Update dependency jdx/mise to v2026.3.12

[renovate]

This PR contains the following updates:

Package	Update	Change	Pending
jdx/mise	patch	v2026.3.10 → v2026.3.12	v2026.3.13

---

Release Notes

jdx/mise (jdx/mise)

v2026.3.12: : Supply chain protection for lockfile upgrades

Compare Source

A small but important release that adds supply chain protection for lockfile upgrades and fixes zsh completions broken by the usage v3.1.0 update. This release also includes the binary assets that were missing from v2026.3.11 due to the completions issue.

Security

• Block GitHub tool upgrades when provenance is lost -- When upgrading a github: backend tool, mise now checks whether the prior locked version had provenance verification (e.g., GitHub Attestations). If the new version lacks provenance that the old version had, the upgrade is blocked with an error indicating a potential supply chain attack. The old provenance-verified lockfile entry is preserved, and the error includes both versions for easy investigation. This check applies to mise lock, mise install, and mise use. #​8706 by @​jdx

  Example error:

  github:example/tool@2.0.0 has no provenance verification on linux-x64,
  but github:example/tool@1.5.0 had github-attestations. This could indicate
  a supply chain attack. Verify the release is authentic before proceeding.
  

Fixed

• Zsh completions updated for usage v3.1.0 -- The prerendered zsh completion script has been regenerated to match the new output format from usage v3.1.0, which switched from _arguments to _describe and changed quoting behavior. This also fixes the binary build failure that prevented v2026.3.11 from publishing release assets. #​8715 by @​jdx

Full Changelog: jdx/mise@v2026.3.11...v2026.3.12

v2026.3.11

Compare Source

Note: This release has no binary assets due to a CI failure caused by a breaking change in usage v3.1.0. The fix is in #​8715. All changes below are included in the next release.

This release adds --skip-tools for faster task execution, GitHub token auto-detection from gh CLI, optional args/env fields in task run entries, and fixes across lockfiles, shims, tasks, and environment handling.

Highlights

• mise run --skip-tools -- Skip tool installation when running tasks, useful when you know tools are already installed and want faster execution. #​8699 by @​jdx
• GitHub token auto-detection from gh CLI -- mise now reads GitHub tokens from gh's hosts.yml config, so authenticated GitHub API requests work automatically if you're logged in with gh auth login. #​8692 by @​jdx
• Optional args and env in task run entries -- Task run entries now support optional args and env fields for more flexible task configuration. #​8687 by @​jdx

Added

• mise run --skip-tools -- Skip tool installation when running tasks. #​8699 by @​jdx
• GitHub token from gh CLI -- Automatically read tokens from gh CLI's hosts.yml config. #​8692 by @​jdx
• Task run entries support args and env -- Optional fields for more flexible task definitions. #​8687 by @​jdx
• vfox: try_get, try_head, try_download_file -- Non-failing HTTP methods for Lua plugins. #​8697 by @​jdx
• New registry tools:
  • rtk -- #​8683 by @​bricelalu

Fixed

• Node: expand tilde in default_packages_file path -- ~/.default-node-packages now resolves correctly. #​8709 by @​jdx
• Lockfile: skip global config lockfile by default -- Global config no longer generates a lockfile unless explicitly configured. #​8707 by @​jdx
• Lockfile: respect existing platforms when running mise lock -- Existing platform entries in lockfiles are preserved instead of being overwritten. #​8708 by @​jdx
• GitHub: rename correct binary when archive contains multiple executables -- Archives with multiple binaries no longer rename the wrong one. #​8700 by @​jdx
• Task: include idiomatic version files in monorepo task toolset -- .node-version, .python-version, etc. are now picked up in monorepo task directories. #​8702 by @​jdx
• Task: strip inline args when validating run.tasks references -- Task references with inline args (e.g. "build --release") no longer fail validation. #​8701 by @​jdx
• Task: inherit task_config.dir for included TOML and file tasks -- Included tasks now correctly inherit the configured working directory. #​8689 by @​jdx
• Task: improve error message when task files are not executable -- Clearer error when a file task lacks execute permission. #​8705 by @​jdx
• Task: improve usage spec element support -- Better handling of usage spec elements in task definitions. #​8623 by @​nkakouros
• Install: skip redundant provenance verification when lockfile has integrity data -- Avoids duplicate verification work. #​8688 by @​jdx
• Install: skip GitHub API calls for aqua tools in --locked mode -- Locked installs no longer make unnecessary API calls. #​8679 by @​jdx
• Shim: detect shims by checking shims directory instead of binary name -- Fixes edge cases where shim detection failed. #​8694 by @​jdx
• Shell: error when no version specified instead of silent no-op -- mise shell node now shows an error instead of doing nothing. #​8693 by @​jdx
• Env: support multiple --env/-E flags -- Multiple environment overrides can now be specified. #​8686 by @​jdx
• Env: make module vars available in Tera template context -- Environment variables from env plugins are now accessible in Tera templates. #​8682 by @​victor-founder
• Config: recognize SSH and other non-HTTPS URLs in get_repo_url -- SSH-style git URLs are now handled correctly. #​8666 by @​modestman
• Implode: include system data dir in cleanup -- mise implode now removes system-level data directories. #​8696 by @​jdx
• Respect MISE_COLOR=0 for error output -- color_eyre error formatting now honors the color setting. #​8690 by @​jdx
• Windows: add usage tool registry support -- #​8713 by @​jdx

New Contributors

• @​victor-founder made their first contribution in #​8682
• @​modestman made their first contribution in #​8666
• @​bricelalu made their first contribution in #​8683

Full Changelog: jdx/mise@v2026.3.10...v2026.3.11

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.