fix(deps): update dependency jdx/mise to v2026.5.4

[renovate]

This PR contains the following updates:

Package	Update	Change	Pending
jdx/mise	patch	2026.5.0 → 2026.5.4	2026.5.10 (+5)

---

Release Notes

jdx/mise (jdx/mise)

v2026.5.4

Compare Source

🚀 Features

• (java) remove musl feature in favor of autom. musl detection and alpine-linux versions by @​roele in #​9688

🚜 Refactor

• (schema) stop patching task_template in render script by @​risu729 in #​9680

📚 Documentation

• (deps) drop codegen example from configuration section by @​jdx in 6b2d851

⚡ Performance

• avoid spawning process to set exit code by @​vemoo in #​9723

📦️ Dependency Updates

• update ghcr.io/jdx/mise:rpm docker digest to b8b0b72 by @​renovate[bot] in #​9711
• update ghcr.io/jdx/mise:alpine docker digest to f130900 by @​renovate[bot] in #​9709
• update ghcr.io/jdx/mise:deb docker digest to 71bda11 by @​renovate[bot] in #​9710
• bump rattler crates together by @​jdx in #​9721
• update rust crate junction to v2 by @​renovate[bot] in #​9726
• update rust docker digest to 4d4ec51 by @​renovate[bot] in #​9734

📦 Registry

• use symlink_bins in ibmcloud by @​dnwe in #​9685

Chore

• (ci) pass mise github token to tests by @​risu729 in #​9684

📦 Aqua Registry Updates

New Packages (2)

• DataDog/managed-kubernetes-auditing-toolkit
• oracle.com/sqlcl

Updated Packages (3)

• alltuner/mise-completions-sync
• iann0036/iamlive
• pnpm/pnpm

v2026.5.3

Compare Source

🐛 Bug Fixes

• (aqua) resolve latest from GitHub releases by @​risu729 in #​9277

📦️ Dependency Updates

• update ubuntu:26.04 docker digest to f3d2860 by @​renovate[bot] in #​9697
• update ghcr.io/jdx/mise:alpine docker digest to d15f3f9 by @​renovate[bot] in #​9694
• update ghcr.io/jdx/mise:rpm docker digest to 9084f68 by @​renovate[bot] in #​9696
• update ghcr.io/jdx/mise:deb docker digest to dd8a908 by @​renovate[bot] in #​9695
• update rust crate ctor to 0.12 by @​renovate[bot] in #​9698

Chore

• (ci) increase lint job timeout for clippy by @​risu729 in #​9682
• (hk) drop jq from schema lint step by @​risu729 in #​9681

📦 Aqua Registry Updates

New Packages (2)

• DataDog/pup
• reviewdog/nightly

Updated Packages (1)

• gittuf/gittuf

v2026.5.2

Compare Source

🚀 Features

• (aqua) support registry libc variants by @​jdx in #​9652
• (bin-paths) add executable names output by @​risu729 in #​9617

🐛 Bug Fixes

• (aqua) preserve configured file extensions by @​risu729 in #​9611
• (aqua) support registry file links by @​risu729 in #​9610
• (backend) reject bare package backend names by @​risu729 in #​9608
• (backend) apply inline tool option overrides by @​risu729 in #​9306
• (backend) skip versions host for local tool opts by @​risu729 in #​9568
• (github) chmod explicit archive bin by @​risu729 in #​9609
• (install) skip remote-versions refresh in prefer-offline mode by @​jdx in #​9627
• (lock) scope targets to active project root by @​risu729 in #​9319
• (lockfile) respect existing platforms during auto-lock by @​jdx in #​9621
• (pipx) filter yanked pypi releases by @​risu729 in #​9607
• (pipx) declare python as a backend dependency by @​jdx in #​9678
• (schema) update refs to $defs in mise-registry-tool.json by @​risu729 in #​9671
• (task) terminate parallel siblings on failure via process groups by @​jdx in #​9655
• (task) stable MISE_PROJECT_ROOT for monorepo tasks, add MISE_MONOREPO_ROOT by @​jdx in #​9657
• (trust) run enter hooks after trusting config by @​risu729 in #​9634
• (ui) stop clearing screen for prompts by @​jdx in #​9619
• use /bin/cp on macos by @​pdehlke in #​9656

