mise 2026.4.5

[BrewTestBot]

Created by brew bump

---

Created with brew bump-formula-pr.

Details

release notes

This release extends mise's authentication support to GitLab and Forgejo backends, surfaces env files in diagnostic commands, and fixes several bugs in bash shell hooks, Windows tool installation, and PATH handling.
Highlights

GitLab and Forgejo token support -- mise now resolves authentication tokens for GitLab and Forgejo backends using the same rich priority chain already available for GitHub: env vars, token files, CLI tool configs (glab/fj), credential commands, and git credential helpers.
Env files in diagnostics -- mise config ls and mise doctor now show env files loaded via MISE_ENV_FILE or _.file directives, making it easier to trace where environment variables come from.
Bash duplicate trust warning fixed -- Entering an untrusted project directory in bash no longer prints the trust warning twice per cd.

Added


GitLab and Forgejo token resolution -- The GitLab and Forgejo backends now support the same multi-source token resolution as GitHub: environment variables (MISE_GITLAB_TOKEN, MISE_FORGEJO_TOKEN, etc.), per-host token files (gitlab_tokens.toml, forgejo_tokens.toml), CLI tool integration (glab, fj), credential_command, and git credential fill. A new mise token command replaces the old mise github token and adds mise token gitlab and mise token forgejo subcommands for debugging token resolution. #8868 by @roele
mise token github
mise token gitlab --unmask
mise token forgejo forgejo.mycompany.com


Env files in config ls and doctor -- Env files loaded via the MISE_ENV_FILE setting or _.file config directives now appear in mise config ls output (with env var keys shown in verbose mode) and in mise doctor output (both text and JSON). #8853 by @SamSoldatenko


Fixed


Double .exe extension on Windows (aqua backend) -- When a package's Windows override URL already includes .exe, mise no longer appends a second .exe suffix. This affected 37 aqua registry packages including cli/cli, kubernetes/kubectl, gruntwork-io/terragrunt, and rust-lang/rustup. #8863 by @yusei-wy


Duplicate trust warning in bash -- Entering an untrusted project directory in bash triggered the trust warning from both the chpwd hook and PROMPT_COMMAND, producing a duplicate message. The bash activation script now coordinates between the two hooks so the warning appears exactly once. #8920 by @timothysparg


Config root injected into PATH via _.source -- When a sourced script prepended to PATH (e.g., export PATH="/custom:$PATH"), an empty path component could resolve to the config root directory and get injected into PATH. Empty path segments are now filtered out. #8936 by @jdx


Spurious dependency warnings during install -- When mise.toml configured both a language runtime and a package from that ecosystem (e.g., node + npm:prettier), mise would warn that npm was missing during version resolution even though node was configured and would be installed first. The warning is now suppressed when the providing tool is present in the toolset. #8923 by @jdx


Changed

mise github token renamed to mise token github -- The old mise github token command still works but is hidden from help output. The new mise token command group adds github, gitlab, and forgejo subcommands. #8868 by @roele

New Contributors

@SamSoldatenko made their first contribution in #8853
@yusei-wy made their first contribution in #8863
@timothysparg made their first contribution in #8920

Full Changelog: jdx/mise@v2026.4.4...v2026.4.5

View the full release notes at https://github.com/jdx/mise/releases/tag/v2026.4.5.

---

[github-actions]

🤖 An automated task has requested bottles to be published to this PR.

Caution

Please do not push to this PR branch before the bottle commits have been pushed, as this results in a state that is difficult to recover from. If you need to resolve a merge conflict, please use a merge commit. Do not force-push to this PR branch.