deps: update dependency jdx/mise to v2026.5.11

[renovate]

This PR contains the following updates:

Package	Update	Change
jdx/mise	patch	2026.5.9 → 2026.5.11

---

Release Notes

jdx/mise (jdx/mise)

v2026.5.11: : Provenance verification at lock time

Compare Source

Added

• (security) Verify and record provenance during mise lock, with a new provenance_api_failures_fatal setting to control whether GitHub attestation API failures are fatal (#​9945 by @​jdx).
• (security) Fall back to verifying archive contents when SLSA provenance attests every file inside an archive but not the archive itself, fixing releases like github:prefix-dev/pixi@0.68.1 (#​9898 by @​sargunv).
• (plugins) Support remote git subdirectory sources for plugins, e.g. git::https://host/repo.git//path/to/plugin?ref=branch (#​9893 by @​jdx).

Fixed

• (github) Asset picker now picks the shortest matching name as a tiebreaker for asset_pattern and accepts platform-agnostic runtime archives like .phar, .jar, and .pyz (fixes installing composer) (#​9946 by @​jdx).
• (config) Invalid miserc.toml now produces a clear parse error at startup instead of being silently ignored (#​9937 by @​jdx).
• (install) Per-tool .mise.backend.toml metadata is now written alongside install directories, making merged/copied installs self-describing and refreshing install state mid-run so same-run dependency resolution sees freshly installed tools (#​9941 by @​jdx).
• (install) postinstall hooks now run through the configured default inline shell instead of $SHELL -c (#​9812 by @​risu729).
• (cache) mise cache prune [PLUGIN]... now honors the plugin filter instead of pruning every cache directory (#​9914 by @​risu729).
• (task) Preserve task-declared env, MISE_TASK_* metadata, and MISE_ENV across nested hook-env invocations, while keeping the nested-PATH fix from #​9765 intact (#​9850 by @​risu729).
• (backend) Resolve helper dependency toolsets in offline mode so minimum_release_age cannot mis-route helper tools like node/npm when querying upstream versions (#​9808 by @​risu729).
• (vfox) Key vfox EnvKeys hooks by the resolved install path so shared/system installs don't reuse user-path cache entries (#​9907 by @​risu729).
• (use) Skip the mise use -g shadow warning when the active version comes from system config (#​9900 by @​risu729).
• (doctor) List installed plugins from install state, including those owned by disabled backends, and add a plugins object to mise doctor -J (#​9863 by @​risu729).
• (erlang) erlang.compile = false is now strict precompiled mode and no longer falls back to kerl build-install on unsupported distros (#​9866 by @​risu729).

Changed

• (registry) Prefer the aqua backend for cilium-hubble, localstack, mark, openbao, porter, process-compose, rtk, sqlc, turso, and xcodegen, with existing GitHub/asdf backends preserved as fallbacks (#​9789 by @​risu729).
• (registry) Add aqua:jbangdev/jbang as the primary backend for jbang, enabling Windows support (#​9811 by @​risu729).
• (registry) Alias dotnet-core to dotnet (#​9807 by @​risu729).
• (registry) Add lisette (#​9944 by @​ivov).
• (registry) Fix sourcery archive format so macOS installs use the .zip asset instead of trying to extract it as tar.gz (#​9902 by @​risu729).
• (docs) Trim the global settings example in the configuration docs (#​9912 by @​risu729).

New Contributors

• @​ivov made their first contribution in #​9944

💚 Sponsor mise

mise is built by @​jdx under en.dev — an independent studio making developer tooling (mise, aube, and more). Development is funded by sponsors.

If mise saves you or your team time, please consider sponsoring at en.dev. Individual and company sponsorships keep mise fast, free, and independent.

v2026.5.10: : AWS SSO for s3 backends

Compare Source

A small release that unblocks s3 backends for users on AWS SSO profiles, plus two minor option-handling fixes that fell out of an internal refactor of the GitHub/GitLab/Forgejo backend.

Fixed

• (s3) s3 backends now work with SSO-based AWS profiles. The sso feature of aws-config is enabled, so configurations that authenticate via AWS IAM Identity Center no longer fail with:

  S3 error: DispatchFailure { ... ProfileFile provider could not be built:
  This behavior requires following cargo feature(s) enabled: sso.
  

  (#​9875 by @​Amir-Ahmad).

• (backend) Two small behavior fixes landed while centralizing Git backend option reads (#​9838 by @​risu729):

  • Forgejo now applies the same install-time option filtering as GitHub/GitLab.
  • no_app is now read through target-aware platform option lookup, so platforms.<target>.no_app = true is honored when resolving assets for cross-platform lockfiles.

Changed

• (backend) Internal refactor introducing a shared BackendOptions reader and a typed option wrapper for the unified GitHub/GitLab/Forgejo backend. No user-visible behavior change beyond the fixes above (#​9838 by @​risu729).

New Contributors

• @​Amir-Ahmad made their first contribution in #​9875

Full Changelog: jdx/mise@v2026.5.9...v2026.5.10

💚 Sponsor mise

mise is built by @​jdx under en.dev — an independent studio making developer tooling (mise, aube, and more). Development is funded by sponsors.

If mise saves you or your team time, please consider sponsoring at en.dev. Individual and company sponsorships keep mise fast, free, and independent.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.