deps: update dependency jdx/mise to v2026.4.4

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Update	Change
jdx/mise	minor	2026.3.8 → 2026.4.4

---

Release Notes

jdx/mise (jdx/mise)

v2026.4.4: : Tool Dependencies, .NET Runtimes, and Task Argument Forwarding

Compare Source

A feature-packed release that adds user-defined tool dependencies, .NET runtime-only installs, argument forwarding to task dependencies, and stronger supply-chain security for lockfiles -- along with a large batch of bug fixes across multiple backends and shells.

Highlights

• Declare tool dependencies in mise.toml -- A new depends field lets you ensure one tool is fully installed before another starts, useful for tools with runtime dependencies on each other.
• Pass arguments through task dependency chains -- Task dependencies can now reference the parent task's arguments using {{usage.*}} templates, enabling parameterized build/deploy pipelines.
• .NET runtime-only installs -- Install just the .NET runtime (or ASP.NET Core runtime) without the full SDK using the new runtime tool option.
• Stronger lockfile provenance verification -- mise lock now cryptographically verifies provenance for the current platform at lock time, and a new locked_verify_provenance setting enables re-verification at install time.

Added

• User-specified tool dependencies -- Declare explicit installation dependencies between tools in mise.toml with a new depends field, ensuring one tool is fully installed before another starts. #​8776 by @​cprecioso

  [tools]
  erlang = "27"
  elixir = { version = "1.18", depends = ["erlang"] }

• .NET runtime-only installs -- Install .NET runtimes alongside or instead of SDKs using the runtime tool option. Valid values: dotnet, aspnetcore, windowsdesktop. #​8524 by @​fragon10

  [tools]
  dotnet = ["9", { version = "8.0.14", runtime = "dotnet" }]

• Task dependency argument forwarding -- Task dependencies can reference parent task arguments using {{usage.*}} templates in depends, depends_post, and wait_for. Arguments flow through entire dependency chains. #​8893 by @​jdx

  [tasks.build]
  usage = 'arg "<app>"'
  run = 'echo "building {{usage.app}}"'
  
  [tasks.deploy]
  usage = 'arg "<app>"'
  depends = [{ task = "build", args = ["{{usage.app}}"] }]
  run = 'echo "deploying {{usage.app}}"'

• install_before enforced on transitive npm dependencies -- The install_before supply-chain cutoff is now forwarded to transitive dependency resolution using each package manager's native mechanism (npm --before, bun --minimum-release-age, pnpm --config.minimumReleaseAge). #​8851 by @​risu729

• locked_verify_provenance setting -- New setting (also auto-enabled by MISE_PARANOID) that forces cryptographic provenance re-verification at install time even when the lockfile already has checksum and provenance data. mise lock now also performs full verification for the current platform at lock time. #​8901 by @​jdx

• turso added to the built-in registry -- Install the Turso CLI via mise use turso. #​8884 by @​kenn

Fixed

• --env=VALUE and -E=VALUE flag parsing -- The equals-sign form of the environment flag (e.g., mise --env=production) was silently ignored, causing fallback to the default environment. Both --env=VALUE and --env VALUE forms now work correctly. #​8889 by @​jdx
• PEP 440 .dev versions filtered in fuzzy matching -- Versions like 2026.3.3.162408.dev0 no longer incorrectly satisfy stable version requests. The version regex now matches .dev in addition to -dev. #​8849 by @​richardthe3rd
• Stale lockfile entries pruned during mise lock <tool> -- Running mise lock node after a version change no longer leaves duplicate entries for the old and new versions. #​8599 by @​altendky
• Spurious direnv warning suppressed -- The failed to update DIRENV_DIFF warning no longer appears when the direnv diff environment variable is empty. #​8857 by @​yaleman
• Duplicate trust warning in zsh -- Entering an untrusted project directory in zsh no longer shows the mise trust warning twice. #​8898 by @​timothysparg
• Plain .tool-versions no longer requires trust for task listing -- Files without Tera template syntax ({{, {%, {#) are skipped during the trust check in mise task ls. #​8876 by @​dportalesr
• Tool options preserved with CLI version overrides -- filter_bins and other tool options are no longer lost when specifying a version via CLI (e.g., mise bin-paths tool@version). #​8888 by @​jdx
• Alias-specific options respected -- Tools configured with tool_alias now correctly use the alias-specific asset_pattern and other options instead of inheriting from the original tool. #​8892 by @​jdx
• Precompiled Python uses lockfile URL -- Precompiled Python installs now honor the download URL recorded in mise.lock instead of always recomputing it, fixing reproducibility for locked installs. #​8750 by @​hehaoqian
• Ruby build revisions in lockfiles -- Precompiled Ruby binaries from jdx/ruby now support build revision tags (e.g., 3.3.11-1), preventing lockfile breakage when binaries are rebuilt with different checksums. #​8900 by @​jdx
• Swift installs on unsupported Ubuntu versions -- Swift installs on Ubuntu versions newer than 24.04 now fall back to the 24.04 binary instead of 404ing. #​8916 by @​jdx

