Update dependency mise to 2026.5.9

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Update	Change	Pending
mise	patch	2026.4.23 → 2026.5.9	2026.5.12 (+2)

---

Release Notes

jdx/mise (mise)

v2026.5.9

Compare Source

🚀 Features

• (config) add shell to watch_files run by @​risu729 in #​9810
• (spm) add artifact bundle support by @​ikesyo in #​9825

🐛 Bug Fixes

• (aqua) reject registry-invalid latest tags by @​risu729 in #​9834
• (patrons) point sponsor link to https://en.dev by @​jdx in #​9868
• (vfox) respect default inline shell in cmd.exec by @​risu729 in #​9837
• github oauth device flow paths by @​jasisk in #​9791

📚 Documentation

• Update Walkthrough guide by @​thernstig in #​9853

⚡ Performance

• (config) skip tera render for plain strings by @​risu729 in #​9833

📦️ Dependency Updates

• update ghcr.io/jdx/mise:rpm docker digest to d2471f2 by @​renovate[bot] in #​9879
• update rust docker digest to 5b1e348 by @​renovate[bot] in #​9880
• update ghcr.io/jdx/mise:deb docker digest to 0cde829 by @​renovate[bot] in #​9878
• update ubuntu docker tag to resolute-20260421 by @​renovate[bot] in #​9881
• update ghcr.io/jdx/mise:alpine docker digest to 2d0ea74 by @​renovate[bot] in #​9877
• update rust crate phf to 0.13 by @​renovate[bot] in #​9884
• update rust crate phf_codegen to 0.13 by @​renovate[bot] in #​9883

📦 Registry

• use aqua backend for npm by @​risu729 in #​9762
• add aqua for buck2 prereleases by @​risu729 in #​9805
• add SonarQube CLI (aqua:SonarSource/sonarqube-cli) by @​3PeatVR in #​9824

New Contributors

• @​3PeatVR made their first contribution in #​9824
• @​ikesyo made their first contribution in #​9825
• @​thernstig made their first contribution in #​9853

📦 Aqua Registry Updates

New Packages (4)

• SurgeDM/Surge
• roie/ovw
• so-dang-cool/sigi
• vjeantet/alerter

Updated Packages (2)

• alltuner/mise-completions-sync
• str4d/age-plugin-yubikey

v2026.5.8

Compare Source

🚀 Features

• (patrons) add mise patrons command by @​jdx in #​9841

🐛 Bug Fixes

• (task) skip shebang line in displayed task command by @​jdx in #​9844

🚜 Refactor

• (security) switch to sigstore-rust verification by @​jdx in #​9260

v2026.5.7

Compare Source

🐛 Bug Fixes

• (backend) use runtime paths for backend bin dirs by @​risu729 in #​9606
• (ci) preserve vendor/aqua-registry/ in PPA publish workflow by @​jdx in #​9782
• (ci) set UTF-8 locale in e2e Docker image by @​jdx in #​9820
• (ci) pass UTF-8 locale through to e2e tests by @​jdx in #​9823
• (conda) dedup repodata by archive identifier instead of URL by @​jdx in #​9831
• (github) use default shell for credential command by @​risu729 in #​9664
• (settings) distinguish unset known settings from unknown ones by @​jdx in #​9818
• (upgrade) remove completed progress jobs to prevent duplicate output by @​jdx in #​9779
• (vfox) resolve GitHub token lazily inside Lua plugins by @​jdx in #​9816

🚜 Refactor

• (config) separate core and backend tool options by @​risu729 in #​9753
• (schema) reuse env directive property schemas by @​risu729 in #​9651

📚 Documentation

• (aliases) fix Aliased Versions example and drop stale asdf callout by @​jdx in #​9830

⚡ Performance

• (aqua) use phf for baked registry lookups by @​risu729 in #​9763
• (task) cache per-file content hashes for source_freshness_hash_contents by @​jdx in #​9819

