jdx Release Notes
Last updated: Apr 6, 2026
jdx Products
All jdx Release Notes (128)
- Apr 6, 2026
- Date parsed from source:Apr 6, 2026
- First seen by Releasebot:Apr 6, 2026
v2026.4.5: GitLab and Forgejo token support, env file diagnostics, and shell fixes
mise adds GitLab and Forgejo authentication support, surfaces env files in config and doctor diagnostics, and fixes several bugs in bash hooks, Windows package installs, PATH handling, and dependency warnings for a smoother experience.
This release extends mise's authentication support to GitLab and Forgejo backends, surfaces env files in diagnostic commands, and fixes several bugs in bash shell hooks, Windows tool installation, and PATH handling.
Highlights
- GitLab and Forgejo token support -- mise now resolves authentication tokens for GitLab and Forgejo backends using the same rich priority chain already available for GitHub: env vars, token files, CLI tool configs (glab/fj), credential commands, and git credential helpers.
- Env files in diagnostics -- mise config ls and mise doctor now show env files loaded via MISE_ENV_FILE or _.file directives, making it easier to trace where environment variables come from.
- Bash duplicate trust warning fixed -- Entering an untrusted project directory in bash no longer prints the trust warning twice per cd.
Added
- GitLab and Forgejo token resolution -- The GitLab and Forgejo backends now support the same multi-source token resolution as GitHub: environment variables (MISE_GITLAB_TOKEN, MISE_FORGEJO_TOKEN, etc.), per-host token files (gitlab_tokens.toml, forgejo_tokens.toml), CLI tool integration (glab, fj), credential_command, and git credential fill. A new mise token command replaces the old mise github token and adds mise token gitlab and mise token forgejo subcommands for debugging token resolution. #8868 by @roele
mise token github mise token gitlab --unmask mise token forgejo forgejo.mycompany.com- Env files in config ls and doctor -- Env files loaded via the MISE_ENV_FILE setting or _.file config directives now appear in mise config ls output (with env var keys shown in verbose mode) and in mise doctor output (both text and JSON). #8853 by @SamSoldatenko
Fixed
- Double .exe extension on Windows (aqua backend) -- When a package's Windows override URL already includes .exe, mise no longer appends a second .exe suffix. This affected 37 aqua registry packages including cli/cli, kubernetes/kubectl, gruntwork-io/terragrunt, and rust-lang/rustup. #8863 by @yusei-wy
- Duplicate trust warning in bash -- Entering an untrusted project directory in bash triggered the trust warning from both the chpwd hook and PROMPT_COMMAND, producing a duplicate message. The bash activation script now coordinates between the two hooks so the warning appears exactly once. #8920 by @timothysparg
- Config root injected into PATH via _.source -- When a sourced script prepended to PATH (e.g., export PATH="/custom:$PATH"), an empty path component could resolve to the config root directory and get injected into PATH. Empty path segments are now filtered out. #8936 by @jdx
- Spurious dependency warnings during install -- When mise.toml configured both a language runtime and a package from that ecosystem (e.g., node + npm:prettier), mise would warn that npm was missing during version resolution even though node was configured and would be installed first. The warning is now suppressed when the providing tool is present in the toolset. #8923 by @jdx
Changed
- mise github token renamed to mise token github -- The old mise github token command still works but is hidden from help output. The new mise token command group adds github, gitlab, and forgejo subcommands. #8868 by @roele
New Contributors
- @SamSoldatenko made their first contribution in #8853
- @yusei-wy made their first contribution in #8863
- @timothysparg made their first contribution in #8920
Full Changelog: v2026.4.4...v2026.4.5
Original source Report a problem - Apr 6, 2026
- Date parsed from source:Apr 6, 2026
- First seen by Releasebot:Apr 1, 2026
- Modified by Releasebot:Apr 6, 2026
aqua-registry-v2026.4.4
mise releases aqua-registry 2026.4.4
All of your release notes in one feed
Join Releasebot and get updates from jdx and hundreds of other software products.
- Apr 5, 2026
- Date parsed from source:Apr 5, 2026
- First seen by Releasebot:Apr 6, 2026
v1.41.0: Per-worktree hooks, XDG config path fix, and Go multi-package fixes
hk adds per-worktree git hook support, fixes config paths to use XDG_CONFIG_HOME everywhere, and improves Go package analysis for multi-package projects.
This release adds support for per-worktree git hook configurations, fixes the global config path to consistently use XDG_CONFIG_HOME across all platforms, and resolves a common issue where Go package-level analysis tools would fail in multi-package projects.
