deps: update dependency jdx/mise to v2026.2.15

[renovate]

This PR contains the following updates:

Package	Update	Change
jdx/mise	patch	2026.2.3 → 2026.2.15

---

Release Notes

jdx/mise (jdx/mise)

v2026.2.15: : Streaming in Order

Compare Source

This release brings a nice quality-of-life improvement to task execution along with a solid batch of bug fixes across several subsystems.

Highlights

• Real-time streaming for keep-order tasks — The keep_order task output mode now streams the active task's output in real-time instead of buffering everything until completion. Other parallel tasks buffer quietly and flush in definition order as they finish, so you get live feedback without sacrificing deterministic output ordering. #​8164

• npm backend performance — npm view is now called only once per package lookup instead of multiple times, speeding up npm-based tool resolution. Thanks @​risu729! #​8181

Bug Fixes

• Recursive shim execution on Windows — mise exec now strips the shims directory from PATH during executable lookup, preventing infinite recursion when shims call back into mise x. #​8189
• PATH reordering after activation — hook-env now preserves any PATH reordering done after mise activate (e.g., by ~/.zlogin), instead of silently reverting to the original order. #​8190
• Cross-platform lockfile resolution — The aqua backend now correctly resolves lockfile artifacts for the target platform instead of leaking host-specific overrides into mise lock --platform. Thanks @​mackwic! #​8183
• Version alias lockfile lookup — Version aliases (like lts) are now resolved before lockfile lookup, so locked versions are matched correctly. #​8194
• Task source freshness checks — Freshness checks now work correctly with dynamic task directories. Thanks @​rooperuu! #​8169
• Global tasks in monorepos — Global tasks are now properly resolved when running from a monorepo root. #​8192
• Wildcard glob matching — test:* no longer incorrectly matches the parent test task. #​8165
• task_config.includes paths — Include paths in task config are now resolved relative to the config root, not the working directory. #​8193
• Upgrade safety — mise upgrade now skips untrusted tracked configs instead of failing. #​8195
• helm-diff registry entry — Fixed the archive binary name for helm-diff. Thanks @​jean-humann! #​8173

New Contributors

Welcome @​jean-humann, @​mackwic, and @​rooperuu!

📦 Aqua Registry Updates

New Packages (2)

• BetterDiscord/cli
• glossia.ai/cli

v2026.2.14

Compare Source

A feature-focused release adding vfox plugin env redaction, Deno devEngines support, and a new Rust default_host setting.

Highlights

• Vfox env var redaction — Vfox plugins can now request that specific environment variables be redacted from logs and debug output by returning a redact field in MiseEnvResult. Useful for plugins that inject secrets or tokens. #​8166

• Deno devEngines.runtime support — Mise now reads the devEngines.runtime field from package.json to auto-detect the desired Deno version, matching the same convention already supported for Node. Thanks @​risu729! #​8144

• default_host setting for Rust — A new rust.default_host setting lets you override the Rust target triple used during installation, useful for cross-compilation setups. Thanks @​aacebedo! #​8154

• Aqua github_content package support — The aqua backend now supports packages hosted via GitHub content downloads (not just releases). Thanks @​risu729! #​8147

Bug Fixes

• mise edit whitespace — TOML values edited via mise edit no longer retain extra formatting whitespace. #​8162
• --locked for python/ubi — The --locked flag now works correctly with python and ubi backends. #​8163
• npm update notifier — The npm update notifier is now suppressed during npm install, preventing spurious output. Thanks @​risu729! #​8152
• Asset matcher vsix penalty — .vsix files are now deprioritized in asset matching, preventing incorrect downloads. Thanks @​risu729! #​8151
• JSON schema updates — Added missing task_templates, extends, and timeout fields to the mise.json schema. Thanks @​risu729! #​8145

New Contributors

Welcome @​joaommartins! #​8133

---

Note: This release has no attached binary assets. The v2026.2.14 tag was created successfully but the GitHub Actions workflow that publishes release artifacts did not trigger for the tag push. The binaries for this version are functionally identical to v2026.2.15 minus the additional fixes in that release. Use v2026.2.15 instead.

v2026.2.13: : Fix GitHub attestation verification failures

Compare Source

This release partially mitigates GitHub attestation verification failures that were causing tool installations to fail (e.g., gh, and other aqua-backed tools with attestations enabled). See #​8142 for details.