🧪 Testing

• (e2e) pin aube to known-good version in npm package_manager test by @​jdx in #​9794

📦 Registry

• replace unsupported exe options by @​risu729 in #​9587
• update pi by @​garysassano in #​9792

Chore

• (ci) use non-large runners for release builds by @​jdx in #​9786
• (ci) compare registry PRs from fork point by @​risu729 in #​9643
• (ci) make build-copr.sh the single source of truth for COPR chroots by @​jdx in #​9788
• (ci) use crates.io trusted publishing in release-plz by @​jdx in #​9793
• (ci) remove autofix.ci workflow by @​jdx in #​9801
• (ci) restore -large runner for Linux release builds by @​jdx in #​9815
• (ci) add zizmor workflow for github actions security analysis by @​jdx in #​9804
• (ci) assert mise run render produces no diff by @​jdx in #​9803
• (copr) publish EL9 builds via centos-stream+epel-next-9 chroot by @​jdx in #​9787

Ci

• remove pull_request_target workflow by @​jdx in #​9799
• remove caching from publishing workflows by @​jdx in #​9800

Security

• reject shell metacharacters in version strings and CI inputs by @​jdx in #​9814

📦 Aqua Registry Updates

New Packages (11)

• Code-Hex/Neo-cowsay
• SonarSource/sonarqube-cli
• earendil-works/pi
• hylo-lang/hylo-new
• jfernandez/bpftop
• modem-dev/hunk
• npm/cli
• racket/racket/minimal
• slackapi/slack-cli
• vectordotdev/vector
• wasilibs/go-yamllint

Updated Packages (10)

• DataDog/pup
• aquasecurity/trivy
• astral-sh/uv
• caarlos0/svu
• cargo-bins/cargo-binstall
• foundry-rs/foundry
• gastownhall/beads
• gruntwork-io/terragrunt
• pnpm/pnpm
• santosr2/TerraTidy

v2026.5.6

Compare Source

🚀 Features

• (cli) add minimum release age flag to lock and ls-remote by @​risu729 in #​9269
• (config) add run field for hooks by @​risu729 in #​9718
• (github) add native oauth token source by @​jdx in #​9654
• (oci) scope build to project config by default by @​jdx in #​9766
• add support for prefixed latest version queries in outdated checks by @​roele in #​9767

🐛 Bug Fixes

• (activate) guard bash chpwd hook under nounset by @​risu729 in #​9716
• (backend) date-check latest stable fast path by @​risu729 in #​9650
• (config) parse core tool options consistently by @​risu729 in #​9742
• (exec) propagate __MISE_DIFF so nested mise recovers pristine PATH by @​jdx in #​9765
• (forgejo) include prereleases when opted in by @​risu729 in #​9717
• (github) avoid caching empty release assets by @​risu729 in #​9616
• (java) resolve lockfile URLs from metadata by @​risu729 in #​9719
• (lock) cache unavailable github attestations by @​risu729 in #​9741
• (pipx) preserve options when reinstalling tools by @​risu729 in #​9663
• (python) skip redundant lockfile provenance verification by @​risu729 in #​9739
• (vfox) run pre_uninstall hook by @​risu729 in #​9662

🚜 Refactor

• (schema) extract tool options definition by @​risu729 in #​9649

⚡ Performance

• (aqua) bake rkyv aqua package blobs by @​risu729 in #​9535

📦️ Dependency Updates

• lock file maintenance by @​renovate[bot] in #​9773

📦 Registry

• add vector (github:vectordotdev/vector) by @​kquinsland in #​9761
• add oc and openshift-install (http backend) by @​konono in #​9669

New Contributors

• @​konono made their first contribution in #​9669
• @​kquinsland made their first contribution in #​9761

v2026.5.5

Compare Source

🚀 Features

• add --inactive option to outdated and upgrade commands for inactive tools by @​roele in #​9640