Added
Per-worktree hook support: When extensions.worktreeConfig is enabled and a per-worktree core.hooksPath is set, hk install and hk uninstall now respect that worktree-local directory instead of always using the shared hooks directory. This allows different worktrees to have independent hook configurations without conflicting with each other. (@nkakouros) #789
# Enable per-worktree config in the main repo git config extensions.worktreeConfig true # In each worktree, point hooks to a worktree-local directory cd /path/to/worktree git config --worktree core.hooksPath "$(git rev-parse --git-dir)/hooks" hk installFixed
Config path now uses XDG_CONFIG_HOME on all platforms: Previously, hk used dirs::config_dir() which resolves to ~/Library/Application Support/ on macOS, meaning the documented path ~/.config/hk/config.pkl would not be found. hk now uses $XDG_CONFIG_HOME (defaulting to ~/.config) on all platforms, consistent with mise and matching what the documentation describes. (@fukuchancat) #801
Go package-level builtins work in multi-package projects: Seven Go analysis builtins (go_vet, golangci_lint, go_sec, go_vuln_check, staticcheck, revive, err_check) now use workspace_indicator = "go.mod" and run ./... from the module root instead of passing individual file paths. This fixes the "named files must all be in one directory" error that occurred when staged .go files spanned multiple packages -- a Go toolchain constraint that affects any tool built on go/packages. File-level formatters (go_fmt, go_fumpt, go_imports, go_lines) are unchanged. (@jdx) #803
Breaking Changes
macOS config path changed: On macOS, hk now looks for global config at ~/.config/hk/config.pkl instead of ~/Library/Application Support/hk/config.pkl. If you had a config file at the old macOS-specific path, move it to ~/.config/hk/config.pkl (or set HK_CONFIG_DIR to point to your preferred location). This was never documented or intended behavior.
New Contributors
@fukuchancat made their first contribution in #801
Full Changelog: v1.40.0...v1.41.0
Original source Report a problem - Apr 5, 2026
- Date parsed from source:Apr 5, 2026
- First seen by Releasebot:Apr 5, 2026
vfox-v2026.4.1
mise lists Release vfox 2026.4.1.
- Apr 5, 2026
- Date parsed from source:Apr 5, 2026
- First seen by Releasebot:Apr 5, 2026
v2026.4.4: Tool Dependencies, .NET Runtimes, and Task Argument Forwarding
mise releases a feature-packed update with user-defined tool dependencies, .NET runtime-only installs, task argument forwarding, and stronger lockfile provenance checks, plus broad bug fixes across shells and backends and a few breaking setting removals.
A feature-packed release that adds user-defined tool dependencies, .NET runtime-only installs, argument forwarding to task dependencies, and stronger supply-chain security for lockfiles -- along with a large batch of bug fixes across multiple backends and shells.
Highlights
- Declare tool dependencies in mise.toml -- A new depends field lets you ensure one tool is fully installed before another starts, useful for tools with runtime dependencies on each other.
- Pass arguments through task dependency chains -- Task dependencies can now reference the parent task's arguments using {{usage.*}} templates, enabling parameterized build/deploy pipelines.
- .NET runtime-only installs -- Install just the .NET runtime (or ASP.NET Core runtime) without the full SDK using the new runtime tool option.
- Stronger lockfile provenance verification -- mise lock now cryptographically verifies provenance for the current platform at lock time, and a new locked_verify_provenance setting enables re-verification at install time.
