fix(deps): update dependency jdx/mise to v2026.5.2

[renovate]

This PR contains the following updates:

Package	Update	Change	Pending
jdx/mise	patch	2026.5.0 → 2026.5.2	2026.5.8 (+5)

---

Release Notes

jdx/mise (jdx/mise)

v2026.5.2

Compare Source

🚀 Features

• (aqua) support registry libc variants by @​jdx in #​9652
• (bin-paths) add executable names output by @​risu729 in #​9617

🐛 Bug Fixes

• (aqua) preserve configured file extensions by @​risu729 in #​9611
• (aqua) support registry file links by @​risu729 in #​9610
• (backend) reject bare package backend names by @​risu729 in #​9608
• (backend) apply inline tool option overrides by @​risu729 in #​9306
• (backend) skip versions host for local tool opts by @​risu729 in #​9568
• (github) chmod explicit archive bin by @​risu729 in #​9609
• (install) skip remote-versions refresh in prefer-offline mode by @​jdx in #​9627
• (lock) scope targets to active project root by @​risu729 in #​9319
• (lockfile) respect existing platforms during auto-lock by @​jdx in #​9621
• (pipx) filter yanked pypi releases by @​risu729 in #​9607
• (pipx) declare python as a backend dependency by @​jdx in #​9678
• (schema) update refs to $defs in mise-registry-tool.json by @​risu729 in #​9671
• (task) terminate parallel siblings on failure via process groups by @​jdx in #​9655
• (task) stable MISE_PROJECT_ROOT for monorepo tasks, add MISE_MONOREPO_ROOT by @​jdx in #​9657
• (trust) run enter hooks after trusting config by @​risu729 in #​9634
• (ui) stop clearing screen for prompts by @​jdx in #​9619
• use /bin/cp on macos by @​pdehlke in #​9656

🚜 Refactor

• (aqua) store aqua var defaults as strings by @​risu729 in #​9645
• (config) support structured TOML values in registry backend options by @​risu729 in #​9584
• (deps) remove serde_derive dependency by @​risu729 in #​9670
• (deps) remove anyhow dependency by @​risu729 in #​9661
• (deps) use std::sync::LazyLock instead of once_cell::Lazy by @​risu729 in #​9668
• (schema) generate task schema from mise schema by @​risu729 in #​9581
• (schema) reuse task props with unevaluatedProperties by @​risu729 in #​9582
• (schema) reuse registry common types by @​risu729 in #​9648
• (schema) reuse plugin script config by @​risu729 in #​9647
• (schema) use $defs in schema files by @​risu729 in #​9646

📚 Documentation

• (node) add tips for enabling node idiomatic by @​fu050409 in #​9675

🧪 Testing

• (cli) remove nondeterministic tool depends assertion by @​risu729 in #​9633
• (e2e) pin uv to 0.11.8 around astral-sh/uv#19278 by @​jdx in #​9618
• (e2e) wait for docker env cleanup by @​risu729 in #​9631
• (zig) use official zig instead of mach mirror by @​jdx in #​9659

📦️ Dependency Updates

• fall through to hash check when providers have no outputs by @​jdx in #​9622
• bump Cargo.lock by @​jdx in #​9625

📦 Registry

• remove registry depends by @​risu729 in #​9571
• add code-review-graph (pipx:code-review-graph) by @​chautruonglong in #​9673

Chore

• (ci) split large registry test-tool changes by @​risu729 in #​9628
• (ci) make perf script robust to runner noise by @​jdx in #​9635
• (ci) skip hyperfine comments without permission by @​risu729 in #​9629

New Contributors

• @​chautruonglong made their first contribution in #​9673
• @​pdehlke made their first contribution in #​9656

📦 Aqua Registry Updates

New Packages (5)

• anthropics/anthropic-cli
• crates.io/wasmi_cli
• openclaw/gogcli
• racket-lang.org/racket-minimal
• runs-on/cli

Updated Packages (13)

• UpCloudLtd/upcloud-cli
• aristocratos/btop
• dprint/dprint
• j178/prek
• jdx/hk
• jdx/mise
• jdx/usage
• jreleaser/jreleaser
• jreleaser/jreleaser/standalone
• pnpm/pnpm
• suzuki-shunsuke/cmdx
• suzuki-shunsuke/ghir
• twpayne/chezmoi

v2026.5.1

Compare Source

🚀 Features

• (backend) support top-level aqua cosign verification by @​risu729 in #​9111

🐛 Bug Fixes

• (schema) validate all schema files with draft2020 and strict mode by @​risu729 in #​9594
• (shim) skip network resolution for installed tool dirs by @​jdx in #​9599

📚 Documentation

• (dev-tools) clarify vfox metadata depends for install hooks by @​risu729 in #​9573
• (plugins) remove registry submission guidance by @​risu729 in #​9577

