) pass --no-git-checks to aube publish by @​jdx in #​9483
• (task) convert PATH to MSYS Unix form when spawning POSIX shells on Windows by @​JamBalaya56562 in #​9547

📚 Documentation

• (contributing) require popularity check for registry PRs by @​jdx in 7bbeebe
• (watch) update pitchfork domain to en.dev by @​risu729 in #​9536
• document ghtkn GitHub token setup by @​jdx in #​9546
• clarify registry backend acceptance policy by @​jdx in #​9543
• Change exec command to use bash for variable echo by @​kuboon in #​9567

🧪 Testing

• (e2e) run test-tool targets in parallel by @​jdx in #​9564
• (e2e) run tests in parallel by @​jdx in #​9563
• (e2e) bind-mount /tmp on disk and surface failed tests in CI summary by @​jdx in #​9570
• (tasks) migrate test_task_help atask to usage field by @​jdx in #​9549

📦️ Dependency Updates

• update fedora:45 docker digest to 8b838b3 by @​renovate[bot] in #​9507
• update ghcr.io/jdx/mise:deb docker digest to f02194c by @​renovate[bot] in #​9509
• update taiki-e/install-action digest to 7769b73 by @​renovate[bot] in #​9512
• update ghcr.io/jdx/mise:alpine docker digest to 581f8a8 by @​renovate[bot] in #​9508
• update rust crate ctor to v0.10.1 by @​renovate[bot] in #​9515
• update ghcr.io/jdx/mise:rpm docker digest to a5c9655 by @​renovate[bot] in #​9510
• update rust docker digest to a9cfb75 by @​renovate[bot] in #​9511
• update rust crate age to v0.11.3 by @​renovate[bot] in #​9514
• update rust crate jiff to v0.2.24 by @​renovate[bot] in #​9516
• update dependency vitepress-plugin-tabs to ^0.9.0 by @​renovate[bot] in #​9518
• update autofix-ci/action action to v1.3.4 by @​renovate[bot] in #​9513
• update rust crate usage-lib to v3.2.1 by @​renovate[bot] in #​9517
• update apple-actions/import-codesign-certs action to v7 by @​renovate[bot] in #​9519
• update taiki-e/install-action digest to 51cd0b8 by @​renovate[bot] in #​9531
• exclude taiki-e/install-action from renovate by @​jdx in #​9532
• update rust crate blake3 to v1.8.5 by @​renovate[bot] in #​9533

📦 Registry

• enable shellcheck on windows by @​zeitlinger in #​9487
• add google-java-format by @​zeitlinger in #​9488
• add expert (aqua:expert-lsp/expert) by @​AlternateRT in #​9498
• update entry for checkmake by @​eread in #​9504
• add systemctl-tui (aqua:rgwood/systemctl-tui) by @​2xdevv in #​9521
• add codon by @​3w36zj6 in #​9538
• add tool yr (backend:github:VirusTotal/yara-x) by @​adam-moss in #​9542
• add tool betterleaks (backend:aqua/betterleaks/betterleaks) by @​adam-moss in #​9541
• add git-filter-repo by @​garysassano in #​9550
• add umoci (aqua:opencontainers/umoci) by @​2xdevv in #​9555
• add aqua backend for elixir-ls by @​AlternateRT in #​9557
• deny inline backend options by @​risu729 in #​9565

Chore

• (ci) fail registry tests without summary by @​jdx in #​9559
• (ci) use !cancelled() instead of always() for test-ci aggregator by @​jdx in #​9569
• (ci) use namespace runners for ci jobs by @​jdx in #​9561
• (config) deprecate shorthands_file setting by @​risu729 in #​9534
• (docs) remove shrill.en.dev analytics script by @​jdx in #​9539
• (release) replace bc with awk in release-plz star formatting by @​jdx in d7f177f
• bump hk to 1.44.3 by @​jdx in #​9493
• invert CLAUDE.md/AGENTS.md so AGENTS.md is canonical by @​jdx in #​9560
• set dev profile debug to 1 by @​jdx in #​9572

