Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughThis PR updates the project to version 2026.6.6: package metadata and changelog, README example, shell completion spec filenames (zsh/bash/fish/ps1), Nix/RPM/Snap packaging versions, and Aqua registry metadata for oracle.com/sqlcl. ChangesRelease 2026.6.6 Version Bump
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
Greptile SummaryThis is the automated release PR for mise v2026.6.6, bumping version numbers across all packaging manifests and updating the vendored aqua-registry snapshot.
Confidence Score: 5/5Routine release commit with mechanical version bumps and a vendored registry update; no logic changes to mise itself. All changes are version string replacements or upstream registry vendoring. The oxlint version-override restructuring in registry.yml is complex but follows aqua's documented ordering semantics correctly, and the error-message stubs for the 1.17–1.28 gap period are intentional. No mise source code is modified. vendor/aqua-registry/registry.yml — the oxlint version-override chain is the only non-trivial change and worth a quick sanity check, but it mirrors upstream intent. Important Files Changed
Reviews (22): Last reviewed commit: "chore: release 2026.6.6" | Re-trigger Greptile |
Hyperfine Performance
|
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.6.5 x -- echo |
19.6 ± 1.0 | 17.6 | 24.1 | 1.00 |
mise x -- echo |
20.4 ± 1.8 | 18.0 | 42.7 | 1.04 ± 0.10 |
mise env
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.6.5 env |
19.1 ± 0.9 | 17.3 | 23.5 | 1.00 |
mise env |
19.9 ± 1.0 | 18.0 | 24.5 | 1.04 ± 0.07 |
mise hook-env
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.6.5 hook-env |
19.8 ± 0.9 | 18.1 | 24.0 | 1.00 |
mise hook-env |
20.4 ± 1.0 | 18.4 | 25.7 | 1.03 ± 0.07 |
mise ls
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.6.5 ls |
16.2 ± 0.8 | 14.4 | 19.9 | 1.00 |
mise ls |
16.9 ± 0.9 | 15.3 | 20.7 | 1.04 ± 0.08 |
xtasks/test/perf
| Command | mise-2026.6.5 | mise | Variance |
|---|---|---|---|
| install (cached) | 136ms | 136ms | +0% |
| ls (cached) | 59ms | 61ms | -3% |
| bin-paths (cached) | 67ms | 64ms | +4% |
| task-ls (cached) | 127ms | 127ms | +0% |
mise-en-dev
force-pushed
the
release
branch
3 times, most recently
from
5da0b6c to
fa70b24
Compare
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@vendor/aqua-registry/registry.yml`:
- Around line 70584-70585: The registry currently uses external checksum
provenance from the third-party GitHub repo indicated by the repo_owner value
"jasonlyle88" and repo_name "sqlcl-releases"; update the registry entry (the
SQLcl package block in registry.yml) to stop trusting that GitHub checksum
source and instead point checksum verification to Oracle's official published
checksums (download.oracle.com/oracle.com SQLcl download/checksum pages) or
embed the authoritative SHA256 values copied from Oracle with a comment
documenting the Oracle source and retrieval date; replace any URLs or references
that fetch .sha256 from "jasonlyle88/sqlcl-releases" and ensure the package's
checksum field(s) reference Oracle-originated values so validation uses
Oracle-provided checksums only.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: 4b9d447c-72db-48c7-bcdc-5b8f0a70beb7
⛔ Files ignored due to path filters (1)
Cargo.lockis excluded by!**/*.lock
📒 Files selected for processing (12)
CHANGELOG.mdCargo.tomlREADME.mdcompletions/_misecompletions/mise.bashcompletions/mise.fishcompletions/mise.ps1default.nixpackaging/rpm/mise.specsnapcraft.yamlvendor/aqua-registry/metadata.jsonvendor/aqua-registry/registry.yml
✅ Files skipped from review due to trivial changes (7)
- packaging/rpm/mise.spec
- completions/mise.ps1
- default.nix
- README.md
- snapcraft.yaml
- vendor/aqua-registry/metadata.json
- CHANGELOG.md
🚧 Files skipped from review as they are similar to previous changes (4)
- completions/mise.bash
- completions/mise.fish
- completions/_mise
- Cargo.toml
| repo_owner: jasonlyle88 | ||
| repo_name: sqlcl-releases |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟠 Major
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Description: Verify the GitHub repository legitimacy and checksum availability
# Check if the repository exists and examine its metadata
gh repo view jasonlyle88/sqlcl-releases --json name,description,owner,isArchived,isFork,url
# Check recent releases and their assets
echo "=== Recent releases and assets ==="
gh release list --repo jasonlyle88/sqlcl-releases --limit 5
# Check for checksum assets in the latest release
echo "=== Latest release assets ==="
gh release view --repo jasonlyle88/sqlcl-releases --json assets | jq '.assets[] | select(.name | contains(".sha256")) | {name, size, url}'
# Check if Oracle provides official checksums
echo "=== Searching for official Oracle SQLcl checksum documentation ==="Repository: jdx/mise
Length of output: 701
🌐 Web query:
Does Oracle provide official SHA256 checksums for SQLcl downloads? Is jasonlyle88/sqlcl-releases an official Oracle repository?