What happened

GitHub silently changed their attestations API to externalize bundle storage to Azure Blob Storage (tmaproduction.blob.core.windows.net) using Snappy compression, rather than returning bundles inline as JSON. The gh CLI had already been updated to handle this (cli/cli#10185), but third-party tools like mise were not yet aware of the new format, causing "error decoding response body" failures.

What this release does

Bumps sigstore-verification to 0.2, which splits the reqwest dependency version from mise's (0.13 vs 0.12). This avoids Cargo feature unification that was causing mise's gzip feature to be applied to attestation requests, interfering with the Snappy-compressed responses.

Note: A full fix with proper Snappy decompression support and auth token scoping landed in sigstore-verification v0.2.1 (#​22, #​23) — expect a follow-up mise release with that bump.

If you are still hitting issues, set settings.aqua.github_attestations = false as a workaround.

Dependency Updates

• Bumped sigstore-verification to 0.2 (e8897c9)

📦 Aqua Registry Updates

New Packages (1)

• k1LoW/tcmux

Updated Packages (1)

• jdx/usage

v2026.2.12

Compare Source

A small release adding a new Java configuration option.

Highlights

• java.shorthand_vendor setting — A new setting that lets you configure which vendor is used when specifying shorthand Java versions (e.g., 21 instead of temurin-21). Thanks @​roele! #​8134

---

Note: This release has no attached binary assets. The v2026.2.12 tag was created but the GitHub Actions workflow that publishes release artifacts did not trigger for the tag push. Use v2026.2.13 or later instead.

v2026.2.11: : Templates Level Up

Compare Source

A small release with a nice quality-of-life improvement for tera template users and a bug fix for file watching.

Highlights

• Array access for multi-version tools in tera templates — If you have multiple versions of a tool installed, you can now access them individually in tera templates via tools.<name>[0].path, tools.<name>[1].path, etc. Single-version tools continue to work as before with tools.<name>.path. #​8129

Bug Fixes

• hook-env now watches files used in tera templates — Files referenced by template functions like read_file(), hash_file(), file_size(), and last_modified() are now properly tracked by hook-env. Previously, changes to these files wouldn't trigger an environment refresh until you changed directories. #​8122

New Tools

• mutagen — thanks @​tony-sol! #​8125
• communique #​8126

v2026.2.10: : Shims, Stdin, and Smarter Offline

Compare Source

This release brings several quality-of-life features alongside a solid round of bug fixes.

Highlights

• Shims as PATH fallback during activation — When not_found_auto_install is enabled (the default), mise now adds the shims directory to your PATH as a fallback. This fixes a subtle issue where subshells or child processes could miss uninstalled tools or pick up the wrong system version instead of the mise-managed one. Thanks @​ctaintor for this contribution! #​8106

• tools variable in Tera templates — You can now reference {{ tools.node.version }} and {{ tools.node.path }} directly in env templates and task templates (with tools = true), eliminating the need for exec(command='node --version') workarounds. #​8108 — Template docs

• mise set --stdin for multiline values — Need to set an SSH key, certificate, or other multiline value as an environment variable? mise set --stdin MY_KEY now reads from stdin until EOF. #​8110

Bug Fixes

• MISE_OFFLINE now works correctly — Previously, offline mode could hang or error out instead of gracefully falling back to local data. This is now fixed, and offline/prefer_offline are proper settings configurable in mise.toml. #​8109
• Upgrade symlink cleanup — Fixed an issue where mise upgrade could leave behind invalid symlinks when uninstalling old versions, thanks @​roele. #​8099 #​8101
• Conda dependency resolution — Improved patchelf handling and dependency version pinning for complex conda packages on Linux. #​8087
• SLSA provenance for Docker Buildx — Tools like github:docker/buildx that ship in-toto statements without sigstore signatures no longer fail verification, thanks @​gerhard. #​8094
• Vfox plugin auto-installation — Fixed a clean-setup failure where vfox-backed env modules would error with "Plugin directory not found" before the plugin was installed, thanks @​pose. #​8035
• GitHub latest version prefix — The v prefix is no longer incorrectly added when resolving "latest" for GitHub release backends. #​8105
• GitLab tool options — Tool options from config are now correctly resolved for aliased GitLab tools. #​8084
• Flutter version resolution — Fixed version resolution by using version_expr. #​8081
• Tuist on Linux — Registry now includes Linux support for tuist, thanks @​fortmarek. #​8102

Registry

• Added conda backends for mysql, ffmpeg, ghc, vim, and several other previously asdf-only tools. #​8080 #​8083
• Added podman-tui, thanks @​tony-sol. #​8098

New Contributors

Welcome @​ctaintor, @​rileychh, @​fortmarek, @​pose, and @​gerhard — thanks for your first contributions!