🐛 Bug Fixes

• (aqua) resolve bin paths for prefixed v tags by @​risu729 in #​9759
• (bun) create bunx alongside bun.exe on Windows install by @​JamBalaya56562 in #​9732
• (dotnet) use shared prerelease tool option by @​risu729 in #​9720
• (node) use matching node in npm shim by @​jdx in #​9749
• (task) resolve bash deterministically on Windows to avoid WSL launcher by @​JamBalaya56562 in #​9750

📚 Documentation

• (secrets) clarify age strict mode default by @​risu729 in #​9737
• (tasks) add bash shebang to conditional-dependencies example by @​JamBalaya56562 in #​9747
• update backend tool option docs by @​risu729 in #​9738

📦 Registry

• remove tools with zero users by @​jdx in #​9725
• add scalafmt (github:scalameta/scalafmt) by @​pokir in #​9757
• remove flarectl by @​risu729 in #​9756

Chore

• (release) strip pre-existing sponsor block before appending canonical one by @​jdx in #​9745

New Contributors

• @​pokir made their first contribution in #​9757

v2026.5.4

Compare Source

🚀 Features

• (java) remove musl feature in favor of autom. musl detection and alpine-linux versions by @​roele in #​9688

🚜 Refactor

• (schema) stop patching task_template in render script by @​risu729 in #​9680

📚 Documentation

• (deps) drop codegen example from configuration section by @​jdx in 6b2d851

⚡ Performance

• avoid spawning process to set exit code by @​vemoo in #​9723

📦️ Dependency Updates

• update ghcr.io/jdx/mise:rpm docker digest to b8b0b72 by @​renovate[bot] in #​9711
• update ghcr.io/jdx/mise:alpine docker digest to f130900 by @​renovate[bot] in #​9709
• update ghcr.io/jdx/mise:deb docker digest to 71bda11 by @​renovate[bot] in #​9710
• bump rattler crates together by @​jdx in #​9721
• update rust crate junction to v2 by @​renovate[bot] in #​9726
• update rust docker digest to 4d4ec51 by @​renovate[bot] in #​9734

📦 Registry

• use symlink_bins in ibmcloud by @​dnwe in #​9685

Chore

• (ci) pass mise github token to tests by @​risu729 in #​9684

📦 Aqua Registry Updates

New Packages (2)

• DataDog/managed-kubernetes-auditing-toolkit
• oracle.com/sqlcl

Updated Packages (3)

• alltuner/mise-completions-sync
• iann0036/iamlive
• pnpm/pnpm

v2026.5.3

Compare Source

🐛 Bug Fixes

• (aqua) resolve latest from GitHub releases by @​risu729 in #​9277

📦️ Dependency Updates

• update ubuntu:26.04 docker digest to f3d2860 by @​renovate[bot] in #​9697
• update ghcr.io/jdx/mise:alpine docker digest to d15f3f9 by @​renovate[bot] in #​9694
• update ghcr.io/jdx/mise:rpm docker digest to 9084f68 by @​renovate[bot] in #​9696
• update ghcr.io/jdx/mise:deb docker digest to dd8a908 by @​renovate[bot] in #​9695
• update rust crate ctor to 0.12 by @​renovate[bot] in #​9698

Chore

• (ci) increase lint job timeout for clippy by @​risu729 in #​9682
• (hk) drop jq from schema lint step by @​risu729 in #​9681

📦 Aqua Registry Updates

New Packages (2)

• DataDog/pup
• reviewdog/nightly

Updated Packages (1)

• gittuf/gittuf

v2026.5.2

Compare Source

🚀 Features

• (aqua) support registry libc variants by @​jdx in #​9652
• (bin-paths) add executable names output by @​risu729 in #​9617

