Update dependency mise to 2026.4.14

[renovate]

This PR contains the following updates:

Package	Update	Change	Pending
mise	patch	2026.4.10 → 2026.4.14	2026.4.18 (+3)

---

Release Notes

jdx/mise (mise)

v2026.4.14

Compare Source

Chore

• bump sigstore-verification by @​jdx in #​9128

v2026.4.13

Compare Source

🐛 Bug Fixes

• (go) honor install_before for module versions by @​mariusvniekerk in #​9097
• (vfox-plugin) support Git URL with commit hash for mise.toml by @​Oyami-Srk in #​9099
• MISE_FETCH_REMOTE_VERSIONS_CACHE not respected by @​mcncl in #​9096

📦️ Dependency Updates

• unblock cargo-deny advisories check by @​jdx in #​9112

New Contributors

• @​mariusvniekerk made their first contribution in #​9097
• @​mcncl made their first contribution in #​9096
• @​Oyami-Srk made their first contribution in #​9099

v2026.4.12

Compare Source

🚀 Features

• (npm) use --min-release-age for npm 11.10.0+ supply chain protection by @​webkaz in #​9072
• (registry) add openfga by @​mnm364 in #​9084
• (task) allow to set confirmation default by @​roele in #​9089
• support os/arch compound syntax in tool os filtering by @​RobertDeRose in #​9088

🐛 Bug Fixes

• (activate) export __MISE_EXE and resolve bare ARGV0 to absolute path by @​fru1tworld in #​9081
• (install) support aliased installs sharing a backend by @​jdx in #​9093
• (shim) use which_no_shims when resolving mise binary in reshim and doctor by @​kevinswiber in #​9071
• filter empty segments in colon-separated env var parsing by @​baby-joel in #​9076

📚 Documentation

• fix wrong file reference to forgejo backend implemenation by @​roele in #​9090
• fix cli token command for token resolution by @​roele in #​9077

📦 Registry

• add trzsz-go (aqua:trzsz/trzsz-go) by @​ZeroAurora in #​9083
• add copilot (aqua:github/copilot-cli) by @​risu729 in #​9082

Chore

• add AGENTS.md symlink by @​jdx in #​9094

New Contributors

• @​kevinswiber made their first contribution in #​9071
• @​webkaz made their first contribution in #​9072
• @​RobertDeRose made their first contribution in #​9088

📦 Aqua Registry Updates

New Packages (7)

• IBM-Cloud/ibm-cloud-cli-release
• max-sixty/worktrunk
• micelio.dev/hif
• pgplex/pgschema
• rose-pine/rose-pine-bloom
• santosr2/TerraTidy
• trzsz/trzsz-go

Updated Packages (3)

• mvdan/sh
• rvben/rumdl
• temporalio/temporal

v2026.4.11

Compare Source

🐛 Bug Fixes

• (docs) typo in Go Backend by @​dolmen in #​9065
• (task) render dependency templates even when no args are passed by @​MatthiasGrandl in #​9062
• support npm semver ranges in devEngines by @​risu729 in #​9061

New Contributors

• @​dolmen made their first contribution in #​9065
• @​MatthiasGrandl made their first contribution in #​9062

---

Configuration

📅 Schedule: (in timezone CET)

• Branch creation
  • "after 7am every weekday,before 7pm every weekday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sonar-review-alpha]

Summary

⚠️ The PR description exceeded the analysis limit and was truncated. The review may not reflect all context.

This PR updates the mise tool version in GitHub Actions workflows from 2026.4.10 to 2026.4.14 (a 4-patch version bump). The version is bumped in three workflow files: build.yml (2 occurrences) and shadow_scans.yml (1 occurrence).

The update includes bug fixes across Go module installations, vfox plugin support, environment variable caching, and npm supply chain protections, plus minor features for task confirmation defaults and OS/arch filtering.

What reviewers should know

Scope: This is a CI tooling update with no code changes—only workflow configuration files are modified.

Verification: All three workflow files (build.yml and shadow_scans.yml) are updated consistently to the same version. The mise-action GitHub Action is pinned to a specific commit hash, so the version parameter controls which release of mise is installed at workflow runtime.

No breaking changes: The release notes show only bug fixes and incremental features compatible with existing usage. The version bump is safe to merge without code modifications.

Testing: The build and shadow_scans workflows will automatically test this change on the next run.

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

[hashicorp-vault-sonar-prod]

Renovate Jira issue ID: MCP-429

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 New dependency risks

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[sonar-review-alpha]

LGTM! ✅

Clean automated patch bump — all 3 mise version pins updated consistently across both workflow files. The jdx/mise-action action itself remains commit-hash pinned and unchanged; only the version: parameter (the mise CLI version to install at runtime) moves from 2026.4.10 to 2026.4.14. No other workflow files reference mise. The 4 patch versions traversed contain only bug fixes and minor features with no breaking changes.

🗣️ Give feedback