Changed

• Go settings renamed to go.* namespace -- All go_* settings (e.g., go_set_goroot) have been renamed to the nested go.* format (e.g., go.set_goroot) for consistency with other language settings. The old names are preserved as deprecated aliases. #​8598 by @​jdbruijn

Breaking Changes

• Deprecated settings removed -- The following settings, deprecated for 18+ months, have been removed. If you are still using them, switch to their replacements: #​8904 by @​jdx
  • asdf -- use disable_backends instead
  • vfox -- use disable_backends instead
  • cargo_binstall -- use cargo.binstall instead
  • disable_default_shorthands -- use disable_default_registry instead
  • pipx_uvx -- use pipx.uvx instead
  • python_compile -- use python.compile instead
  • python_default_packages_file -- use python.default_packages_file instead
  • python_patch_url -- use python.patch_url instead
  • python_patches_directory -- use python.patches_directory instead
  • python_precompiled_arch -- use python.precompiled_arch instead
  • python_precompiled_os -- use python.precompiled_os instead
  • python_pyenv_repo -- use python.pyenv_repo instead
  • python_venv_stdlib -- use python.venv_stdlib instead

New Contributors

• @​cprecioso made their first contribution in #​8776
• @​fragon10 made their first contribution in #​8524
• @​dportalesr made their first contribution in #​8876
• @​timothysparg made their first contribution in #​8898
• @​hehaoqian made their first contribution in #​8750
• @​jdbruijn made their first contribution in #​8598
• @​yaleman made their first contribution in #​8857
• @​kenn made their first contribution in #​8884

Full Changelog: jdx/mise@v2026.4.3...v2026.4.4

v2026.4.3: : Fix seccomp build on armv7

Compare Source

A small patch release that fixes a compile error preventing mise from building on 32-bit ARM (armv7) targets.

Fixed

• seccomp network filter build on armv7 -- The seccomp sandbox code that restricts network access during mise exec failed to compile on armv7 targets. The libc::SYS_socket and libc::SYS_socketpair constants are i32 on 32-bit platforms but the rule map expects i64 keys, causing a type mismatch. An explicit as i64 cast fixes the build while remaining a no-op on 64-bit platforms. #​8869 by @​jdx

Full Changelog: jdx/mise@v2026.4.2...v2026.4.3

v2026.4.2: : Process sandboxing for exec and run

Compare Source

Note: This release's build failed so no binary assets were published. Use v2026.4.3 instead, which includes all changes from this release plus a build fix.

This release introduces experimental process sandboxing for mise exec and mise run, allowing you to restrict filesystem access, network access, and environment variables for executed processes.

Added

• Process sandboxing for mise x and mise run (experimental) -- A new lightweight sandboxing layer lets you lock down what processes spawned by mise can access. On Linux it uses Landlock for filesystem restrictions and seccomp-bpf for network filtering; on macOS it uses sandbox-exec (Seatbelt) with generated profiles. Requires experimental = true in settings. #​8845 by @​jdx

  # Block all filesystem and network access
  mise x --deny-all -- node script.js
  
  # Block network only
  mise x --deny-net -- npm run build
  
  # Block writes except to ./dist
  mise x --allow-write=./dist -- npm run build

  Task-level configuration is also supported:

  [tasks.build]
  run = "npm run build"
  deny_net = true
  allow_write = ["./dist"]

Fixed

• Docs: correct RUNTIME.osType and RUNTIME.archType values -- Fixed inconsistent documentation for runtime template variables and simplified examples. #​8785 by @​esteve

Full Changelog: jdx/mise@v2026.4.1...v2026.4.2

v2026.4.1: : Per-tool install_before and musl detection fixes

Compare Source

This release adds per-tool install_before overrides for more granular control over version freshness, fixes musl/glibc detection in minimal Docker containers, and ensures the -q flag works correctly with mise prepare.