🐛 Bug Fixes

• (aqua) preserve configured file extensions by @​risu729 in #​9611
• (aqua) support registry file links by @​risu729 in #​9610
• (backend) reject bare package backend names by @​risu729 in #​9608
• (backend) apply inline tool option overrides by @​risu729 in #​9306
• (backend) skip versions host for local tool opts by @​risu729 in #​9568
• (github) chmod explicit archive bin by @​risu729 in #​9609
• (install) skip remote-versions refresh in prefer-offline mode by @​jdx in #​9627
• (lock) scope targets to active project root by @​risu729 in #​9319
• (lockfile) respect existing platforms during auto-lock by @​jdx in #​9621
• (pipx) filter yanked pypi releases by @​risu729 in #​9607
• (pipx) declare python as a backend dependency by @​jdx in #​9678
• (schema) update refs to $defs in mise-registry-tool.json by @​risu729 in #​9671
• (task) terminate parallel siblings on failure via process groups by @​jdx in #​9655
• (task) stable MISE_PROJECT_ROOT for monorepo tasks, add MISE_MONOREPO_ROOT by @​jdx in #​9657
• (trust) run enter hooks after trusting config by @​risu729 in #​9634
• (ui) stop clearing screen for prompts by @​jdx in #​9619
• use /bin/cp on macos by @​pdehlke in #​9656

🚜 Refactor

• (aqua) store aqua var defaults as strings by @​risu729 in #​9645
• (config) support structured TOML values in registry backend options by @​risu729 in #​9584
• (deps) remove serde_derive dependency by @​risu729 in #​9670
• (deps) remove anyhow dependency by @​risu729 in #​9661
• (deps) use std::sync::LazyLock instead of once_cell::Lazy by @​risu729 in #​9668
• (schema) generate task schema from mise schema by @​risu729 in #​9581
• (schema) reuse task props with unevaluatedProperties by @​risu729 in #​9582
• (schema) reuse registry common types by @​risu729 in #​9648
• (schema) reuse plugin script config by @​risu729 in #​9647
• (schema) use $defs in schema files by @​risu729 in #​9646

📚 Documentation

• (node) add tips for enabling node idiomatic by @​fu050409 in #​9675

🧪 Testing

• (cli) remove nondeterministic tool depends assertion by @​risu729 in #​9633
• (e2e) pin uv to 0.11.8 around astral-sh/uv#19278 by @​jdx in #​9618
• (e2e) wait for docker env cleanup by @​risu729 in #​9631
• (zig) use official zig instead of mach mirror by @​jdx in #​9659

📦️ Dependency Updates

• fall through to hash check when providers have no outputs by @​jdx in #​9622
• bump Cargo.lock by @​jdx in #​9625

📦 Registry

• remove registry depends by @​risu729 in #​9571
• add code-review-graph (pipx:code-review-graph) by @​chautruonglong in #​9673

Chore

• (ci) split large registry test-tool changes by @​risu729 in #​9628
• (ci) make perf script robust to runner noise by @​jdx in #​9635
• (ci) skip hyperfine comments without permission by @​risu729 in #​9629

New Contributors

• @​chautruonglong made their first contribution in #​9673
• @​pdehlke made their first contribution in #​9656

📦 Aqua Registry Updates

New Packages (5)

• anthropics/anthropic-cli
• crates.io/wasmi_cli
• openclaw/gogcli
• racket-lang.org/racket-minimal
• runs-on/cli

Updated Packages (13)

• UpCloudLtd/upcloud-cli
• aristocratos/btop
• dprint/dprint
• j178/prek
• jdx/hk
• jdx/mise
• jdx/usage
• jreleaser/jreleaser
• jreleaser/jreleaser/standalone
• pnpm/pnpm
• suzuki-shunsuke/cmdx
• suzuki-shunsuke/ghir
• twpayne/chezmoi

v2026.5.1

Compare Source

🚀 Features

• (backend) support top-level aqua cosign verification by @​risu729 in #​9111

🐛 Bug Fixes

• (schema) validate all schema files with draft2020 and strict mode by @​risu729 in #​9594
• (shim) skip network resolution for installed tool dirs by @​jdx in #​9599

