fix(cli-tools): update cli-tools

[ppat-self-hosted-renovate-bot]

This PR contains the following updates:

Package	Update	Change	Pending
bitwarden/clients	minor	v2026.1.0 -> v2026.3.0
jdx/mise	patch	v2026.4.8 -> v2026.4.14	v2026.4.19 (+4)

---

Release Notes

bitwarden/clients (bitwarden/clients)

v2026.3.0: CLI v2026.3.0

Compare Source

• Removed password reset flows from CLI. Accounts required to set or reset a password will now see an error message when logging in
• Various under-the-hood improvements and minor bug fixes

v2026.2.0: CLI v2026.2.0

Compare Source

• Added email protected Sends
• Bug-fix for confirm user command
• Various under-the-hood improvements and minor bug fixes

Thank you! 💙 A big shout-out to the following community members for their contributions!

jdx/mise (jdx/mise)

v2026.4.14: : Fix GitHub attestation verification for some tools

Compare Source

A small patch release that fixes GitHub artifact attestation verification failures affecting some tools installed via the github: backend.

Fixed

• GitHub artifact attestation verification failing for some tools -- Tools installed via the github: backend that use GitHub release attestations (e.g. github:jdx/communique@0.1.9, github:jdx/fnox@1.20.0) could fail verification because the upstream sigstore-verification library did not handle GitHub release attestation certificates whose Subject Alternative Name (SAN) URL lacked a trailing slash. The dependency has been bumped from 0.2.3 to 0.2.5, which includes the upstream fix. #​9128 by @​jdx

Full Changelog: jdx/mise@v2026.4.13...v2026.4.14

v2026.4.13: : Remote version cache, Go install_before, and task tool objects

Compare Source

This release fixes several backend and schema edge cases, including stale GitHub/GitLab/Forgejo version caches, go: module install_before filtering, vfox plugins pinned to Git commit hashes, and task-local tool options.

Highlights

• Remote version cache settings now apply consistently to GitHub, GitLab, and Forgejo backends, so users can bypass stale release data when needed.
• go: module versions now carry release timestamps, allowing install_before to filter them correctly.
• Task-level tools now accepts object syntax, matching top-level tool declarations for options like Rust targets.

Added

• Object syntax for task-level tools -- Task-local tools entries now support map/object values in addition to strings, matching top-level [tools] behavior. This allows task-specific tool options such as Rust cross-compilation targets without requiring those options globally. #​9087 by @​Binlogo

  [tasks.example]
  tools = { rust = { version = "nightly-2024-12-14", targets = "aarch64-linux-android" } }

Fixed

• MISE_FETCH_REMOTE_VERSIONS_CACHE ignored by GitHub, GitLab, and Forgejo backends -- These backends previously hardcoded a daily API cache duration, ignoring fetch_remote_versions_cache, MISE_FETCH_REMOTE_VERSIONS_CACHE=0, and prefer_offline. They now use the shared setting, matching other backends and allowing users to bypass stale release caches. #​9096 by @​mcncl

• go: module versions ignored install_before -- The Go backend now populates version metadata with release timestamps from the module proxy and go list -m -json, allowing install_before to filter module versions correctly instead of falling back to untimestamped candidates. #​9097 by @​mariusvniekerk

• vfox plugins pinned to Git commit hashes in mise.toml -- mise install could fail for vfox plugins declared with Git URLs and commit hashes because ensure_installed did not share the same install path as mise plugin install. vfox plugin installation now reuses the plugin install logic so both flows behave consistently. #​9099 by @​Oyami-Srk

• Schema support for OS/architecture filters -- The JSON schemas now share reusable tool os filter definitions, including compound os/arch entries such as macos/arm64 and linux/x64, across top-level tools and task-local tools. #​9095 by @​risu729

Changed

• cargo-deny advisory checks unblocked -- Removed a stale RustSec ignore, updated rustls-webpki on the modern rustls stack, and adjusted advisory ignores for the older transitive AWS rustls dependency chain so advisory checks can pass again. #​9112 by @​jdx

New Contributors

• @​Binlogo made their first contribution in #​9087
• @​mariusvniekerk made their first contribution in #​9097
• @​mcncl made their first contribution in #​9096
• @​Oyami-Srk made their first contribution in #​9099

Full Changelog: jdx/mise@v2026.4.12...v2026.4.13

v2026.4.12: : OS/arch filtering, task confirmation defaults, and npm supply chain improvements

Compare Source

This release adds OS/architecture compound filtering for tool configuration, lets task confirmation prompts default to "no" for destructive actions, and upgrades npm supply chain protection to use the recommended --min-release-age flag. It also fixes several bugs including a panic on empty config filename overrides and circular shim symlinks.

