fix(deps): update dependency jdx/mise to v2026.5.1

[renovate]

This PR contains the following updates:

Package	Update	Change	Pending
jdx/mise	patch	2026.5.0 → 2026.5.1	2026.5.7 (+5)

---

Release Notes

jdx/mise (jdx/mise)

v2026.5.1

Compare Source

🚀 Features

• (backend) support top-level aqua cosign verification by @​risu729 in #​9111

🐛 Bug Fixes

• (schema) validate all schema files with draft2020 and strict mode by @​risu729 in #​9594
• (shim) skip network resolution for installed tool dirs by @​jdx in #​9599

📚 Documentation

• (dev-tools) clarify vfox metadata depends for install hooks by @​risu729 in #​9573
• (plugins) remove registry submission guidance by @​risu729 in #​9577

📦️ Dependency Updates

• lock file maintenance by @​renovate[bot] in #​9586

📦 Registry

• remove bashly asdf fallback by @​risu729 in #​9578
• use github backend for rebar by @​risu729 in #​9576
• add wasm-tools (aqua:bytecodealliance/wasm-tools) by @​2xdevv in #​9596
• enable symlink_bins for elixir-ls by @​AlternateRT in #​9592

Chore

• (release) always append sponsor block to release notes by @​jdx in #​9580
• warn on vendored vfox embedded plugins by @​risu729 in #​9588
• prefer registry shorthands over cargo/npm backends in mise.toml by @​risu729 in #​9595

📦 Aqua Registry Updates

New Packages (2)

• salesforce/reactive-grpc/protoc-gen-reactor-grpc
• spinframework/spin

Updated Packages (1)

• pnpm/pnpm

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday (* 0-4,22-23 * * 1-5)
  • Only on Sunday and Saturday (* * * * 0,6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

Version Change: mise v2026.5.0 → v2026.5.1 (patch release)

Key Changes:

• New Feature: Support for top-level aqua cosign verification enabling signature verification for both checksum and artifact flows using sigstore verification paths
• Critical Bug Fix: Fixed shim rebuilding crash when encountering stale installation directories with non-resolvable version names (orphaned "latest" folders). The system now treats on-disk directory names as concrete versions without attempting network resolution
• Schema Improvements: All JSON schemas standardized to JSON Schema draft 2020-12 with strict validation enabled. Union type arrays replaced with explicit oneOf constructs
• Registry Updates:
  • Rebar switched from asdf plugin to GitHub backend
  • Bashly's asdf fallback removed
  • New tool: wasm-tools (via aqua backend)
  • Elixir-ls now uses symlink_bins

Breaking Changes: None identified

Security Fixes: No security-specific fixes mentioned in the release notes

🎯 Impact Scope Investigation

Dockerfile Usage (Dockerfile:5):

• mise is downloaded as a static binary during Docker build
• Version bump from 2026.5.0 to 2026.5.1 in ARG declaration
• Used to install runtime tools (Node.js, Ruby, Go, Python, Rust) in the container

mise.toml Configuration:
The project uses mise to manage development tools with aqua backend packages:

• go = "1.26.2"
• aqua:golangci/golangci-lint = "2.11.4"
• aqua:evilmartians/lefthook = "2.1.6"
• aqua:hadolint/hadolint = "2.14.0"
• Plus runtime tools: node, ruby, rust, python

CI/CD Integration (.github/workflows/ci.yml):

• Uses jdx/mise-action@1648a7812b9aeae629881980618f079932869151 (v4.0.1) in all jobs
• Actions will use the version from mise.toml for development tools
• Docker build will use the new binary version (2026.5.1)

Impact Assessment:

1. Aqua Backend Enhancement: The new cosign verification support for aqua packages is additive and won't affect existing functionality. The project uses 3 aqua packages (golangci-lint, lefthook, hadolint) which will continue to work normally
2. Shim Bug Fix: This fix prevents crashes in edge cases but doesn't change normal operation
3. Schema Validation: Stricter validation helps catch configuration errors earlier but doesn't break existing valid configurations
4. No API Changes: All mise commands (use, install, settings) maintain backward compatibility

Dependencies Impact: No dependency chain issues identified. The patch version bump indicates backward compatibility.

💡 Recommended Actions

1. Merge without modifications: This is a safe patch release with bug fixes and enhancements
2. No code changes required: All existing mise configurations and commands remain compatible
3. Automatic testing: The CI pipeline will automatically verify the update works correctly through:
   • Docker build with new mise version
   • Tool installation (Go, Node.js, Ruby, Python, Rust)
   • Lint and build jobs using aqua packages (golangci-lint, hadolint)
   • Unit and E2E tests

🔗 Reference Links

• mise v2026.5.1 Release
• CHANGELOG
• Version Comparison

Generated by koki-develop/claude-renovate-review