📦 Aqua Registry Updates

New Packages (2)

• entireio/cli
• rmitchellscott/reManager

Updated Packages (1)

• atuinsh/atuin

v2026.2.9: : Ruby Plays Nice with Legacy Linux

Compare Source

This release brings a quality-of-life improvement for Ruby users on older Linux distributions, plus a couple of important bug fixes.

Highlights

Automatic Ruby variant selection for older glibc systems (#​8069)

If you're running Linux with glibc older than 2.35 (common on RHEL 7, Amazon Linux 2, CentOS 7, or older Debian/Ubuntu versions), mise will now automatically download the no-YJIT precompiled Ruby variant instead of failing with cryptic errors. This means precompiled Ruby "just works" on a much wider range of Linux systems without any manual configuration. Systems with glibc 2.35+ (Ubuntu 22.04+, Debian 12+, Fedora 36+) continue to get the standard YJIT-enabled builds as before.

Bug Fixes

• Windows shim updates with self-update (#​8075) — mise self-update on Windows now properly updates mise-shim.exe alongside mise.exe. Previously, users had to manually download the shim from GitHub releases after updating.

• Fixed cargo install mise (#​8077) — Bumped the xx dependency to 2.5 to fix an issue where Cargo was selecting an incompatible older version, causing installation failures. Thanks @​erickt for the fix and welcome to mise!

Documentation

• Ruby precompiled binaries are no longer marked as experimental (#​8073) — they're stable and ready for production use.

📦 Aqua Registry Updates

Updated Packages (1)

• carthage-software/mago

v2026.2.8: : Hooks Get Their Act Together

Compare Source

This release focuses on hooks—fixing 12 community-reported issues that were making them unreliable. There are also some nice quality-of-life improvements for Node.js and Ruby users.

Highlights

Hooks overhaul — A comprehensive fix for the hooks system addressing a dozen issues reported by the community. Global hooks now actually work, hook execution order is corrected (leave fires before enter), infinite loops in fish shell are fixed, and postinstall hooks can now find all installed tools. #​8058

Node version detection from package.json — mise now reads tool versions directly from package.json using the devEngines and packageManager fields. This means your Node, Bun, pnpm, yarn, and npm versions can be auto-detected without a separate .tool-versions or mise.toml file. Semver ranges are simplified automatically (>=18.0.0 → 18). #​8059

Precompiled Ruby goes stable — You can now use precompiled Ruby binaries by setting ruby.compile=false without needing experimental=true. This will become the default in 2026.8.0. If you haven't tried it, precompiled Ruby installs in seconds instead of minutes. #​8052

New Features

• --dry-run-code flag — Added to install, upgrade, prune, uninstall, and use commands. Behaves like --dry-run but exits with code 1 when there's work to do, enabling patterns like if ! mise install --dry-run-code -q; then mise install; fi #​8063

Bug Fixes

• MISE_ARCH override — The bun and erlang plugins now respect MISE_ARCH at runtime, which is useful for Windows ARM64 users running x64 binaries under emulation #​8062
• key=value format — mise settings set, mise settings add, mise config set, and mise shell-alias set now accept key=value as a single argument #​8053

Registry

• Added quicktype (npm:quicktype) — thanks @​zdunecki! #​8054

Dependencies

• Upgraded to TOML 1.1 support via toml 0.9 and toml_edit 0.24 #​8057

v2026.2.7: : Windows Gets Real

Compare Source

This release brings a significant improvement for Windows users with native .exe shims, along with several bug fixes that improve the reliability of tool installation and version resolution.

Highlights

Native Windows Shims (#​8045)

mise now generates native .exe shim files instead of .cmd batch scripts. This resolves a whole category of frustrating issues:

• No more intermittent ENOENT errors from spawnSync in node
• where.exe now correctly finds your tools
• Better compatibility with package managers like npm and bun that expect real executables
• Proper control flow in batch scripts

The new "exe" mode is now the default for windows_shim_mode. This follows the same pattern used by Scoop, Volta, and Chocolatey. If you need to switch back, you can set windows_shim_mode = "file" in your settings. Thanks to @​iki for helping with this.