Highlights

• Tool os field now supports os/arch compound entries like "macos/arm64" or "linux/x64", letting you restrict tools to specific platform and architecture combinations.
• Task confirm can now default to "no", so destructive tasks require the user to explicitly opt in rather than just pressing Enter.
• npm supply chain protection now uses the purpose-built --min-release-age flag on npm 11.10.0+, aligning with npm's recommended approach.

Added

• OS/architecture compound syntax in tool filtering -- The os field on tool entries now accepts os/arch entries (e.g. os = ["linux", "macos/arm64"]). When an entry contains /, both the OS and architecture must match. Plain OS entries continue to match any architecture. OS aliases (darwin to macos) and arch aliases (aarch64 to arm64, x86_64/amd64 to x64) are normalized automatically. #​9088 by @​RobertDeRose

  [tools]
  # Install on all Linux machines and Apple Silicon Macs, but skip Intel Macs
  hk = { version = "latest", os = ["linux", "macos/arm64"] }

• Task confirmation default -- The confirm field on tasks now accepts a map with message and default keys, allowing you to set whether the prompt defaults to "yes" or "no". This is useful for destructive tasks where you want the user to explicitly confirm. The existing string syntax continues to work and defaults to "yes" for backwards compatibility. #​9089 by @​roele

  [tasks.release]
  confirm = { message = "Are you sure you want to cut a release?", default = "no" }
  run = "scripts/release.sh"

• npm --min-release-age for supply chain protection -- When install_before is configured, mise now uses npm's --min-release-age=<days> flag for npm 11.10.0+, which is the flag npm recommends for supply chain protection. Older npm versions continue to use --before. Sub-day windows also fall back to --before since --min-release-age is day-granular. #​9072 by @​webkaz

• New registry entries -- Added openfga (#​9084 by @​mnm364), copilot (#​9082 by @​risu729), and trzsz-go (#​9083 by @​ZeroAurora).

Fixed

• Panic on empty MISE_OVERRIDE_CONFIG_FILENAMES -- Setting MISE_OVERRIDE_CONFIG_FILENAMES="" (e.g. to clear it for a child process) caused a panic because the empty string was injected as a config path, which resolved to the filesystem root and had no parent directory. Empty segments from empty strings, leading/trailing colons, and consecutive colons are now filtered out. #​9076 by @​baby-joel

• Circular shim symlinks when shims are on PATH -- When mise activate --shims put the shims directory on PATH and a mise shim existed (e.g. from having core:rust in the toolset after a cargo install), reshim would create shims pointing to the mise shim instead of the real binary, including a circular mise to mise symlink that broke all shims. doctor would also falsely report all shims as "missing". Both now use which_no_shims to resolve the real mise binary. #​9071 by @​kevinswiber

• __MISE_EXE not exported in bash activate -- The __MISE_EXE variable was not exported in the bash activation script, so child shells couldn't access it and the mise function failed. Additionally, when ARGV0 was a bare name (e.g. mise) instead of an absolute path, PATH changes could break execution. The variable is now properly exported and bare names are resolved via which. #​9081 by @​fru1tworld

• Aliased installs sharing a backend were deduplicated -- When multiple tool aliases (e.g. iii and iii-console) resolved to the same backend and version (e.g. github:iii-hq/iii@latest), the install scheduler collapsed them into a single job and skipped the second install. The dependency graph now keys on the configured tool name plus version, so alias-specific options like asset_pattern and bin_path are preserved. #​9093 by @​jdx

New Contributors

• @​kevinswiber made their first contribution in #​9071
• @​webkaz made their first contribution in #​9072
• @​RobertDeRose made their first contribution in #​9088

Full Changelog: jdx/mise@v2026.4.11...v2026.4.12

v2026.4.11: : Task dependency templates and npm semver range support

Compare Source

A small release with two meaningful bug fixes: task dependency templates with {{usage.*}} references now resolve correctly even when the task is called without arguments, and package.json devEngines version fields are now parsed as full npm semver ranges instead of being simplified into prefix matches.

Fixed

• Task dependency templates now render without arguments -- When a task declared dependencies using {{usage.*}} templates (e.g. depends = ["child {{usage.app}}"]), those templates were only rendered if the task received explicit CLI arguments. If the usage spec defined defaults but no args were passed, the templates were left unresolved and the dependencies were silently dropped, causing the task to run with no dependencies at all. The guard now checks whether dependencies contain usage references rather than whether args are non-empty. #​9062 by @​MatthiasGrandl

• npm semver ranges in devEngines -- mise previously simplified package.json devEngines version fields by stripping range operators (>=, ^, ~) and trimming trailing .0 segments to produce a prefix for fuzzy matching. This was lossy and incorrect in many cases (e.g. ^20.0.1 was simplified to 20, matching 20.0.0). mise now preserves the original range string and resolves it against available versions using proper npm semver semantics via the nodejs-semver crate. Compound ranges (>=20 <21 || >=22), caret/tilde ranges, and wildcard segments all work correctly. #​9061 by @​risu729

• Documentation typo in Go backend -- The docs for Go build tags incorrectly showed --tags instead of the correct -tags flag. #​9065 by @​dolmen

New Contributors

• @​dolmen made their first contribution in #​9065
• @​MatthiasGrandl made their first contribution in #​9062

Full Changelog: jdx/mise@v2026.4.10...v2026.4.11

v2026.4.10: : Fix spurious warnings from postinstall hooks running tasks

Compare Source

A small patch release that fixes a single bug affecting tool postinstall hooks.