📦️ Dependency Updates

• lock file maintenance by @​renovate[bot] in #​9586

📦 Registry

• remove bashly asdf fallback by @​risu729 in #​9578
• use github backend for rebar by @​risu729 in #​9576
• add wasm-tools (aqua:bytecodealliance/wasm-tools) by @​2xdevv in #​9596
• enable symlink_bins for elixir-ls by @​AlternateRT in #​9592

Chore

• (release) always append sponsor block to release notes by @​jdx in #​9580
• warn on vendored vfox embedded plugins by @​risu729 in #​9588
• prefer registry shorthands over cargo/npm backends in mise.toml by @​risu729 in #​9595

📦 Aqua Registry Updates

New Packages (2)

• salesforce/reactive-grpc/protoc-gen-reactor-grpc
• spinframework/spin

Updated Packages (1)

• pnpm/pnpm

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday (* 0-4,22-23 * * 1-5)
  • Only on Sunday and Saturday (* * * * 0,6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

Version Update: mise v2026.5.0 → v2026.5.2 (patch update)

Key Changes in v2026.5.2 (2026-05-07):

• Aqua Backend Improvements: Multiple bug fixes for aqua backend including registry libc variants support, preserved file extensions, registry file links support, and explicit archive binary chmod
• Installation Fixes: Skip remote-versions refresh in prefer-offline mode, respect existing platforms during auto-lock
• Pipx Backend Fixes: Filter yanked PyPI releases, declare Python as backend dependency
• Task System: Terminate parallel siblings on failure via process groups, stable MISE_PROJECT_ROOT for monorepo tasks
• Backend Core: Apply inline tool option overrides, skip versions host for local tool opts, reject bare package backend names
• UI/UX: Stop clearing screen for prompts
• macOS Compatibility: Use /bin/cp on macOS

Key Changes in v2026.5.1 (2026-05-05):

• Aqua Backend: Top-level cosign verification support
• Schema Validation: Validate all schema files with draft2020 and strict mode
• Shim Performance: Skip network resolution for installed tool dirs

Breaking Changes: None identified - all changes are bug fixes, features, and refactoring

Security-Related Changes:

• Schema validation improvements (draft2020 and strict mode)
• Cosign verification support for aqua backend (security enhancement)
• No CVE fixes or critical security patches mentioned

🎯 Impact Scope Investigation

Usage Analysis:

1. Dockerfile (Primary Usage):

   • Line 6: ARG MISE_VERSION=2026.5.2 - version argument
   • Lines 36, 45, 56, 69, 78: mise use -g commands to install runtimes
   • Used to install: Node.js, Ruby, Go, Python, Rust in Docker base image

2. Development Tools (mise.toml):

   • Used via aqua backend for: golangci-lint, lefthook, hadolint
   • These are development-time tools only, not part of runtime

3. CI Workflows (.github/workflows/ci.yml):

   • Uses jdx/mise-action@v4.0.1 to install tools from mise.toml
   • All CI jobs depend on mise for tool installation

Impact Assessment:

• Runtime Impact: Minimal - mise is used only during Docker build phase
• Build Process: Mise installs language runtimes (Node, Ruby, Go, Python, Rust) that are then used by the sandbox
• CI Impact: All CI jobs use mise to install development tools
• Aqua Backend: Project uses aqua backend for 3 tools (golangci-lint, lefthook, hadolint) - bug fixes in this area are beneficial

Dependency Chain:

• mise downloads and installs language runtimes during Docker build
• Language binaries are bind-mounted into nsjail sandboxes
• No direct runtime dependency - mise is a build-time tool only

Potential Risks:

• Very Low Risk: Patch version update with bug fixes only
• Installation behavior improvements reduce potential issues
• Aqua backend fixes improve reliability for development tools
• No changes to core runtime installation mechanisms

💡 Recommended Actions

Immediate Actions:

1. Merge the PR - This is a safe patch update with bug fixes and improvements
2. Rebuild Docker image - Run docker compose down && docker compose up --build -d to apply changes
3. Run E2E tests - Verify all runtimes work correctly: go test -v -tags e2e -parallel 2 ./e2e/...

Verification Steps:

# Rebuild with new mise version
docker compose down && docker compose up --build -d

# Run full test suite
go test -v ./...
go test -v -tags e2e -parallel 2 ./e2e/...

Expected Behavior:

• All language runtimes (Node, Ruby, Go, Python, Rust, Bash) should install successfully
• No changes to runtime behavior or sandbox functionality
• Improved reliability for aqua-based development tools
• CI workflows should continue working without modification

Post-Merge Monitoring:

• Watch for any Docker build failures (unlikely)
• Monitor E2E test results in CI
• No application code changes required

Additional Notes:

• This PR is auto-generated by Renovate for dependency updates
• The update is well within semantic versioning patch guidelines
• Release notes show active maintenance and bug fixes
• No migration guide needed - fully backward compatible

🔗 Reference Links

• mise v2026.5.2 Release Notes
• mise v2026.5.1 Release Notes
• mise GitHub Repository
• PR Diff

Generated by koki-develop/claude-renovate-review