Added

• Per-tool install_before option -- You can now set install_before on individual tools to override the global setting. This is useful when some tools need tighter freshness windows than others. Precedence is: --before CLI flag > per-tool install_before > global install_before setting. #​8842 by @​sargunv-headway

  [settings]
  install_before = "7d"  # default for all tools
  
  [tools.trivy]
  version = "latest"
  install_before = "1d"  # trivy updates are time-sensitive, use a shorter window

• Registry: dbt-fusion -- dbt-fusion is now available as a short name in the mise registry, backed by aqua:getdbt.com/dbt-fusion. #​8837 by @​ryan-pip

Fixed

• Musl detection in minimal Docker containers -- A musl-compiled mise binary running in a minimal container (scratch, busybox, distroless) with no /lib/ld-* files would incorrectly identify the platform as glibc, causing it to select the wrong lockfile entries or tool variants. When no dynamic linker is found at runtime, mise now falls back to the binary's compile-time target. Additionally, a new MISE_LIBC environment variable (musl or gnu) allows explicitly overriding the detection. #​8825 by @​davireis

  ENV MISE_LIBC=musl
  RUN mise install

• mise prepare -q not suppressing output -- The -q (quiet) flag was not suppressing status messages in mise prepare because they used miseprintln!() which bypasses the logging system. These messages now use standard logging macros that respect the quiet setting. #​8792 by @​Marukome0743

• Wrong option in mise prepare docs example -- The ansible-galaxy example in the prepare documentation used -f (force) instead of -r (requirements file). #​8839 by @​rndmh3ro

New Contributors

• @​Marukome0743 made their first contribution in #​8792
• @​sargunv-headway made their first contribution in #​8842
• @​Rohan5commit made their first contribution in #​8844
• @​ryan-pip made their first contribution in #​8837
• @​rndmh3ro made their first contribution in #​8839

Full Changelog: jdx/mise@v2026.4.0...v2026.4.1

v2026.4.0: : Linked version fixes, monorepo task aliases, and Azure Developer CLI

Compare Source

This release fixes a panic when using mise link with aqua-backed tools, resolves bare task alias lookup in monorepo configurations, and handles a rustup check exit code that was incorrectly treated as an error.

Added

• Registry: azd (Azure Developer CLI) -- azd is now available as a short name in the mise registry, backed by aqua:Azure/azure-dev. Install with mise use -g azd@latest. #​8828 by @​rajeshkamal5050

Fixed

• Panic with linked versions on aqua-backed tools -- Running mise doctor, mise reshim, or any command that calls list_bin_paths on an aqua-backed tool with a linked version (created via mise link) would panic with a StripPrefixError. The root cause was that non-version link names like "brew" or "mylink" were passed to the aqua registry as version strings, where they unexpectedly matched semver constraints and produced absolute paths. Linked versions are now detected early and skip the aqua registry lookup entirely, returning install_path/bin directly. #​8801 by @​nikobockerman

• mise outdated failing for Rust -- rustup check returns exit code 100 when toolchain updates are available, which is normal behavior. Previously, mise treated this as a command failure, causing mise outdated to report an error for core:rust. The exit code is now handled correctly. #​8832 by @​shalk

• Bare task aliases not resolving in monorepo mode -- In a monorepo with config_roots configured, running mise run prl (a bare alias) would fail with "no task //:prl found", even though mise run //:prl worked. The issue was that expand_colon_task_syntax expanded bare aliases to //:prl, but the task loader then skipped config root discovery entirely. Both bare and prefixed alias forms now resolve correctly, and tab completion also works for monorepo-prefixed aliases. #​8819 by @​nkakouros

• Task help not shown for metadata-only usage specs -- When a task script defined #USAGE long_about, before_help, after_help, or examples without any arg or flag directives, mise run task --help would show the generic "This task does not accept any arguments" message instead of the usage-based help with the detailed description. #​8824 by @​nkakouros

New Contributors

• @​shalk made their first contribution in #​8832
• @​jedymatt made their first contribution in #​8833
• @​nikobockerman made their first contribution in #​8801
• @​rajeshkamal5050 made their first contribution in #​8828

Full Changelog: jdx/mise@v2026.3.18...v2026.4.0

v2026.3.18: : Python provenance verification, Go sub-module fixes, and shim recursion guards

Compare Source

This release adds supply-chain security improvements for Python, fixes several shim recursion issues that could cause system hangs, and improves Go backend version resolution for deeply nested sub-modules.