New Contributors

• @​kuboon made their first contribution in #​9567
• @​AlternateRT made their first contribution in #​9557
• @​2xdevv made their first contribution in #​9555
• @​adam-moss made their first contribution in #​9541
• @​jlarmstrongiv made their first contribution in #​9496
• @​tjarvstrand made their first contribution in #​9505

v2026.4.28

Compare Source

🐛 Bug Fixes

• (copr) remove stale pinned image digest and rebuild copr image on Dockerfile changes by @​bestagi in #​9451
• (task) avoid gix panic when cloning a remote task by commit SHA by @​jdx in #​9473

v2026.4.27

Compare Source

🚀 Features

• (backend) add npm package-manager install options by @​risu729 in #​9109
• (release) list aqua package additions/updates in changelog by @​jdx in #​9471
• Make config_root available to environment plugins for relative path resolution by @​hisaac in #​9465
• watch sources of dependencies by @​43081j in #​9437

🐛 Bug Fixes

• (backend) Don't cache empty version lists by @​c22 in #​9444
• (shims) compare PATH entries case-insensitively on macOS by @​jdx in #​9468
• (task) preserve essential env vars under deny_env on Linux by @​jdx in #​9467

Chore

• (ci) make vendored-file-warning a failing check by @​jdx in #​9469

New Contributors

• @​43081j made their first contribution in #​9437
• @​hisaac made their first contribution in #​9465

📦 Aqua Registry Updates

New Packages (7)

• IohannRabeson/tmignore-rs
• endevco/pitchfork
• google/google-java-format
• jonwiggins/xmloxide
• matthart1983/netwatch
• solarwinds/swo-cli
• versity/versitygw

Updated Packages (5)

• WebAssembly/wabt
• bmf-san/ggc
• lycheeverse/lychee
• pnpm/pnpm
• tstack/lnav

v2026.4.25

Compare Source

🚀 Features

• (task) add --name-only flag to mise tasks ls by @​jdx in #​9435

🐛 Bug Fixes

• (Dockerfile) install copr-cli via dnf for better dependency management by @​bestagi in #​9421
• (aqua) drop empty-releases fallback to tags by @​jdx in #​9443
• (docs) fix theme flicker on docs by @​vhespanha in #​9427
• (lockfile) update global lockfile on upgrade by @​jdx in #​9442
• (ls-remote) omit rolling/prerelease from JSON when false by @​jdx in #​9439
• (task) support usage refs in dependency template tags by @​jdx in #​9424
• (task) populate usage.cmd for subcommand-only tasks; share make_usage_ctx by @​jdx in #​9431
• (task) resolve sandbox allow_read/allow_write against task dir by @​jdx in #​9428

📚 Documentation

• (site) add self-hosted page tracker via Cloudflare Worker, drop GoatCounter by @​jdx in #​9430

New Contributors

• @​vhespanha made their first contribution in #​9427

v2026.4.24

Compare Source

🚀 Features

• (ls-remote) add prereleases setting and --prerelease flag by @​jdx in #​9415

🐛 Bug Fixes

• (http) retry transient HTTP failures with backoff and warn on rescue by @​jdx in #​9414
• (release) purge mise.en.dev CDN zone after each S3 publish by @​jdx in #​9416

📚 Documentation

• prefix GitHub star count with ★ glyph by @​jdx in #​9417
• update intro messaging by @​jdx in #​9418

v2026.4.23

Compare Source

🚀 Features

• (backend) add global libc preference by @​jdx in #​9404
• opt-in to pre-release versions for github and aqua backends by @​jakedgy in #​9329

🐛 Bug Fixes

• (backend) allow unresolved latest opt-in by @​jdx in #​9401
• (install) stop rewriting healthy runtime symlinks by @​jdx in #​9410
• (node) route musl tarball URLs to unofficial-builds by @​jdx in #​9409
• (prune) skip remote version resolution for tracked configs by @​jdx in #​9406
• (schema) allow array values in tool additionalProperties by @​JP-Ellis in #​9400

📦️ Dependency Updates

• bump communique to 1.1.2 by @​jdx in #​9402

📦 Registry

• use aqua for rumdl by @​scop in #​9397

Chore

• (ci) improve pr-closer workflow by @​jdx in #​9403
• (docs) switch canonical domain to mise.en.dev by @​jdx in #​9411
• (release) stop appending sponsor blurb when communique succeeds by @​jdx in #​9395

New Contributors

• @​JP-Ellis made their first contribution in #​9400

v2026.4.22

Compare Source

🚀 Features

• (copr) add Fedora 44 & Rawhide support by @​bestagi in #​9391

🐛 Bug Fixes

• (backend) repair latest runtime labels and go resolution by @​jdx in #​9383
• (task) label deps output by provider by @​jdx in #​9385

🚜 Refactor

• (config) rename install_before setting by @​jdx in #​9384

📚 Documentation

• (site) show release version in nav by @​jdx in #​9388
• (site) address release nav feedback by @​jdx in #​9389

🧪 Testing

• (config) pin tombi schema test version by @​jdx in #​9386

📦 Aqua Registry

Updated aqua-registry: v4.498.0 -> v4.499.0.