🚜 Refactor

• (aqua) store aqua var defaults as strings by @​risu729 in #​9645
• (config) support structured TOML values in registry backend options by @​risu729 in #​9584
• (deps) remove serde_derive dependency by @​risu729 in #​9670
• (deps) remove anyhow dependency by @​risu729 in #​9661
• (deps) use std::sync::LazyLock instead of once_cell::Lazy by @​risu729 in #​9668
• (schema) generate task schema from mise schema by @​risu729 in #​9581
• (schema) reuse task props with unevaluatedProperties by @​risu729 in #​9582
• (schema) reuse registry common types by @​risu729 in #​9648
• (schema) reuse plugin script config by @​risu729 in #​9647
• (schema) use $defs in schema files by @​risu729 in #​9646

📚 Documentation

• (node) add tips for enabling node idiomatic by @​fu050409 in #​9675

🧪 Testing

• (cli) remove nondeterministic tool depends assertion by @​risu729 in #​9633
• (e2e) pin uv to 0.11.8 around astral-sh/uv#19278 by @​jdx in #​9618
• (e2e) wait for docker env cleanup by @​risu729 in #​9631
• (zig) use official zig instead of mach mirror by @​jdx in #​9659

📦️ Dependency Updates

• fall through to hash check when providers have no outputs by @​jdx in #​9622
• bump Cargo.lock by @​jdx in #​9625

📦 Registry

• remove registry depends by @​risu729 in #​9571
• add code-review-graph (pipx:code-review-graph) by @​chautruonglong in #​9673

Chore

• (ci) split large registry test-tool changes by @​risu729 in #​9628
• (ci) make perf script robust to runner noise by @​jdx in #​9635
• (ci) skip hyperfine comments without permission by @​risu729 in #​9629

New Contributors

• @​chautruonglong made their first contribution in #​9673
• @​pdehlke made their first contribution in #​9656

📦 Aqua Registry Updates

New Packages (5)

• anthropics/anthropic-cli
• crates.io/wasmi_cli
• openclaw/gogcli
• racket-lang.org/racket-minimal
• runs-on/cli

Updated Packages (13)

• UpCloudLtd/upcloud-cli
• aristocratos/btop
• dprint/dprint
• j178/prek
• jdx/hk
• jdx/mise
• jdx/usage
• jreleaser/jreleaser
• jreleaser/jreleaser/standalone
• pnpm/pnpm
• suzuki-shunsuke/cmdx
• suzuki-shunsuke/ghir
• twpayne/chezmoi

v2026.5.1

Compare Source

🚀 Features

• (backend) support top-level aqua cosign verification by @​risu729 in #​9111

🐛 Bug Fixes

• (schema) validate all schema files with draft2020 and strict mode by @​risu729 in #​9594
• (shim) skip network resolution for installed tool dirs by @​jdx in #​9599

📚 Documentation

• (dev-tools) clarify vfox metadata depends for install hooks by @​risu729 in #​9573
• (plugins) remove registry submission guidance by @​risu729 in #​9577

📦️ Dependency Updates

• lock file maintenance by @​renovate[bot] in #​9586

📦 Registry

• remove bashly asdf fallback by @​risu729 in #​9578
• use github backend for rebar by @​risu729 in #​9576
• add wasm-tools (aqua:bytecodealliance/wasm-tools) by @​2xdevv in #​9596
• enable symlink_bins for elixir-ls by @​AlternateRT in #​9592

Chore

• (release) always append sponsor block to release notes by @​jdx in #​9580
• warn on vendored vfox embedded plugins by @​risu729 in #​9588
• prefer registry shorthands over cargo/npm backends in mise.toml by @​risu729 in #​9595

📦 Aqua Registry Updates

New Packages (2)

• salesforce/reactive-grpc/protoc-gen-reactor-grpc
• spinframework/spin

Updated Packages (1)

• pnpm/pnpm

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday (* 0-4,22-23 * * 1-5)
  • Only on Sunday and Saturday (* * * * 0,6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

This PR updates mise from v2026.5.0 to v2026.5.4, which includes four patch releases (v2026.5.1, v2026.5.2, v2026.5.3, and v2026.5.4). The changes are focused on bug fixes, performance improvements, and registry package updates with no breaking changes to the core functionality.

