chore: release 2026.6.2

[mise-en-dev]

🚀 Features

• (config) add minimum release age excludes by @jdx in #10277
• (config) default release age and warn on hidden versions by @jdx in #10279

🐛 Bug Fixes

• (github) skip versions host for non-registry attestations by @jdx in #10260
• (npm) warn when install hooks are skipped by @jdx in #10280

📚 Documentation

• (security) clarify minimum release age support by @jdx in #10278
• (settings) prefer assignment form for set examples by @jdx in #10271
• On Debian/Ubuntu, use extrepo for installing by @okulev in #10262
• improve sponsor logo contrast by @jdx in #10270

🧪 Testing

• (aqua) allow commit metadata refs by @jdx in #10287

📦️ Dependency Updates

• lock file maintenance lockfile maintenance by @renovate[bot] in #10265

📦 Registry

• add cargo-msrv by @jdx in #10276
• update aube and pitchfork aqua entries by @jdx in #10285

Chore

• (ci) ignore RUSTSEC-2026-0173 proc-macro-error2 advisory by @risu729 in #10269
• (release) validate vendored aqua registry by @jdx in #10286

New Contributors

• @okulev made their first contribution in #10262

📦 Aqua Registry Updates

New Packages (10)

• alibaba/open-code-review
• grafana-cold-storage/grizzly
• hashicorp/hcl/hclfmt
• jdx/aube
• jdx/pitchfork
• klauspost/asmfmt
• lexfrei/claudeline
• macstadium.com/orka3
• openai/tart
• visioncortex/vtracer

Updated Packages (2)

• FiloSottile/age
• GitGuardian/ggshield

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR bumps the mise release from 2026.6.1 to 2026.6.2: updates Cargo.toml, inserts a 2026.6.2 changelog entry, refreshes README example output and docs star count, bumps Nix/RPM/Snap packaging versions, updates shell completion spec filenames, and modifies vendor/aqua-registry metadata and registry entries.

Changes

Release 2026.6.2

Layer / File(s)	Summary
Crate metadata and changelog Cargo.toml, CHANGELOG.md	Cargo.toml package version and a new 2026.6.2 release block are added to CHANGELOG.md.
User-facing documentation README.md, docs/.vitepress/stars.data.ts	mise --version example updated to show 2026.6.2 and site star count bumped to 29.3k.
Shell completion spec filenames completions/_mise, completions/mise.bash, completions/mise.fish, completions/mise.ps1	Zsh, Bash, Fish, and PowerShell completion scripts now point to the 2026.6.2 generated usage-spec filenames.
Build and packaging definitions default.nix, packaging/rpm/mise.spec, snapcraft.yaml	Version attributes in Nix, RPM spec, and Snapcraft manifest are bumped to 2026.6.2.
Aqua registry updates vendor/aqua-registry/metadata.json, vendor/aqua-registry/registry.yml	Bump registry metadata tag and add/modify multiple registry entries and overrides (age, ggshield, removal/alias changes, hashicorp/hclfmt go_install, klauspost/asmfmt, openai/cirruslabs tart alias, etc.).

Estimated Code Review Effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly Related PRs

• jdx/mise#10213: Updates completion spec filename pattern in completions, same code-level change pattern.
• jdx/mise#10172: Prior release bump touching manifests and completion scripts similarly.
• jdx/mise#10188: Earlier release bump that updated the same completion/spec filenames.

Poem

🐰 I hopped through files with gentle cheer,
Bumped the numbers, tidy and clear,
Completions now point to specs anew,
Registry entries added too,
A rabbit's tiny release-day cheer 🎉

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore: release 2026.6.2' clearly and directly summarizes the main change: a version release bump from 2026.6.1 to 2026.6.2 across all configuration files and documentation.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch release

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

Release 2026.6.2 bumps the version across all manifests and packages new/updated aqua-registry entries alongside a handful of bug-fixes and config features merged since 2026.6.1.

• Version bump: Cargo.toml and all completion/packaging files move from 2026.6.1 → 2026.6.2; CHANGELOG.md records the full list of merged PRs.
• Registry updates: vendor/aqua-registry/registry.yml adds ten new packages (notably aube, pitchfork, cargo-msrv, alibaba/open-code-review, openai/tart) and refreshes FiloSottile/age and ggshield attestation configs; metadata.json switches the upstream pin from a version tag (v4.521.0) to a bare commit hash (b2116015b...) to pick up unreleased upstream fixes.
• mise.lock aube entries: all asset URLs are rewritten from github.com/endevco/aube/… to github.com/jdx/aube/…, reflecting the repository transfer — the backend field still names the alias github:endevco/aube (an already-flagged inconsistency discussed in a prior review comment).