Included aqua-registry releases:

• v4.499.0

v2026.4.21

Compare Source

🚀 Features

• (registry) add --security flag to include security info in JSON output by @​jdx in #​9364

🐛 Bug Fixes

• (config) limit resolved backend opts to aliases by @​risu729 in #​9315
• (docs) stack banner message and link on mobile by @​jdx in #​9362
• (github) prefer shortest asset name as tiebreaker in auto-detection by @​jdx in #​9361
• (java) newer zulu versions use a different directory structure by @​roele in #​9365
• (prune) respect tracked lockfiles by @​jdx in #​9373
• (task) skip tool install for missing naked tasks by @​jdx in #​9374
• (trust) add untrust command by @​jdx in #​9370
• fix - flux-operator-mcp aqua path by @​monotek in #​9357

📚 Documentation

• update ruby compile msg by @​fladson in #​9338

📦️ Dependency Updates

• update ubuntu docker tag to v26 by @​renovate[bot] in #​9347
• update ghcr.io/jdx/mise:deb docker digest to 1af5a69 by @​renovate[bot] in #​9352
• update taiki-e/install-action digest to 787505c by @​renovate[bot] in #​9354
• update ghcr.io/jdx/mise:rpm docker digest to 7015ff3 by @​renovate[bot] in #​9353
• update ghcr.io/jdx/mise:copr docker digest to da63a0f by @​renovate[bot] in #​9351
• update ghcr.io/jdx/mise:alpine docker digest to 461700f by @​renovate[bot] in #​9350
• bump communique 1.0.3 → 1.0.4 by @​jdx in #​9378

📦 Registry

• remove openshift-install by @​jdx in #​9372
• remove go-sdk by @​jdx in #​9371

Chore

• (npm-publish) use aube publish instead of npm publish by @​jdx in #​9328

New Contributors

• @​fladson made their first contribution in #​9338

v2026.4.20

Compare Source

🐛 Bug Fixes

• (config) resolve relative path: tool versions against config root by @​jdx in #​9320
• (lock) resolve @​latest and prune poisoned lockfile entries by @​jdx in #​9321
• fix - be able to work with regex in attestation check by @​monotek in #​9327

🚜 Refactor

• (aqua) bake aqua registry from merged yaml by @​risu729 in #​9043

📚 Documentation

• add cross-site announcement banner by @​jdx in #​9326
• keep banner height in sync via ResizeObserver by @​jdx in #​9330
• respect banner expires field by @​jdx in #​9334

📦️ Dependency Updates

• bump communique to 1.0.2 by @​jdx in #​9313
• bump communique to 1.0.3 by @​jdx in #​9332
• update actions/setup-node digest to 48b55a0 by @​renovate[bot] in #​9339
• update ghcr.io/jdx/mise:alpine docker digest to a92efa5 by @​renovate[bot] in #​9340
• update ghcr.io/jdx/mise:rpm docker digest to 5c24f69 by @​renovate[bot] in #​9343
• update rust docker digest to e4f09e8 by @​renovate[bot] in #​9345
• update rui314/setup-mold digest to 9c9c13b by @​renovate[bot] in #​9344
• update ghcr.io/jdx/mise:deb docker digest to a3afe3e by @​renovate[bot] in #​9342
• update ghcr.io/jdx/mise:copr docker digest to 4098d5a by @​renovate[bot] in #​9341
• update taiki-e/install-action digest to 74e87cb by @​renovate[bot] in #​9346

Chore

• (ci) remove cargo-vendor install from ppa publish by @​jdx in #​9312
• (release) publish snap to stable channel by @​jdx in #​9318
• remove FUNDING.yml in favor of jdx/.github default by @​jdx in #​9331

📦 Aqua Registry

Updated aqua-registry: v4.492.0 -> v4.498.0.