📚 Documentation

• (dev-tools) clarify vfox metadata depends for install hooks by @​risu729 in #​9573
• (plugins) remove registry submission guidance by @​risu729 in #​9577

📦️ Dependency Updates

• lock file maintenance by @​renovate[bot] in #​9586

📦 Registry

• remove bashly asdf fallback by @​risu729 in #​9578
• use github backend for rebar by @​risu729 in #​9576
• add wasm-tools (aqua:bytecodealliance/wasm-tools) by @​2xdevv in #​9596
• enable symlink_bins for elixir-ls by @​AlternateRT in #​9592

Chore

• (release) always append sponsor block to release notes by @​jdx in #​9580
• warn on vendored vfox embedded plugins by @​risu729 in #​9588
• prefer registry shorthands over cargo/npm backends in mise.toml by @​risu729 in #​9595

📦 Aqua Registry Updates

New Packages (2)

• salesforce/reactive-grpc/protoc-gen-reactor-grpc
• spinframework/spin

Updated Packages (1)

• pnpm/pnpm

v2026.5.0

Compare Source

🚀 Features

• (conda) graduate conda backend out of experimental by @​jdx in #​9544
• (deps) Add dart and flutter providers by @​tjarvstrand in #​9505
• (registry) add neo4j by @​mnm364 in #​9525
• (registry) add rustfs by @​mnm364 in #​9530
• (task) support exclusion patterns in task sources by @​jlarmstrongiv in #​9496
• (vfox) add stat function to lua file module by @​esteve in #​9497

🐛 Bug Fixes

• (backend) flag regex prerelease versions by @​jdx in #​9500
• (backend) mark -nightly/-canary/-experimental as prereleases by @​jdx in #​9523
• (backend) suppress no-versions warning for unresolved-latest backends by @​jdx in #​9548
• (backend) include dotnet prereleases from package flags by @​jdx in #​9551
• (backend) scope PEP 440 prerelease detection to Python backends by @​jdx in #​9558
• (cargo) Apply install_env during cargo install by @​c22 in #​9502
• (copr) drop epel-9 chroots since rust >= 1.91 is unavailable by @​jdx in #​9484
• (github) skip attestations on non-default api_url by @​jdx in #​9486
• (github) retry ip allow list errors without auth by @​risu729 in #​9506
• (http) update versions host tracking endpoint by @​jdx in #​9527
• (install) don't warn for configured tools when version is passed via CLI by @​jdx in #​9522
• (install) refresh latest before installing missing tools by @​jdx in #​9545
• (install) don't cache nonexistent install paths by @​jdx in #​9553
• (lockfile) don't propagate ad-hoc CLI overrides into the project lockfile by @​jdx in #​9562
• (plugin) detect plugin types after cloning by @​risu729 in #​9540
• (release) pass --no-git-checks to aube publish by @​jdx in #​9483
• (task) convert PATH to MSYS Unix form when spawning POSIX shells on Windows by @​JamBalaya56562 in #​9547

📚 Documentation

• (contributing) require popularity check for registry PRs by @​jdx in 7bbeebe
• (watch) update pitchfork domain to en.dev by @​risu729 in #​9536
• document ghtkn GitHub token setup by @​jdx in #​9546
• clarify registry backend acceptance policy by @​jdx in #​9543
• Change exec command to use bash for variable echo by @​kuboon in #​9567

🧪 Testing

• (e2e) run test-tool targets in parallel by @​jdx in #​9564
• (e2e) run tests in parallel by @​jdx in #​9563
• (e2e) bind-mount /tmp on disk and surface failed tests in CI summary by @​jdx in #​9570
• (tasks) migrate test_task_help atask to usage field by @​jdx in #​9549