💡 Result:
Yes, Oracle provides checksums for SQLcl downloads on their official download pages, though the specific hash types provided (e.g., SHA256, SHA1, MD5) vary by release [1][2][3][4][5][6]. You can verify the integrity of your download by checking the "Release notes" or checksum information section directly on the official Oracle SQLcl download site [1][3][4][5]. The repository jasonlyle88/sqlcl-releases is not an official Oracle repository. Official Oracle SQLcl releases are distributed exclusively through Oracle's website [6][7]. The repository jasonlyle88/sqlcl-utilities, which is associated with the user jasonlyle88, is a third-party project providing utility functions and scripts for interacting with SQLcl, not an official distribution channel for the software itself [8]. Always download Oracle software directly from official oracle.com domains to ensure authenticity.
Citations:
- 1: https://www.oracle.com/sqlcl/download/sqlcl-downloads-25.3.html
- 2: https://www.oracle.com/sqlcl/download/sqlcl-downloads-25.4.html
- 3: https://www.oracle.com/sqlcl/download/sqlcl-downloads-25.2.1.html
- 4: https://www.oracle.com/sqlcl/download/sqlcl-downloads-25.2.html
- 5: https://www.oracle.com/sqlcl/download/sqlcl-downloads-25.1.html
- 6: https://www.oracle.com/database/sqldeveloper/technologies/sqlcl/download/
- 7: https://github.com/oracle/oracle-db-tools/tree/master/sqlcl
- 8: https://github.com/jasonlyle88/sqlcl-utilities
Don’t trust SQLcl checksums from the third-party GitHub repo (jasonlyle88/sqlcl-releases) while downloading binaries from download.oracle.com.
- Current config downloads from Oracle’s CDN but verifies against SHA256 files published in a non-Oracle GitHub repository, so a compromised/incorrect checksum publisher would cause verification to accept the wrong binary.
- Update the registry to source checksums from Oracle’s official SQLcl download/checksum pages (oracle.com), or otherwise embed checksums with documented provenance tied to Oracle’s published values.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@vendor/aqua-registry/registry.yml` around lines 70584 - 70585, The registry
currently uses external checksum provenance from the third-party GitHub repo
indicated by the repo_owner value "jasonlyle88" and repo_name "sqlcl-releases";
update the registry entry (the SQLcl package block in registry.yml) to stop
trusting that GitHub checksum source and instead point checksum verification to
Oracle's official published checksums (download.oracle.com/oracle.com SQLcl
download/checksum pages) or embed the authoritative SHA256 values copied from
Oracle with a comment documenting the Oracle source and retrieval date; replace
any URLs or references that fetch .sha256 from "jasonlyle88/sqlcl-releases" and
ensure the package's checksum field(s) reference Oracle-originated values so
validation uses Oracle-provided checksums only.
671555f to
d08eb44
Compare
2 participants
🚀 Features
mise bootstrapand declarative[system.files]by @jdx in #10365[system.edits]for editing files mise doesn't own by @jdx in #10368🐛 Bug Fixes
🚜 Refactor
📚 Documentation
⚡ Performance
Chore
New Contributors
📦 Aqua Registry Updates
Updated Packages (5)
oracle.com/sqlcloxc-project/oxc/oxlintsuzuki-shunsuke/docfreshsuzuki-shunsuke/ghaperfsuzuki-shunsuke/ghir