Included aqua-registry releases:

• v4.493.0
• v4.494.0
• v4.494.1
• v4.495.0
• v4.496.0
• v4.497.0
• v4.498.0

v2026.4.19

Compare Source

🚀 Features

• (backend) support aqua vars templates by @​risu729 in #​9110
• (oci) build OCI images from mise.toml with per-tool layers by @​jdx in #​9273
• add gsudo (Sudo for Windows) to registry by @​matracey in #​9281

🐛 Bug Fixes

• (backend) stop fuzzy requests installing literal dirs by @​AsgardMuninn in #​9276
• (backend) use full token chain for all sigstore attestation calls by @​cameronbrill in #​9307
• (backend) use remote version cache offline by @​risu729 in #​9304
• (cli) retrieve token from github helper for self-update command by @​sushichan044 in #​9259
• (cli) suppress error output after interactive cancel by @​jdx in #​9294
• (conda) avoid temp file collisions during parallel package downloads by @​salim-b in #​9293
• (github) scope auth headers to API URLs by @​risu729 in #​9271
• (go) treat empty GOPROXY as default by @​jdx in #​9310
• (vfox) use github token for lua http requests by @​jdx in #​9257
• (vfox) avoid auth on release asset downloads by @​jdx in #​9299
• (vfox) scope github auth to API URLs only by @​jdx in #​9309

🚜 Refactor

• (core) centralize install_before resolution by @​risu729 in #​9286
• (deps) store deps state under $MISE_STATE_DIR by @​jdx in #​9301

📚 Documentation

• add aube hero banner by @​jdx in #​9265
• add en.dev footer by @​jdx in #​9267
• implement landing page design by @​jdx in #​9266

📦️ Dependency Updates

• lock file maintenance by @​renovate[bot] in #​9268
• bump msrv for aws smithy updates by @​jdx in #​9295
• bump sigstore-verification to 0.2.7 by @​jdx in #​9302

📦 Registry

• add llama.cpp (github:ggml-org/llama.cpp) by @​igor-makarov in #​9282
• add kiro-cli by @​shalk in #​9274
• add flux-operator & flux-operator-mcp by @​monotek in #​8852

Chore

• (ci) increase autofix timeout by @​jdx in #​9296
• (ci) stop release-plz from saving build cache by @​jdx in #​9297
• (ci) stop lint from saving build cache by @​jdx in #​9298
• (ci) restore lint as Linux build cache writer by @​jdx in #​9305
• (release) add en.dev sponsor blurb to release notes by @​jdx in #​9272
• bump communique to 1.0.1 by @​jdx in #​9264

New Contributors

• @​AsgardMuninn made their first contribution in #​9276
• @​monotek made their first contribution in #​8852
• @​igor-makarov made their first contribution in #​9282

📦 Aqua Registry Updates

New Packages (3)

• controlplaneio-fluxcd/flux-operator/flux-operator-mcp
• endevco/aube
• ricoberger/grafana-kubernetes-plugin

Updated Packages (3)

• controlplaneio-fluxcd/flux-operator
• go-delve/delve
• graelo/pumas

v2026.4.18

Compare Source

🚀 Features

• (latest) add --before flag to mise latest by @​risu729 in #​9168
• (npm) add aube package manager support by @​jdx in #​9256
• (spm) add filter_bins option to restrict built executables by @​jdx in #​9253
• (vfox) support plugin-declared dependencies via metadata.lua by @​ahemon in #​9051
• rename mise prepare to mise deps and add package management by @​jdx in #​9056

🐛 Bug Fixes

• (backend) skip versions host for direct-source backends by @​jdx in #​9245
• (github) route artifact attestation verification to custom api_url by @​jdx in #​9254
• (lockfile) use unique temp file for atomic save to avoid concurrent rename race by @​jdx in #​9250
• (log) drop noisy third-party debug/trace logs by @​jdx in #​9248
• (progress) disable animated clx output in ci by @​jdx in #​9249
• (use) honor --quiet and --silent flags by @​jdx in #​9251
• (vfox) opt backend plugins out of --locked URL check by @​jdx in #​9252