📦️ Dependency Updates

• update fedora:45 docker digest to 8b838b3 by @​renovate[bot] in #​9507
• update ghcr.io/jdx/mise:deb docker digest to f02194c by @​renovate[bot] in #​9509
• update taiki-e/install-action digest to 7769b73 by @​renovate[bot] in #​9512
• update ghcr.io/jdx/mise:alpine docker digest to 581f8a8 by @​renovate[bot] in #​9508
• update rust crate ctor to v0.10.1 by @​renovate[bot] in #​9515
• update ghcr.io/jdx/mise:rpm docker digest to a5c9655 by @​renovate[bot] in #​9510
• update rust docker digest to a9cfb75 by @​renovate[bot] in #​9511
• update rust crate age to v0.11.3 by @​renovate[bot] in #​9514
• update rust crate jiff to v0.2.24 by @​renovate[bot] in #​9516
• update dependency vitepress-plugin-tabs to ^0.9.0 by @​renovate[bot] in #​9518
• update autofix-ci/action action to v1.3.4 by @​renovate[bot] in #​9513
• update rust crate usage-lib to v3.2.1 by @​renovate[bot] in #​9517
• update apple-actions/import-codesign-certs action to v7 by @​renovate[bot] in #​9519
• update taiki-e/install-action digest to 51cd0b8 by @​renovate[bot] in #​9531
• exclude taiki-e/install-action from renovate by @​jdx in #​9532
• update rust crate blake3 to v1.8.5 by @​renovate[bot] in #​9533

📦 Registry

• enable shellcheck on windows by @​zeitlinger in #​9487
• add google-java-format by @​zeitlinger in #​9488
• add expert (aqua:expert-lsp/expert) by @​AlternateRT in #​9498
• update entry for checkmake by @​eread in #​9504
• add systemctl-tui (aqua:rgwood/systemctl-tui) by @​2xdevv in #​9521
• add codon by @​3w36zj6 in #​9538
• add tool yr (backend:github:VirusTotal/yara-x) by @​adam-moss in #​9542
• add tool betterleaks (backend:aqua/betterleaks/betterleaks) by @​adam-moss in #​9541
• add git-filter-repo by @​garysassano in #​9550
• add umoci (aqua:opencontainers/umoci) by @​2xdevv in #​9555
• add aqua backend for elixir-ls by @​AlternateRT in #​9557
• deny inline backend options by @​risu729 in #​9565

Chore

• (ci) fail registry tests without summary by @​jdx in #​9559
• (ci) use !cancelled() instead of always() for test-ci aggregator by @​jdx in #​9569
• (ci) use namespace runners for ci jobs by @​jdx in #​9561
• (config) deprecate shorthands_file setting by @​risu729 in #​9534
• (docs) remove shrill.en.dev analytics script by @​jdx in #​9539
• (release) replace bc with awk in release-plz star formatting by @​jdx in d7f177f
• bump hk to 1.44.3 by @​jdx in #​9493
• invert CLAUDE.md/AGENTS.md so AGENTS.md is canonical by @​jdx in #​9560
• set dev profile debug to 1 by @​jdx in #​9572

New Contributors

• @​kuboon made their first contribution in #​9567
• @​AlternateRT made their first contribution in #​9557
• @​2xdevv made their first contribution in #​9555
• @​adam-moss made their first contribution in #​9541
• @​jlarmstrongiv made their first contribution in #​9496
• @​tjarvstrand made their first contribution in #​9505

v2026.4.28

Compare Source

🐛 Bug Fixes

• (copr) remove stale pinned image digest and rebuild copr image on Dockerfile changes by @​bestagi in #​9451
• (task) avoid gix panic when cloning a remote task by commit SHA by @​jdx in #​9473

v2026.4.27

Compare Source

🚀 Features

• (backend) add npm package-manager install options by @​risu729 in #​9109
• (release) list aqua package additions/updates in changelog by @​jdx in #​9471
• Make config_root available to environment plugins for relative path resolution by @​hisaac in #​9465
• watch sources of dependencies by @​43081j in #​9437