Bug Fixes

• Config options preserved during CLI installs (#​8044) - Running mise install tool@version with an explicit version no longer loses tool-level config options like postinstall from your mise.toml. Registry defaults (like uvx=false or pipx_args) are also preserved when using table syntax.

• Linked versions take priority over lockfiles (#​8050) - Tools created with mise link now correctly override lockfile entries during version resolution. Previously, a lockfile pin would override your linked version, causing confusing "missing" warnings.

• Fixed duplicate entries in ls --all-sources (#​8042) - Thanks @​roele!

Registry Updates

• Switched oxlint to use npm backend by default (#​8038) - Thanks @​risu729!
• Added orval for OpenAPI client generation: mise use orval (#​8051) - Thanks @​zdunecki for your first contribution!

v2026.2.6: : Shell Expansion & Source Tracking

Compare Source

This release brings a couple of nice quality-of-life improvements alongside several bug fixes.

Highlights

Shell-style variable expansion in env values (#​8029) - You can now use shell-style variable expansion like ${VAR:-default} and ${VAR:+alternate} directly in your mise.toml environment variables. This makes it easier to set up flexible configurations without needing to drop into shell scripts.

New --all-sources flag for mise ls (#​8019) - Thanks to @​TylerHillery for adding this flag, which shows all the sources where a tool version is defined. Useful for debugging why a particular version is being used when you have multiple config files.

Bug Fixes

• gem backend: Fixed Windows support and resolved a newline issue in gem scripts (#​8031, #​8034) - Thanks @​my1e5!
• lockfile: Tools are now written to the lockfile matching their source config, fixing issues where lockfile entries could get misattributed (#​8012)
• mise ls: Sources in --all-sources output are now sorted deterministically (#​8037)
• tasks: File tasks now auto-install tools defined in mise.toml, matching the behavior of inline tasks (#​8030)

Security

• Updated the time crate to 0.3.47 to address RUSTSEC-2026-0009 (#​8026)

New Tools

• tirith - Thanks @​sheeki03!
• mas (Mac App Store CLI) - Thanks @​TyceHerrman!

New Contributors

Welcome to @​sheeki03 and @​TylerHillery for their first contributions!

📦 Aqua Registry Updates

New Packages (1)

• kubernetes-sigs/kubectl-validate

Updated Packages (6)

• flux-iac/tofu-controller/tfctl
• gogs/gogs
• j178/prek
• syncthing/syncthing
• tuist/tuist
• yaml/yamlscript

v2026.2.5: : Lockfiles Break Free

Compare Source

This is a small maintenance release with one user-facing improvement.

Bug Fixes

• Lockfiles no longer require experimental mode - You can now use mise.lock files without setting experimental = true in your configuration. Lockfiles help ensure reproducible tool versions across your team, and this change makes them accessible to everyone by default. (#​8011)

For more information on lockfiles, see the documentation.

📦 Aqua Registry Updates

Updated Packages (1)

• uutils/coreutils

v2026.2.4: : Taming the Environment

Compare Source

This release focuses on fixing several edge cases in environment handling and tool management. Users working with complex environment configurations, npm package managers, and locked tool versions will find this update particularly helpful.

Bug Fixes

• Environment variable resolution for tool templates: When using env._.source to source environment files, tool templates now correctly resolve the sourced environment variables. Previously, tool version templates that depended on sourced env vars might not have worked as expected. Thanks to @​corymhall for this fix! #​7895

• npm package manager dependencies: When using mise to manage Node.js package managers (npm, yarn, pnpm, bun), mise now only declares the specifically configured package manager as a dependency rather than all of them. This prevents unnecessary dependency resolution issues. #​7995

• Respect use_locked_version during upgrades: The mise upgrade command now properly respects the use_locked_version setting when checking tracked configs. If you have this setting enabled, upgrades will now correctly use the locked versions from your config files. #​7997

• Ignore MISE_TOOL_VERSION in env parsing: Fixed an issue where the internal MISE_TOOL_VERSION environment variable could interfere with environment variable parsing, preventing potential conflicts in certain workflows. #​8004

New Contributors

Welcome to @​corymhall who made their first contribution to mise! 🎉

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.