Highlights

• Python provenance verification -- Precompiled Python binaries from astral-sh/python-build-standalone can now be verified using GitHub Artifact Attestations, with downgrade protection in lockfiles.
• Shim recursion guards -- Two separate infinite-recursion bugs involving mise shims have been fixed, preventing fork bombs in devcontainer environments and when using exec() templates with mise-managed tools.
• Go sub-module support -- Deeply nested Go sub-modules that return no versions from go list -versions now correctly install with @latest instead of incorrectly resolving to a parent module's version.

Added

• Python GitHub Artifact Attestations -- Precompiled Python binaries are now verified against GitHub Artifact Attestations from astral-sh/python-build-standalone, following the same pattern already used for Ruby. A new python.github_attestations setting (env: MISE_PYTHON_GITHUB_ATTESTATIONS) overrides the global github_attestations setting for Python specifically. When enabled, mise lock records provenance = "github-attestations" in lockfile entries, and mise install verifies downloaded tarballs. If a lockfile records provenance but verification is disabled at install time, the install fails with a downgrade-attack error. #​8820 by @​malept

  # settings.toml or mise.toml [settings]
  [python]
  github_attestations = true  # defaults to the global github_attestations value

• Registry: svgo -- svgo (SVG Optimizer) is now available as npm:svgo. #​8817 by @​3w36zj6

Fixed

• Shim infinite recursion with system shims on PATH -- When tools are installed via mise install --system (e.g. in Docker/devcontainer images), a second shims directory is created at MISE_SYSTEM_DATA_DIR/shims. If both the user and system shims directories were on PATH, invoking a shim for a tool not in any config file would hang indefinitely. The PATH fallback now skips both shims directories and rejects any binary that canonicalizes to the mise binary itself. #​8816 by @​andrewthauer

• Fork bomb from exec() templates, credential commands, and git credentials -- Three subprocess-spawning code paths inherited mise shims in PATH. When the subprocess invoked a mise-managed tool (e.g. gh auth token in an exec() template or credential_command), the shim re-entered mise, triggering the same subprocess again -- causing infinite recursion. Observed as load average >1800 on affected systems. A new shared path_env_without_shims() helper now strips the shims directory from PATH in all three call sites. #​8802 by @​antonioacg

• Go backend --locked mode -- The Go backend was missing a supports_lockfile_url() -> false override, causing mise install --locked to fail for any go-backend tool since their lockfile entries never contain download URLs. #​8790 by @​palootcenas-outreach

• Go deeply nested sub-module version resolution -- mise ls-remote for deeply nested Go sub-modules (e.g. github.com/go-kratos/kratos/cmd/kratos/v2) would incorrectly resolve to the root module's versions. The version fetching logic now tries the exact tool path first and treats an empty version list as authoritative, falling back to @latest for installation instead of using a parent module's version. Results are now cached per module path. #​8823 by @​roele

• Flutter version sorting -- Fixed version sorting in the Flutter registry entry by stripping the -stable suffix before sorting, and switched to per-platform URL templates. #​8818 by @​roele

New Contributors

• @​antonioacg made their first contribution in #​8802
• @​palootcenas-outreach made their first contribution in #​8790

Full Changelog: jdx/mise@v2026.3.17...v2026.3.18

v2026.3.17: : Shims always at the front of PATH

Compare Source

A small patch release with a single bug fix for mise activate --shims PATH ordering.

Fixed

• Shims always prepended in --shims mode -- When using mise activate --shims, if the shims directory was already present in PATH (e.g. from a previous activation or a VS Code terminal re-sourcing the shell config), mise would skip the prepend and leave shims at their existing position. This meant system binaries earlier in PATH could silently shadow mise-managed tools. Shims are now always moved to the front. For fish, MovePrependEnv is used to reorder without duplicating; for all other shells, PrependEnv is emitted unconditionally, accepting a harmless duplicate entry in exchange for guaranteed ordering. #​8757 by @​ctaintor

New Contributors

• @​ctaintor made their first contribution in #​8757

Full Changelog: jdx/mise@v2026.3.16...v2026.3.17

v2026.3.16: : Fix unnecessary GitHub API calls during locked installs

Compare Source

A small patch release that fixes mise install --locked making unnecessary GitHub Releases API calls even when the lockfile already contains pre-resolved URLs and checksums.