Key Changes:

v2026.5.4 (Latest):

• Java on Alpine: Automatic musl detection for Java installations on Alpine Linux (no longer requires -musl suffix)
• Registry fix: ibmcloud now uses symlink_bins to prevent binary shadowing
• Performance: PowerShell activation is ~270ms faster (removed process spawning for exit code propagation)
• Schema refactoring: Schema rendering improvements with no functional impact

v2026.5.3:

• Aqua backend fix: Resolves latest versions via GitHub's latest-release endpoint for more accurate version resolution

v2026.5.2:

• Multiple backend fixes: Improvements to aqua, github, pipx, and other backends
• Task management: Better process group handling for parallel tasks, new MISE_MONOREPO_ROOT environment variable
• Install improvements: Respects prefer_offline mode, fixes lockfile behavior
• Binary linking: Enhanced handling of file extensions and symlinks

v2026.5.1:

• Cosign verification: Added top-level cosign verification for aqua backend
• Shim fixes: Resolves issues with mise reshim when non-resolvable version directories exist
• Schema validation: All schemas now validated against draft/2020-12 in strict mode

Breaking Changes: None

Security Fixes: Enhanced cosign verification support for aqua backend (v2026.5.1)

🎯 Impact Scope Investigation

Usage Locations Identified:

1. Dockerfile:6 - Direct binary download and installation in Alpine stage

   • Currently: MISE_VERSION=2026.5.0
   • After update: MISE_VERSION=2026.5.4

2. Dockerfile:36, 45, 56, 69, 78 - Runtime installation commands

   • mise use -g node@${NODE_VERSION}
   • mise settings ruby.compile=false && mise use -g ruby@${RUBY_VERSION}
   • mise use -g go@${GO_VERSION}
   • mise use -g python@${PYTHON_VERSION}
   • mise use -g rust@${RUST_VERSION}

3. mise.toml - Development tool version management

   • Defines versions for go, golangci-lint, lefthook, hadolint, node, ruby, rust, python

4. .github/workflows/ci.yml:25, 38, 51, 64, 81 - CI pipeline uses jdx/mise-action@v4.0.1

   • Used in: hadolint, lint, build, unit-test, and e2e-test jobs

Commands Used:

• mise install - No API changes affecting this command
• mise use -g - No API changes affecting this command
• mise settings - No API changes affecting this command
• mise where - No API changes affecting this command (referenced in docs)

Impact on Dependencies:

• No changes to how mise installs or manages Node.js, Ruby, Go, Python, or Rust
• All runtime installation patterns remain compatible
• The Alpine Java musl detection improvement doesn't affect this project (no Java runtime used)

Configuration Impact:

• No changes required to mise.toml
• No changes required to Dockerfile installation commands
• No changes required to CI workflow configuration

💡 Recommended Actions

Immediate Actions:

1. ✅ Merge this PR - The update is fully backward compatible with no breaking changes
2. ✅ No code modifications required - All existing mise commands and workflows remain compatible

Post-Merge Validation:

1. Monitor the Docker build process to ensure mise binary downloads successfully
2. Verify CI pipeline runs complete successfully with the new version
3. Confirm all runtime installations (Node.js, Ruby, Go, Python, Rust) work as expected

Optional Follow-up:

• Consider updating to v2026.5.10 when it becomes available (5 newer versions are pending per PR description)
• No urgent need to update beyond v2026.5.4 unless specific bug fixes are needed

Risk Assessment:

• Build Risk: Minimal - Binary is available and compatible
• Runtime Risk: None - No changes to installation behavior for languages used in this project
• CI Risk: Minimal - GitHub Action (mise-action) is pinned independently and handles version compatibility

🔗 Reference Links

• v2026.5.4 Release Notes
• v2026.5.3 Release Notes
• v2026.5.2 Release Notes
• v2026.5.1 Release Notes
• Full Changelog v2026.5.0...v2026.5.4
• mise Documentation

Generated by koki-develop/claude-renovate-review