📦 Registry

• add aqua backend for bitwarden-secrets-manager by @​msuzoagu in #​9255

New Contributors

• @​ahemon made their first contribution in #​9051
• @​msuzoagu made their first contribution in #​9255

v2026.4.17

Compare Source

🐛 Bug Fixes

• (backend) respect install_before in latest lookup by @​risu729 in #​9193
• (backend) route explicit latest through stable lookup by @​risu729 in #​9228
• (backends) deprecate b shorthand by @​risu729 in #​9234
• (config) warn for deprecated env keys by @​risu729 in #​9205
• (config) treat enable_tools empty as disable-all by @​risu729 in #​9108
• (github) avoid auth on release asset downloads by @​risu729 in #​9060
• (gitlab) warn when glab OAuth2 token is expired by @​stanhu in #​9195
• (npm) honor install_before without day drift by @​risu729 in #​9157
• (npm) warn on old bun and pnpm for install_before by @​risu729 in #​9232
• (pipx) honor install_before for uv and pipx installs by @​risu729 in #​9190
• (registry) allow shfmt on Windows by @​zeitlinger in #​9191

🚜 Refactor

• (backend) remove unused rolling release helper by @​risu729 in #​9175
• (backend) use file util for removals by @​risu729 in #​9206

📚 Documentation

• (config) clarify always_keep_download behavior by @​risu729 in #​9235
• (configuration) add rust to idiomatic version files by @​jjt in #​9233
• (contributing) expand contribution guide introduction by @​marianwolf in #​9208
• (github) document multiple release assets workaround by @​risu729 in #​9236

📦️ Dependency Updates

• update actions/setup-node action to v6 by @​renovate[bot] in #​9183
• update dependency @​types/node to v25 by @​renovate[bot] in #​9187
• update crazy-max/ghaction-import-gpg action to v7 by @​renovate[bot] in #​9186
• update actions/cache action to v5 by @​renovate[bot] in #​9181
• update amannn/action-semantic-pull-request action to v6 by @​renovate[bot] in #​9184
• update apple-actions/import-codesign-certs action to v6 by @​renovate[bot] in #​9185
• update dependency eslint to v10 by @​renovate[bot] in #​9200
• update dependency toml to v4 by @​renovate[bot] in #​9201
• update rust crate reqwest to 0.13 by @​renovate[bot] in #​9171
• update ghcr.io/jdx/mise:deb docker digest to 523d826 by @​renovate[bot] in #​9198
• update ghcr.io/jdx/mise:alpine docker digest to 05617e0 by @​renovate[bot] in #​9196
• update ghcr.io/jdx/mise:rpm docker digest to c1992f9 by @​renovate[bot] in #​9199
• update ghcr.io/jdx/mise:copr docker digest to 90db6cd by @​renovate[bot] in #​9197
• update taiki-e/install-action digest to 58e8625 by @​renovate[bot] in #​9209
• update fedora docker tag to v45 by @​renovate[bot] in #​9213
• update docker/setup-buildx-action action to v4 by @​renovate[bot] in #​9212
• update docker/metadata-action action to v6 by @​renovate[bot] in #​9211
• update docker/login-action action to v4 by @​renovate[bot] in #​9210
• update dependency typescript to v6 by @​renovate[bot] in #​9202
• update docker/build-push-action action to v7 by @​renovate[bot] in #​9203
• update github artifact actions (major) by @​renovate[bot] in #​9215
• update rust crate duct to v1 by @​renovate[bot] in #​9220
• update rust crate demand to v2 by @​renovate[bot] in #​9219
• update rust crate clx to v2 by @​renovate[bot] in #​9218
• update nick-fields/retry action to v4 by @​renovate[bot] in #​9217
• update jdx/mise-action action to v4 by @​renovate[bot] in #​9216
• update rust crate self_update to 0.44 by @​renovate[bot] in #​9174
• migrate eslint config to flat format for v10 compat by @​jdx in #​9222
• update actions/checkout action to v6 by @​renovate[bot] in #​9182
• update rust crate toml to v1 by @​renovate[bot] in #​9225
• update rust crate versions to v7 by @​renovate[bot] in #​9226
• update rust crate which to v8 by @​renovate[bot] in #​9227
• update rust crate rmcp to v1 by @​renovate[bot] in #​9221

📦 Registry

• add sheldon by @​3w36zj6 in #​9104
• add pocketbase by @​ranfdev in #​9123
• add worktrunk ([aqua:max-sixty/worktrunk, cargo:worktrunk](https://github.com/max-sixty/worktrunk, cargo:worktrunk))#​1 by @​edouardr in #​8796
• add dependency-check (aqua:dependency-check/DependencyCheck) by @​kapitoshka438 in #​9204
• add janet by @​ranfdev in #​9241