Fixed

• mise install --locked no longer makes unnecessary GitHub API calls -- The aqua backend's cosign verification path was unconditionally downloading checksum files via the GitHub Releases API, even when cosign was disabled in settings or the package had no cosign configuration. This caused mise install --locked to fail in restricted network environments despite the lockfile having everything needed to install offline. The fix checks settings.aqua.cosign and whether the package actually has cosign configured before attempting any download. #​8753 by @​jdx

Full Changelog: jdx/mise@v2026.3.15...v2026.3.16

v2026.3.15: : Custom credential command for GitHub tokens

Compare Source

This release adds a new github.credential_command setting that lets you plug any external secret manager into mise's GitHub token resolution, and adjusts its priority so it takes precedence over file-based token sources.

Added

• github.credential_command setting for custom token retrieval -- You can now configure a shell command that mise runs to obtain a GitHub token, enabling integration with secret managers like 1Password, HashiCorp Vault, or any custom script. The command is executed via sh -c and receives the hostname as $1, so it can return different tokens for github.com and GitHub Enterprise instances. Results are cached per host per session. #​8746 by @​jdx

  [settings.github]
  credential_command = "op read 'op://Private/GitHub Token/credential'"

  This can also be set via the MISE_GITHUB_CREDENTIAL_COMMAND environment variable.

Changed

• credential_command priority raised above file-based sources -- Since credential_command is an explicit user configuration, it now takes priority over github_tokens.toml and the gh CLI's hosts.yml. Previously it sat at the bottom of the resolution order alongside git credential fill. The git credential fill fallback remains as the lowest-priority option and is no longer blocked when credential_command is set but returns no token. #​8748 by @​jdx

  Updated token priority for github.com:

  #	Source
  1	MISE_GITHUB_TOKEN env var
  2	GITHUB_API_TOKEN env var
  3	GITHUB_TOKEN env var
  4	credential_command (if set) -- new
  5	github_tokens.toml (per-host)
  6	gh CLI token (from hosts.yml)
  7	git credential fill (if enabled)

Full Changelog: jdx/mise@v2026.3.14...v2026.3.15

v2026.3.14: : GitHub token management, macOS shim fix, and Python precompiled flavor fix

Compare Source

This release introduces a new mise github token command and expanded GitHub token resolution (including a config file and git credential helper support), fixes a shim detection regression that caused hangs on macOS, and corrects Python precompiled flavor handling for freethreaded builds.

Highlights

• New mise github token command and github_tokens.toml config file for flexible, per-host GitHub token management
• Reverted shim directory check that caused startup hangs on macOS
• Python lockfile generation now respects precompiled_flavor when filtering out freethreaded builds

Added

• mise github token command and expanded token resolution -- Adds github_tokens.toml (~/.config/mise/github_tokens.toml) for storing per-host GitHub tokens that don't interfere with the gh CLI's hosts.yml. Also adds opt-in git credential fill integration as a last-resort fallback for environments where tokens live in system keyrings (macOS Keychain, Windows Credential Manager, devcontainers). The new mise github token [--unmask] [HOST] command shows which token mise would use and where it came from, making it easy to debug authentication issues. Enable git credential support with github.use_git_credentials = true in settings. #​8742 by @​jdx

  Updated token priority:

  #	Source
  1	MISE_GITHUB_ENTERPRISE_TOKEN env var (non-github.com only)
  2	MISE_GITHUB_TOKEN / GITHUB_API_TOKEN / GITHUB_TOKEN env vars
  3	github_tokens.toml (per-host) -- new
  4	gh CLI token (from hosts.yml)
  5	git credential fill (opt-in) -- new

• Registry: tart -- Added tart to the registry. Tart provides macOS and Linux VMs on Apple Silicon using Apple's Virtualization.framework. Install with mise install tart. #​8727 by @​mnm364

Fixed

• Shim detection reverted to fix macOS hangs -- A recent change (cfcb555) switched shim detection from checking the binary name to checking if argv[0] exists in the shims directory. This caused mise to hang on startup for some users because the filesystem check could block on slow or network filesystems, and could also falsely detect mise itself as a shim. The simpler binary-name-based check has been restored. e1b8ca4 by @​jdx

• Python precompiled flavor now correctly excludes freethreaded builds -- When any precompiled_flavor was specified (e.g. install_only_stripped), the freethreaded build exclusion was bypassed, causing mise lock to sometimes pick the freethreaded build incorrectly. Freethreaded builds are now only included when the requested flavor specifically includes "freethreaded". #​8745 by @​risu729

• cargo install mise docs now use --locked -- The Cargo install command in the documentation has been updated to cargo install --locked mise, preventing build failures from dependency version mismatches. #​8731 by @​rtharston

New Contributors

• @​rtharston made their first contribution in #​8731

Full Changelog: jdx/mise@v2026.3.13...v2026.3.14

v2026.3.13: : Better hook-env stability, --silent fix, and system install symlinks

Compare Source

A focused bugfix release that significantly improves hook-env stability, fixes the --silent flag to actually suppress all mise output, and resolves broken symlinks when installing tools to system/shared directories.