Confidence Score: 4/5

Mostly a routine release bump; the one open question is whether attestation verification for the locked aube v1.16.1 artifacts will succeed now that all URLs point to jdx/aube while the original release was published under endevco/aube.

The bulk of the change is mechanical (version bump, changelog, completion scripts, packaging files). The registry.yml updates are sourced from upstream aqua-registry and look well-formed. The unresolved concern — flagged in a prior review comment — is that mise.lock now has asset URLs under jdx/aube for v1.16.1 while the signer_workflow also references jdx/aube, but those artifacts were signed when the repo lived at endevco/aube. If mise verifies provenance strictly against the workflow reference, the check for v1.16.1 would fail. Everything else in the PR is straightforward.

mise.lock — the aube attestation URL / signer_workflow alignment deserves a second look before merging.

Important Files Changed

Filename	Overview
mise.lock	Updated aube lock entries to use jdx/aube URLs while backend still references the endevco/aube alias — the URL namespace change may break provenance attestation for the locked v1.16.1 artifacts
vendor/aqua-registry/registry.yml	Large registry update: adds 10 new packages (aube, pitchfork, cargo-msrv, open-code-review, etc.), reorganizes aube/pitchfork entries under canonical jdx namespace, updates FiloSottile/age and ggshield attestation/version overrides, removes old cirruslabs/tart in favour of openai/tart
vendor/aqua-registry/metadata.json	Pinned aqua-registry from version tag v4.521.0 to a raw commit hash — useful for picking up unreleased upstream fixes but loses the human-readable tag reference
Cargo.toml	Bumped version from 2026.6.1 to 2026.6.2
CHANGELOG.md	Added 2026.6.2 release notes covering features, bug fixes, docs, testing, and registry updates
Cargo.lock	Minor lock file maintenance update to match Cargo.toml version bump

_{Reviews (16): Last reviewed commit: "chore: release 2026.6.2" | Re-trigger Greptile}

[github-actions]

Hyperfine Performance

mise x -- echo

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.6.1 x -- echo	28.3 ± 3.2	21.5	41.5	1.00
mise x -- echo	31.5 ± 4.2	23.9	70.9	1.11 ± 0.19
⚠️ Inconclusive: x -- echo measured 11% slower, but hyperfine reported statistical outliers.

mise env

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.6.1 env	28.3 ± 3.6	21.4	43.7	1.00
mise env	30.0 ± 3.6	23.3	50.5	1.06 ± 0.19

mise hook-env

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.6.1 hook-env	28.6 ± 2.9	22.0	42.4	1.08 ± 0.16
mise hook-env	26.6 ± 2.7	21.4	37.7	1.00

mise ls

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.6.1 ls	19.3 ± 1.5	15.8	26.0	1.00
mise ls	19.8 ± 1.4	16.7	28.6	1.03 ± 0.11

xtasks/test/perf

Command	mise-2026.6.1	mise	Variance
install (cached)	160ms	161ms	+0%
ls (cached)	67ms	69ms	-2%
bin-paths (cached)	76ms	78ms	-2%
task-ls (cached)	145ms	146ms	+0%

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@vendor/aqua-registry/registry.yml`:
- Line 3825: Replace the Windows zip override src entries that currently read
"src: ggshield-{{trimV .Version}}-{{.Arch}}-{{.OS}}/ggshield" with "src:
ggshield-{{trimV .Version}}-{{.Arch}}-{{.OS}}/ggshield.exe" for the Windows (OS
== windows) zip overrides so the src path matches the archive file name; update
each override block that uses that src pattern.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: ea07f82b-8e7f-406f-94d2-43a8a31c4bb5

📥 Commits

Reviewing files that changed from the base of the PR and between f46fa5a and 36868dc.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (12)

• CHANGELOG.md
• Cargo.toml
• README.md
• completions/_mise
• completions/mise.bash
• completions/mise.fish
• completions/mise.ps1
• default.nix
• packaging/rpm/mise.spec
• snapcraft.yaml
• vendor/aqua-registry/metadata.json
• vendor/aqua-registry/registry.yml