Added
User-specified tool dependencies -- Declare explicit installation dependencies between tools in mise.toml with a new depends field, ensuring one tool is fully installed before another starts. #8776 by @cprecioso
[tools]
erlang = "27"
elixir = { version = "1.18", depends = ["erlang"] }.NET runtime-only installs -- Install .NET runtimes alongside or instead of SDKs using the runtime tool option. Valid values: dotnet, aspnetcore, windowsdesktop. #8524 by @fragon10
[tools]
dotnet = ["9", { version = "8.0.14", runtime = "dotnet" }]Task dependency argument forwarding -- Task dependencies can reference parent task arguments using {{usage.*}} templates in depends, depends_post, and wait_for. Arguments flow through entire dependency chains. #8893 by @jdx
[tasks.build]
usage = 'arg "<app>"'
run = 'echo "building {{usage.app}}"'[tasks.deploy]
usage = 'arg "<app>"'
depends = [{ task = "build", args = ["{{usage.app}}"] }]
run = 'echo "deploying {{usage.app}}"'install_before enforced on transitive npm dependencies -- The install_before supply-chain cutoff is now forwarded to transitive dependency resolution using each package manager's native mechanism (npm --before, bun --minimum-release-age, pnpm --config.minimumReleaseAge). #8851 by @risu729
locked_verify_provenance setting -- New setting (also auto-enabled by MISE_PARANOID) that forces cryptographic provenance re-verification at install time even when the lockfile already has checksum and provenance data. mise lock now also performs full verification for the current platform at lock time. #8901 by @jdx
turso added to the built-in registry -- Install the Turso CLI via mise use turso. #8884 by @kenn
Fixed
- --env=VALUE and -E=VALUE flag parsing -- The equals-sign form of the environment flag (e.g., mise --env=production) was silently ignored, causing fallback to the default environment. Both --env=VALUE and --env VALUE forms now work correctly. #8889 by @jdx
- PEP 440 .dev versions filtered in fuzzy matching -- Versions like 2026.3.3.162408.dev0 no longer incorrectly satisfy stable version requests. The version regex now matches .dev in addition to -dev. #8849 by @richardthe3rd
- Stale lockfile entries pruned during mise lock <tool> -- Running mise lock node after a version change no longer leaves duplicate entries for the old and new versions. #8599 by @altendky
- Spurious direnv warning suppressed -- The failed to update DIRENV_DIFF warning no longer appears when the direnv diff environment variable is empty. #8857 by @yaleman
- Duplicate trust warning in zsh -- Entering an untrusted project directory in zsh no longer shows the mise trust warning twice. #8898 by @timothysparg
- Plain .tool-versions no longer requires trust for task listing -- Files without Tera template syntax ({{, {%, {#) are skipped during the trust check in mise task ls. #8876 by @dportalesr
- Tool options preserved with CLI version overrides -- filter_bins and other tool options are no longer lost when specifying a version via CLI (e.g., mise bin-paths tool@version). #8888 by @jdx
- Alias-specific options respected -- Tools configured with tool_alias now correctly use the alias-specific asset_pattern and other options instead of inheriting from the original tool. #8892 by @jdx
- Precompiled Python uses lockfile URL -- Precompiled Python installs now honor the download URL recorded in mise.lock instead of always recomputing it, fixing reproducibility for locked installs. #8750 by @hehaoqian
- Ruby build revisions in lockfiles -- Precompiled Ruby binaries from jdx/ruby now support build revision tags (e.g., 3.3.11-1), preventing lockfile breakage when binaries are rebuilt with different checksums. #8900 by @jdx
- Swift installs on unsupported Ubuntu versions -- Swift installs on Ubuntu versions newer than 24.04 now fall back to the 24.04 binary instead of 404ing. #8916 by @jdx
Changed
- Go settings renamed to go.* namespace -- All go_* settings (e.g., go_set_goroot) have been renamed to the nested go.* format (e.g., go.set_goroot) for consistency with other language settings. The old names are preserved as deprecated aliases. #8598 by @jdbruijn
Breaking Changes
- Deprecated settings removed -- The following settings, deprecated for 18+ months, have been removed. If you are still using them, switch to their replacements: #8904 by @jdx
- asdf -- use disable_backends instead
- vfox -- use disable_backends instead
- cargo_binstall -- use cargo.binstall instead
- disable_default_shorthands -- use disable_default_registry instead
- pipx_uvx -- use pipx.uvx instead
- python_compile -- use python.compile instead
- python_default_packages_file -- use python.default_packages_file instead
- python_patch_url -- use python.patch_url instead
- python_patches_directory -- use python.patches_directory instead
- python_precompiled_arch -- use python.precompiled_arch instead
- python_precompiled_os -- use python.precompiled_os instead
- python_pyenv_repo -- use python.pyenv_repo instead
- python_venv_stdlib -- use python.venv_stdlib instead
New Contributors
- @cprecioso made their first contribution in #8776
- @fragon10 made their first contribution in #8524
- @dportalesr made their first contribution in #8876
- @timothysparg made their first contribution in #8898
- @hehaoqian made their first contribution in #8750
- @jdbruijn made their first contribution in #8598
- @yaleman made their first contribution in #8857
- @kenn made their first contribution in #8884
Full Changelog: v2026.4.3...v2026.4.4
Original source Report a problem - Apr 4, 2026
- Date parsed from source:Apr 4, 2026
- First seen by Releasebot:Apr 5, 2026
v1.20.0: Doppler Provider and Sync Fix for json_path
fnox adds Doppler secrets manager support and fixes a sync bug that could corrupt secrets using json_path extraction, making secret handling more reliable across projects and environments.
v1.20.0 adds a new Doppler secrets manager provider and fixes a bug where fnox sync would corrupt secrets that use json_path extraction.