Fixed

• Spurious warnings from postinstall hooks running tasks -- When a tool-level postinstall hook ran a nested mise run, the child process inherited the MISE_TOOL_VERSION environment variable set during hooks. ToolsetBuilder was incorrectly parsing this as a request to install a tool named tool at the given version via the MISE_<TOOL>_VERSION convention, producing spurious registry warnings before the task executed. mise now ignores MISE_TOOL_VERSION in the same way it already ignored MISE_INSTALL_VERSION. #​9050 by @​risu729

Full Changelog: jdx/mise@v2026.4.9...v2026.4.10

v2026.4.9: : Cross-device installs, deterministic lockfiles, and sandbox template support

Compare Source

This release fixes cross-device tool installation failures, makes lockfile provenance resolution deterministic across platforms, and adds sandbox field support to task templates. Several smaller fixes address env precedence in multi-environment setups and spurious warnings from tools=true module hooks.

Highlights

• Cross-device tool installation -- Installing bun, deno, erlang, java, or ruby no longer fails when the downloads directory and installs directory are on different filesystems (e.g., Docker cache mounts). mise now falls back to copy+remove when rename() returns a cross-device error.
• Deterministic lockfile provenance -- mise lock now resolves SLSA provenance URLs for all target platforms, not just the current host. This eliminates non-deterministic lockfile diffs when running mise lock on different machines.
• Sandbox fields in task templates -- Task templates now support all sandbox fields (deny_all, deny_read, deny_write, deny_net, deny_env, allow_read, allow_write, allow_net, allow_env), with deny fields composing restrictively and allow lists combining template and task-local values.

Fixed

• Cross-device tool installation -- When the downloads folder is on a different mount than the installs folder (common with Docker cache mounts or devcontainers), rename() fails with EXDEV. mise now uses a move_file helper that falls back to copy+remove, fixing installation of bun, deno, erlang, java, and ruby in these setups. #​9032 by @​bgeron

• Deterministic SLSA provenance in lockfiles -- mise lock previously only resolved full SLSA provenance URLs for the current host platform, writing provenance = "slsa" (short form) for cross-platform entries. Now both the GitHub and Aqua backends resolve provenance URLs for all target platforms, producing byte-for-byte identical lockfiles regardless of which machine generates them. #​8982 by @​cameronbrill

• Sandbox fields in task templates -- Task templates now accept sandbox configuration fields. Deny fields compose restrictively (OR with task-local settings), and allow lists combine template values with task-local values. #​9046 by @​risu729

  [task_templates.restricted]
  deny_net = true
  allow_env = ["CI"]
  
  [tasks.build]
  extends = "restricted"
  allow_env = ["NODE_ENV"]  # combined: ["CI", "NODE_ENV"]

• Env precedence for task config -- With multiple MISE_ENV values (e.g., MISE_ENV=prod,ci), task_config.includes and task_config.dir now correctly respect the documented last-env-wins precedence. Previously the order was reversed, causing the wrong profile's task config to take effect. #​9039 by @​risu729

• Spurious warnings from tools=true module hooks -- When a vfox backend tool triggered dependency_env(), it previously resolved all tools=true env modules with an incomplete PATH, causing "command not found" warnings. The dependency env now skips tools=true module resolution entirely. #​9011 by @​jdx

• Implicit self_update with rustls features -- Building mise with --features rustls or --features rustls-native-roots no longer implicitly enables the self_update feature. The self_update/rustls entries in these feature lists were redundant and caused the optional self_update dependency to be silently pulled in. #​9040 by @​salim-b

• JSON schema completeness -- Added missing fields to the mise JSON schema: sandbox fields on tasks, legacy top-level env_file/dotenv/env_path shortcuts (marked deprecated), and age encryption directive options with proper nesting. #​9044 by @​risu729

• Windows .exe in release checksums -- Release builds now publish the extracted mise.exe alongside the Windows .zip archives and include it in SHASUMS256.txt, enabling SHA256 verification of the standalone binary (e.g., by mise-action). #​8997 by @​zeitlinger

• granted registry entry -- Updated the granted tool to point to the new fwdcloudsec/granted repository after the project moved from common-fate/granted. #​9033 by @​risu729

New Contributors

• @​bgeron made their first contribution in #​9032
• @​salim-b made their first contribution in #​9040

Full Changelog: jdx/mise@v2026.4.8...v2026.4.9

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.