Fixed

• hook-env watch_files tracking and early-exit stability -- Environment plugins (MiseEnv modules) that return watch_files now properly trigger re-evaluation when those files change. Previously, modifying a watched file (e.g. a secrets config) wouldn't cause mise to pick up the new values until a config change or directory switch. This PR also fixes two related stability issues: projects without a mise.lock file could fail to stabilize because the nonexistent lockfile was unconditionally added to the watch set, and directory mtime changes could cause repeated slow-path fallbacks. #​8716 by @​rpendleton

• --silent flag now fully suppresses mise output -- The global --silent flag was not being written to Settings, so mise --silent run foo would suppress task stdout/stderr but still show mise's own info/warn messages. Now --silent properly sets quiet=true in settings, making it a true superset of --quiet: it suppresses both mise messages and task output. #​8720 by @​nkakouros

• mise install --system now creates runtime symlinks correctly -- When installing tools to system/shared directories with --system, the latest and partial-version symlinks (e.g. 18 -> 18.19.0) were only being created in the user install directory, leaving the system directory without proper symlinks. Symlinks are now rebuilt per install directory based on the versions actually present there, with graceful handling of permission errors in shared/system locations. #​8722 by @​jdx

Added

• Registry: acli (Atlassian CLI) -- Added acli to the registry for interacting with Atlassian Cloud services (Jira, Confluence, Bitbucket) from the terminal. Install with mise install acli. #​8721 by @​ggoggam

New Contributors

• @​rpendleton made their first contribution in #​8716
• @​ggoggam made their first contribution in #​8721

Full Changelog: jdx/mise@v2026.3.12...v2026.3.13

v2026.3.12: : Supply chain protection for lockfile upgrades

Compare Source

A small but important release that adds supply chain protection for lockfile upgrades and fixes zsh completions broken by the usage v3.1.0 update. This release also includes the binary assets that were missing from v2026.3.11 due to the completions issue.

Security

• Block GitHub tool upgrades when provenance is lost -- When upgrading a github: backend tool, mise now checks whether the prior locked version had provenance verification (e.g., GitHub Attestations). If the new version lacks provenance that the old version had, the upgrade is blocked with an error indicating a potential supply chain attack. The old provenance-verified lockfile entry is preserved, and the error includes both versions for easy investigation. This check applies to mise lock, mise install, and mise use. #​8706 by @​jdx

  Example error:

  github:example/tool@2.0.0 has no provenance verification on linux-x64,
  but github:example/tool@1.5.0 had github-attestations. This could indicate
  a supply chain attack. Verify the release is authentic before proceeding.
  

Fixed

• Zsh completions updated for usage v3.1.0 -- The prerendered zsh completion script has been regenerated to match the new output format from usage v3.1.0, which switched from _arguments to _describe and changed quoting behavior. This also fixes the binary build failure that prevented v2026.3.11 from publishing release assets. #​8715 by @​jdx

Full Changelog: jdx/mise@v2026.3.11...v2026.3.12

v2026.3.11

Compare Source

Note: This release has no binary assets due to a CI failure caused by a breaking change in usage v3.1.0. The fix is in #​8715. All changes below are included in the next release.

This release adds --skip-tools for faster task execution, GitHub token auto-detection from gh CLI, optional args/env fields in task run entries, and fixes across lockfiles, shims, tasks, and environment handling.

Highlights

• mise run --skip-tools -- Skip tool installation when running tasks, useful when you know tools are already installed and want faster execution. #​8699 by @​jdx
• GitHub token auto-detection from gh CLI -- mise now reads GitHub tokens from gh's hosts.yml config, so authenticated GitHub API requests work automatically if you're logged in with gh auth login. #​8692 by @​jdx
• Optional args and env in task run entries -- Task run entries now support optional args and env fields for more flexible task configuration. #​8687 by @​jdx

Added

• mise run --skip-tools -- Skip tool installation when running tasks. #​8699 by @​jdx
• GitHub token from gh CLI -- Automatically read tokens from gh CLI's hosts.yml config. #​8692 by @​jdx
• Task run entries support args and env -- Optional fields for more flexible task definitions. #​8687 by @​jdx
• vfox: try_get, try_head, try_download_file -- Non-failing HTTP methods for Lua plugins. #​8697 by @​jdx
• New registry tools:
  • rtk -- #​8683 by @​bricelalu