Added
- Doppler secrets manager provider (#376) -- @natefaerber
fnox now supports Doppler as a secrets provider. The provider uses the Doppler CLI under the hood and supports project/config scoping, service token authentication, and efficient batch fetching via --json.
[providers] app-prod = { type = "doppler", project = "my-app", config = "prd" } app-dev = { type = "doppler", project = "my-app", config = "dev" } [secrets] PROD_DB_URL = { provider = "app-prod", value = "DATABASE_URL" } DEV_DB_URL = { provider = "app-dev", value = "DATABASE_URL" }All configuration fields (project, config, token) are optional -- when omitted, the provider falls back to the Doppler CLI's own defaults (from doppler setup or environment variables like DOPPLER_TOKEN). Authentication works via interactive login, service tokens in config, or the DOPPLER_TOKEN / FNOX_DOPPLER_TOKEN environment variables.
You can add a Doppler provider interactively with:
fnox provider add my-doppler dopplerSee the full Doppler provider documentation for setup instructions, CI/CD examples, and multi-environment patterns.
Fixed
- fnox sync no longer corrupts secrets that use json_path (#371) -- @rpendleton
When syncing secrets that use json_path, the sync command was applying json_path extraction before caching the value. This meant the cached sync value contained only the extracted field (e.g. "admin") instead of the full raw secret (e.g. {"username":"admin","password":"secret123"}). On subsequent reads, json_path would be applied again to the already-extracted value, failing with "Failed to parse JSON secret".
The fix introduces SecretConfig::for_raw_resolve(), which strips post-processing fields (json_path, sync, default) before resolving. Both sync and reencrypt now use this method, ensuring raw provider values are always cached and future post-processing steps only need updating in one place.
New Contributors
- @natefaerber made their first contribution in #376
- @rpendleton made their first contribution in #371
Full Changelog: v1.19.0...v1.20.0
Original source Report a problem - Apr 3, 2026
- Date parsed from source:Apr 3, 2026
- First seen by Releasebot:Apr 4, 2026
v2026.4.3: Fix seccomp build on armv7
mise fixes a 32-bit ARM build error in its seccomp network filter, restoring armv7 support.
A small patch release that fixes a compile error preventing mise from building on 32-bit ARM (armv7) targets.
Fixed
- seccomp network filter build on armv7 -- The seccomp sandbox code that restricts network access during mise exec failed to compile on armv7 targets. The libc::SYS_socket and libc::SYS_socketpair constants are i32 on 32-bit platforms but the rule map expects i64 keys, causing a type mismatch. An explicit as i64 cast fixes the build while remaining a no-op on 64-bit platforms. #8869 by @jdx
Full Changelog: v2026.4.2...v2026.4.3
Original source Report a problem - Apr 3, 2026
- Date parsed from source:Apr 3, 2026
- First seen by Releasebot:Apr 4, 2026
v2026.4.2: Process sandboxing for exec and run
mise adds experimental process sandboxing for exec and run, letting users restrict filesystem, network, and environment access. It also fixes documentation for RUNTIME.osType and RUNTIME.archType.
Note: This release's build failed so no binary assets were published. Use v2026.4.3 instead, which includes all changes from this release plus a build fix.
This release introduces experimental process sandboxing for mise exec and mise run, allowing you to restrict filesystem access, network access, and environment variables for executed processes.
Added
Process sandboxing for mise x and mise run (experimental) -- A new lightweight sandboxing layer lets you lock down what processes spawned by mise can access. On Linux it uses Landlock for filesystem restrictions and seccomp-bpf for network filtering; on macOS it uses sandbox-exec (Seatbelt) with generated profiles. Requires experimental = true in settings. #8845 by @jdx
# Block all filesystem and network access mise x --deny-all -- node script.js # Block network only mise x --deny-net -- npm run build # Block writes except to ./dist mise x --allow-write=./dist -- npm run buildTask-level configuration is also supported:
[tasks.build] run = "npm run build" deny_net = true allow_write = ["./dist"]Fixed
Docs: correct RUNTIME.osType and RUNTIME.archType values -- Fixed inconsistent documentation for runtime template variables and simplified examples. #8785 by @esteve
Full Changelog: v2026.4.1...v2026.4.2
Original source Report a problem - Apr 3, 2026
- Date parsed from source:Apr 3, 2026
- First seen by Releasebot:Apr 3, 2026
v2026.4.3
mise fixes seccomp build on armv7 with an i32-to-i64 syscall cast.
- Apr 3, 2026
- Date parsed from source:Apr 3, 2026
- First seen by Releasebot:Apr 3, 2026
v2026.4.2
mise adds process sandboxing for mise x and mise run.