New Contributors

• @​ranfdev made their first contribution in #​9241
• @​jjt made their first contribution in #​9233
• @​marianwolf made their first contribution in #​9208
• @​edouardr made their first contribution in #​8796

📦 Aqua Registry Updates

New Packages (3)

• LargeModGames/spotatui
• android-sms-gateway/cli
• velero-io/velero

Updated Packages (1)

• skim-rs/skim

v2026.4.16

Compare Source

🚀 Features

• (registry) add .perl-version support for perl by @​ergofriend in #​9102
• (task) add Tera template support for inline table run tasks by @​iamkroot in #​9079

🐛 Bug Fixes

• (env) use runtime symlink paths for fuzzy versions by @​jdx in #​9143
• (github) use full token resolution chain for attestation verification by @​jdx in #​9154
• (go) Remove install-time version override for subpath packages by @​c22 in #​9135
• (npm) respect install_before when resolving dist-tag versions by @​webkaz in [#​9145](https://redirect.github.com/jdx/mis

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday (* 0-4,22-23 * * 1-5)
  • Only on Sunday and Saturday (* * * * 0,6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

Version Update: mise v2026.4.11 → v2026.5.0 (minor version update)

Major Changes:

• Conda backend graduated from experimental status
• New Dart and Flutter dependency providers added
• Task sources now support exclusion patterns (! prefix and sources_exclude field)
• Enhanced prerelease version detection (treats -nightly, -canary, -experimental, -insider, -edge as prereleases)

Breaking Changes:

• None identified - This is a minor version update with backward compatibility maintained
• One deprecation notice (does not affect this project): shorthands_file setting will show warnings starting in v2026.6.0 and be removed in v2026.12.0

Security & Bug Fixes:

• Fixed backend prerelease detection and version resolution
• Improved installation reliability (don't cache nonexistent paths, refresh latest before installing)
• Fixed lockfile handling to prevent CLI override propagation
• Windows PATH conversion fix for POSIX shells
• Plugin detection improvements
• GitHub attestation and API handling fixes

Registry Additions:

• 9 new tools added to mise registry (neo4j, rustfs, codon, etc.)
• ShellCheck enabled on Windows

🎯 Impact Scope Investigation

Usage Analysis:

1. Dockerfile (Primary Impact)

   • Uses mise binary download: mise-v${MISE_VERSION}-linux-${ARCH}
   • Commands used: mise use -g <tool>@<version> and mise settings ruby.compile=false
   • Release v2026.5.0 is available and verified (HTTP 302 redirect to valid asset)

2. GitHub Actions CI

   • Uses jdx/mise-action@v4.0.1 (pinned commit hash)
   • The GitHub Action is independent of the mise binary version used in Docker

3. mise.toml Configuration

   • Defines tool versions for development (Go, Node, Ruby, Rust, Python, golangci-lint, lefthook, hadolint)
   • Uses standard tool specifications and aqua backend
   • No deprecated settings used (e.g., no shorthands_file)

Compatibility Check:

• ✅ mise use -g command: Stable, no changes
• ✅ mise settings command: Stable, no changes
• ✅ Ruby compile=false setting: Still supported
• ✅ Aqua backend: Enhanced but backward compatible
• ✅ Binary download URL pattern: Unchanged

Dependency Impact:

• No breaking changes in mise's interaction with managed tools (Node, Ruby, Go, Python, Rust)
• The fix mentioned in project CHANGELOG (commit 4ebd58f: "update mise to v2026.4.11 to fix Python freethreaded build selection bug") is already included in v2026.4.11, and v2026.5.0 contains additional Python backend improvements

💡 Recommended Actions

Immediate Actions:

1. ✅ Safe to merge - This PR can be merged without code modifications
2. The update includes bug fixes and enhancements that improve reliability

Post-Merge Verification:

1. Monitor Docker build success in CI/CD pipeline
2. Verify all runtime installations complete successfully (Node, Ruby, Go, Python, Rust)
3. Run E2E tests to confirm sandbox behavior remains stable

Optional Enhancements:

• Consider testing the new prerelease handling if your project ever needs to use nightly/canary builds
• The improved lockfile handling and installation caching fixes may improve build performance

🔗 Reference Links

• mise v2026.5.0 Release Notes
• Full CHANGELOG
• Binary Download URL (Verified: ✅)
• mise Documentation
• Deprecation Notice (shorthands_file - not used in this project)

Generated by koki-develop/claude-renovate-review