Fixed

• Node: expand tilde in default_packages_file path -- ~/.default-node-packages now resolves correctly. #​8709 by @​jdx
• Lockfile: skip global config lockfile by default -- Global config no longer generates a lockfile unless explicitly configured. #​8707 by @​jdx
• Lockfile: respect existing platforms when running mise lock -- Existing platform entries in lockfiles are preserved instead of being overwritten. #​8708 by @​jdx
• GitHub: rename correct binary when archive contains multiple executables -- Archives with multiple binaries no longer rename the wrong one. #​8700 by @​jdx
• Task: include idiomatic version files in monorepo task toolset -- .node-version, .python-version, etc. are now picked up in monorepo task directories. #​8702 by @​jdx
• Task: strip inline args when validating run.tasks references -- Task references with inline args (e.g. "build --release") no longer fail validation. #​8701 by @​jdx
• Task: inherit task_config.dir for included TOML and file tasks -- Included tasks now correctly inherit the configured working directory. #​8689 by @​jdx
• Task: improve error message when task files are not executable -- Clearer error when a file task lacks execute permission. #​8705 by @​jdx
• Task: improve usage spec element support -- Better handling of usage spec elements in task definitions. #​8623 by @​nkakouros
• Install: skip redundant provenance verification when lockfile has integrity data -- Avoids duplicate verification work. #​8688 by @​jdx
• Install: skip GitHub API calls for aqua tools in --locked mode -- Locked installs no longer make unnecessary API calls. #​8679 by @​jdx
• Shim: detect shims by checking shims directory instead of binary name -- Fixes edge cases where shim detection failed. #​8694 by @​jdx
• Shell: error when no version specified instead of silent no-op -- mise shell node now shows an error instead of doing nothing. #​8693 by @​jdx
• Env: support multiple --env/-E flags -- Multiple environment overrides can now be specified. #​8686 by @​jdx
• Env: make module vars available in Tera template context -- Environment variables from env plugins are now accessible in Tera templates. #​8682 by @​victor-founder
• Config: recognize SSH and other non-HTTPS URLs in get_repo_url -- SSH-style git URLs are now handled correctly. #​8666 by @​modestman
• Implode: include system data dir in cleanup -- mise implode now removes system-level data directories. #​8696 by @​jdx
• Respect MISE_COLOR=0 for error output -- color_eyre error formatting now honors the color setting. #​8690 by @​jdx
• Windows: add usage tool registry support -- #​8713 by @​jdx

New Contributors

• @​victor-founder made their first contribution in #​8682
• @​modestman made their first contribution in #​8666
• @​bricelalu made their first contribution in #​8683

Full Changelog: jdx/mise@v2026.3.10...v2026.3.11

v2026.3.10: : Security fix for .tool-versions templates, Python checksum verification, and 15+ bug fixes

Compare Source

This release closes a security gap where .tool-versions files with Tera templates could execute arbitrary commands without a trust check, adds checksum verification for precompiled Python downloads, and ships over 15 bug fixes across tasks, lockfiles, the Rust plugin, bootstrap scripts, and more.

Highlights

• Security: trust check for .tool-versions Tera templates -- .tool-versions files were processed through Tera's render_str() with the exec() function available, allowing arbitrary command execution without any trust verification. A malicious .tool-versions in a cloned repo could silently execute code when a user with mise shell activation cd'd into the directory. Template syntax in .tool-versions now requires mise trust first; plain files continue to work without trust.
• Python checksum verification for precompiled binaries -- Precompiled Python downloads from astral-sh/python-build-standalone are now verified against lockfile checksums at install time, matching the behavior of other core plugins.
• Python freethreaded build exclusion -- Freethreaded Python builds (e.g. Python 3.14+) are now excluded from precompiled selection by default, fixing "missing lib directory" errors. Set python.precompiled_flavor explicitly if you want freethreaded builds.
• mise doctor PATH ordering check -- mise doctor now warns when non-mise directories appear before mise-managed tool paths in PATH, helping diagnose tool shadowing issues.