✅ Files skipped from review due to trivial changes (5)

• vendor/aqua-registry/metadata.json
• default.nix
• completions/_mise
• Cargo.toml
• README.md

🚧 Files skipped from review as they are similar to previous changes (5)

• completions/mise.bash
• completions/mise.ps1
• completions/mise.fish
• snapcraft.yaml
• packaging/rpm/mise.spec

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check the actual file structure in ggshield Windows release archives

echo "Checking ggshield v1.51.0 Windows archive structure..."
curl -sL "https://github.com/GitGuardian/ggshield/releases/download/v1.51.0/ggshield-1.51.0-x86_64-pc-windows-msvc.zip" -o /tmp/ggshield-win.zip
unzip -l /tmp/ggshield-win.zip | grep -E "ggshield(\.exe)?"

echo -e "\nChecking ggshield v1.50.0 (older version) Windows archive structure..."
curl -sL "https://github.com/GitGuardian/ggshield/releases/download/v1.50.0/ggshield-1.50.0-x86_64-pc-windows-msvc.zip" -o /tmp/ggshield-old-win.zip
unzip -l /tmp/ggshield-old-win.zip | grep -E "ggshield(\.exe)?"

rm -f /tmp/ggshield-win.zip /tmp/ggshield-old-win.zip

Repository: jdx/mise

Length of output: 50365

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

check_version () {
  local ver="$1"
  local url="https://github.com/GitGuardian/ggshield/releases/download/v${ver}/ggshield-${ver}-x86_64-pc-windows-msvc.zip"
  local zip="/tmp/ggshield-${ver}.zip"
  echo "== ggshield v${ver} =="
  curl -sL "$url" -o "$zip"
  # List only filenames ending exactly with ggshield or ggshield.exe
  unzip -Z1 "$zip" | grep -E '(^|/)ggshield(\.exe)?$' || true
  rm -f "$zip"
}

check_version "1.51.0"
echo
check_version "1.50.0"

Repository: jdx/mise

Length of output: 203

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Show the relevant registry.yml section around the mentioned lines
echo "=== registry.yml around lines 3810-3895 ==="
nl -ba vendor/aqua-registry/registry.yml | sed -n '3810,3895p'

# Find all occurrences of "ggshield" in the registry file
echo
echo "=== occurrences of ggshield in registry.yml ==="
rg -n "ggshield" vendor/aqua-registry/registry.yml | head -n 50

# Search repository code for windows_ext handling and src extraction semantics
echo
echo "=== search for windows_ext usage ==="
rg -n "windows_ext" . | head -n 50

echo
echo "=== search for aqua-registry src handling semantics ==="
rg -n "aqua-registry" . | head -n 50

Repository: jdx/mise

Length of output: 157

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== registry.yml around lines 3810-3895 ==="
sed -n '3810,3895p' vendor/aqua-registry/registry.yml

echo
echo "=== occurrences of ggshield-related src patterns ==="
rg -n "src: ggshield-\{\{trimV" vendor/aqua-registry/registry.yml || true

echo
echo "=== occurrences of ggshield.exe in registry.yml ==="
rg -n "ggshield\.exe" vendor/aqua-registry/registry.yml || true

echo
echo "=== occurrences of windows_ext near ggshield overrides ==="
rg -n "windows_ext" vendor/aqua-registry/registry.yml | head -n 50 || true

Repository: jdx/mise

Length of output: 5972

---

Fix ggshield Windows src to match the archive (ggshield.exe)

The ggshield Windows release zips (v1.51.0 and v1.50.0) contain .../ggshield.exe and no plain .../ggshield entry. In vendor/aqua-registry/registry.yml, the Windows zip overrides at lines 3825, 3835, 3847, and 3873 still use src: ggshield-{{trimV .Version}}-{{.Arch}}-{{.OS}}/ggshield (missing .exe), so extraction will likely fail on Windows. Update those Windows src values to point at .../ggshield.exe.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@vendor/aqua-registry/registry.yml` at line 3825, Replace the Windows zip
override src entries that currently read "src: ggshield-{{trimV
.Version}}-{{.Arch}}-{{.OS}}/ggshield" with "src: ggshield-{{trimV
.Version}}-{{.Arch}}-{{.OS}}/ggshield.exe" for the Windows (OS == windows) zip
overrides so the src path matches the archive file name; update each override
block that uses that src pattern.