🐛 Bug Fixes

• (backend) Don't cache empty version lists by @​c22 in #​9444
• (shims) compare PATH entries case-insensitively on macOS by @​jdx in #​9468
• (task) preserve essential env vars under deny_env on Linux by @​jdx in #​9467

Chore

• (ci) make vendored-file-warning a failing check by @​jdx in #​9469

New Contributors

• @​43081j made their first contribution in #​9437
• @​hisaac made their first contribution in #​9465

📦 Aqua Registry Updates

New Packages (7)

• IohannRabeson/tmignore-rs
• endevco/pitchfork
• google/google-java-format
• jonwiggins/xmloxide
• matthart1983/netwatch
• solarwinds/swo-cli
• versity/versitygw

Updated Packages (5)

• WebAssembly/wabt
• bmf-san/ggc
• lycheeverse/lychee
• pnpm/pnpm
• tstack/lnav

v2026.4.25

Compare Source

🚀 Features

• (task) add --name-only flag to mise tasks ls by @​jdx in #​9435

🐛 Bug Fixes

• (Dockerfile) install copr-cli via dnf for better dependency management by @​bestagi in #​9421
• (aqua) drop empty-releases fallback to tags by @​jdx in #​9443
• (docs) fix theme flicker on docs by @​vhespanha in #​9427
• (lockfile) update global lockfile on upgrade by @​jdx in #​9442
• (ls-remote) omit rolling/prerelease from JSON when false by @​jdx in #​9439
• (task) support usage refs in dependency template tags by @​jdx in #​9424
• (task) populate usage.cmd for subcommand-only tasks; share make_usage_ctx by @​jdx in #​9431
• (task) resolve sandbox allow_read/allow_write against task dir by @​jdx in #​9428

📚 Documentation

• (site) add self-hosted page tracker via Cloudflare Worker, drop GoatCounter by @​jdx in #​9430

New Contributors

• @​vhespanha made their first contribution in #​9427

[v2026.4.24](https://redirect.github.com/jdx/mise/blob/HEAD/CHANGELOG.md#202

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone Europe/Paris)

• Branch creation
  • "after 7am every weekday,before 8pm every weekday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: undefined

Post-upgrade command 'pre-commit autoupdate --freeze || true' has not been added to the allowed list in allowedCommands

[sonar-review-alpha]

Summary

⚠️ The PR description exceeded the analysis limit and was truncated. The review may not reflect all context.

This is a straightforward dependency bump updating the mise version from 2026.4.23 to 2026.5.9 across all workflow and action files.

The change is consistent and mechanical — the same version number is updated in 6 locations:

• Two GitHub workflow files (test-build-number.yml, test-shell-scripts.yml)
• Four reusable action files (build-npm, build-poetry, build-yarn, promote)

The mise patch release includes bug fixes (aqua registry handling, vfox shell behavior, oauth flow), features (config watch_files shell, SPM artifact bundle support), and performance improvements (config template rendering).

What reviewers should know

Verification checklist:

• Confirm all 6 version references were updated consistently (they are)
• No other changes to workflow logic or configuration
• Version 2026.5.12 is noted as pending (+2 versions ahead) — this update doesn't pull the absolute latest, which is normal for Renovate's patch-level constraints

Start here: The diff is small and uniform — a quick scan confirms all version pinpoints match. No breaking changes indicated in the release notes for the bump from .4.23 to .5.9.

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

[hashicorp-vault-sonar-prod]

Renovate Jira issue ID: BUILD-11422

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 New dependency risks

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[sonar-review-alpha]

The 6 changed files are updated consistently and correctly. However, config-npm/action.yml was not included in this PR and still pins mise to 2026.3.7 (line 93) — a version older than even the pre-bump baseline. This means the config-npm action runs a meaningfully older mise than the rest of the ecosystem.

This should be addressed in this PR (or a follow-up) to keep the mise version consistent across all actions.

🗣️ Give feedback