Security

• Require trust check for .tool-versions Tera templates -- When template syntax ({{, {%, {#) is detected in a .tool-versions file, mise now requires mise trust before processing it. Plain .tool-versions files without templates are unaffected. #​8675 by @​jdx

Added

• mise doctor detects PATH ordering issues -- When mise is activated (not shims-only), mise doctor now checks whether non-mise directories appear before mise-managed tool paths in PATH and lists the specific offending entries. #​8585 by @​jdx
• New registry tools:
  • viteplus (npm:vite-plus) -- #​8594 by @​risu729
  • ormolu (Haskell formatter) -- #​8617 by @​3w36zj6
  • pi.dev coding agent -- #​8635 by @​dector
  • qwen (npm:@​qwen-code/qwen-code) -- #​8667 by @​jianglu
  • hlint (Haskell linter) -- #​8670 by @​3w36zj6

Fixed

• Python: verify checksums for precompiled binary downloads -- Precompiled Python downloads are now checked against lockfile checksums between HTTP download and tarball extraction, preventing corrupted or tampered downloads from being silently accepted. #​8593 by @​malept
• Python: exclude freethreaded builds from precompiled selection -- Freethreaded Python builds (e.g. cpython-3.14.3-freethreaded) use lib/python3.14t/ instead of lib/python3.14/, causing installation failures. These are now filtered out by default unless python.precompiled_flavor is explicitly set to a freethreaded variant. #​8672 by @​jdx
• Config: resolve trust hash collision for same-name directories -- In paranoid mode, configs sharing the same parent directory leaf name (e.g. /projectA/infra/mise.toml and /projectB/infra/mise.toml) would map to a single hash file, silently breaking trust verification. The filename extension is now appended instead of replaced. Previously trusted configs may need a one-time mise trust after upgrading. #​8628 by @​tdragon
• Lockfile: resolve symlinks when updating -- If a lockfile is a symlink, mise now updates the target file instead of replacing the symlink with a regular file. #​8589 by @​chancez
• Rust: resolve relative CARGO_HOME/RUSTUP_HOME to absolute paths -- When CARGO_HOME or RUSTUP_HOME is set to a relative path (e.g. .cargo via [env]), the paths are now resolved to absolute before use, preventing broken PATH entries like undefined/bin after changing directories. #​8604 by @​simonepri
• Bootstrap: preserve argv[0] for shim dispatch -- mise generate bootstrap now emits exec -a "$0" instead of plain exec, preserving the original invocation name so that shim symlinks (e.g. claude -> mise) dispatch correctly. #​8521 by @​tak848
• Installer: normalize current version before comparison -- The standalone installer now strips the v prefix from MISE_CURRENT_VERSION before comparisons, so embedded checksums and the current-release CDN path are used correctly. #​8649 by @​tak848
• Tasks: global file tasks not properly marked as such -- #​8618 by @​roele
• Tasks: handle broken pipe in mise tasks ls -- Piping task output (e.g. mise tasks ls | head) no longer panics with EPIPE. #​8608 by @​vmaleze
• Tasks: correctly resolve _default files with extensions -- test/_default.sh is now correctly loaded as the test task instead of test:_default. #​8646 by @​youta1119
• Tasks: fix argument completion with flags in zsh -- Completing task arguments after flags (e.g. mise run build -- -c <TAB>) no longer produces errors. #​8601 by @​KevSlashNull
• Git: use "origin" as remote name -- Cloned registries now consistently use "origin" as the remote name, fixing fetch failures in some configurations. #​8626 by @​bentinata
• Shared tools: fix failing rebuild of runtime symlinks -- Installing tools with --system no longer fails when rebuilding runtime symlinks due to incorrect install path resolution. #​8647 by @​roele
• Flutter: fix version_expr Tera parser collision -- Added spaces around the current element operator in Flutter's version_expr to prevent Tera parser errors. #​8616 by @​roele

Changed

• Removed hidden --prefix and --interleave flags from mise run -- These flags were hidden in December 2024 when --output was introduced as their replacement. Their short forms (-p, -i) could silently consume flags intended for tasks. Use --output prefix or --output interleave instead. #​8669 by @​nkakouros

Breaking Changes

• .tool-versions with Tera templates now require trust -- If you have .tool-versions files using template syntax ({{, {%, {#), you will need to run mise trust in those directories. Plain .tool-versions files are unaffected. #​8675
• Trust hash files regenerated -- Due to the hash collision fix, previously trusted configs in paranoid mode may need a one-time mise trust after upgrading. #​8628
• --prefix/-p and --interleave/-i removed from mise run -- Use --output prefix or --output interleave instead (available since December 2024). #​8669

New Contributors

• @​nkakouros mad

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.