Skip to content

test(deps): update dependency mise to v2026.3.12 (main)#6260

Merged
renovate[bot] merged 1 commit intomainfrom
renovate/main-test-mise-2026.x
Mar 22, 2026
Merged

test(deps): update dependency mise to v2026.3.12 (main)#6260
renovate[bot] merged 1 commit intomainfrom
renovate/main-test-mise-2026.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Mar 22, 2026

This PR contains the following updates:

Package Update Change
mise patch 2026.3.102026.3.12

Release Notes

jdx/mise (mise)

v2026.3.12: : Supply chain protection for lockfile upgrades

Compare Source

A small but important release that adds supply chain protection for lockfile upgrades and fixes zsh completions broken by the usage v3.1.0 update. This release also includes the binary assets that were missing from v2026.3.11 due to the completions issue.

Security

  • Block GitHub tool upgrades when provenance is lost -- When upgrading a github: backend tool, mise now checks whether the prior locked version had provenance verification (e.g., GitHub Attestations). If the new version lacks provenance that the old version had, the upgrade is blocked with an error indicating a potential supply chain attack. The old provenance-verified lockfile entry is preserved, and the error includes both versions for easy investigation. This check applies to mise lock, mise install, and mise use. #​8706 by @​jdx

    Example error:

    github:example/tool@2.0.0 has no provenance verification on linux-x64,
but github:example/tool@1.5.0 had github-attestations. This could indicate
a supply chain attack. Verify the release is authentic before proceeding.

Fixed

  • Zsh completions updated for usage v3.1.0 -- The prerendered zsh completion script has been regenerated to match the new output format from usage v3.1.0, which switched from _arguments to _describe and changed quoting behavior. This also fixes the binary build failure that prevented v2026.3.11 from publishing release assets. #​8715 by @​jdx

Full Changelog: jdx/mise@v2026.3.11...v2026.3.12

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot enabled auto-merge March 22, 2026 23:21
@renovate renovate bot added this pull request to the merge queue Mar 22, 2026
Merged via the queue into main with commit debd093 Mar 22, 2026
58 checks passed
@renovate renovate bot deleted the renovate/main-test-mise-2026.x branch March 22, 2026 23:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants