chore: release 2026.3.5

[mise-en-dev]

🚀 Features

• (vfox) add RUNTIME.envType for libc variant detection by @malept in #8493
• store provenance verification results in lockfile by @jdx in #8495

🐛 Bug Fixes

• (env) skip remote version fetching for "latest" in prefer-offline mode by @jdx in #8500
• (tasks) deduplicate shared deps across task delegation by @vadimpiven in #8497
• (windows) correctly identify mise binary without extension by @jdx in #8503

🚜 Refactor

• (core) migrate cmd! callers to async with kill_on_drop by @jdx in a63f7d2

📦 Registry

• add portless (npm:portless) by @risu729 in #8508

Chore

• (ci) temporarily disable mise up in release-plz by @jdx in #8504
• consolidate all linters into hk.pkl by @jdx in #8498

📦 Aqua Registry Updates

New Packages (1)

• apache/ant

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request constitutes the 2026.3.5 release of mise, bringing a set of enhancements, critical bug fixes, and internal improvements. It includes a new feature for vfox to better handle libc variants, addresses issues with offline version fetching and task dependency management, and refactors core command execution for improved reliability.

Highlights

• Features: Added RUNTIME.envType for vfox to detect libc variants.
• Bug Fixes: Prevented remote version fetching for "latest" in offline mode.
• Bug Fixes: Improved task dependency deduplication for delegated tasks.
• Bug Fixes: Corrected mise binary identification on Windows without extensions.
• Refactor: Migrated cmd! macro calls to use async with kill_on_drop for better resource management.
• Chore: Temporarily disabled mise up in release-plz CI.
• Chore: Consolidated all linters into hk.pkl.
• Aqua Registry Updates: Added apache/ant to the Aqua Registry.

Changelog

• CHANGELOG.md

  • 🚀 Features

  • • (vfox) add RUNTIME.envType for libc variant detection by @malept in #8493

  • 🐛 Bug Fixes

  • • (env) skip remote version fetching for "latest" in prefer-offline mode by @jdx in #8500
  • • (tasks) deduplicate shared deps across task delegation by @vadimpiven in #8497
  • • (windows) correctly identify mise binary without extension by @jdx in #8503

  • 🚜 Refactor

  • • (core) migrate cmd! callers to async with kill_on_drop by @jdx in a63f7d2

  • Chore

  • • (ci) temporarily disable mise up in release-plz by @jdx in #8504
  • • consolidate all linters into hk.pkl by @jdx in #8498

  • 📦 Aqua Registry Updates

  • New Packages (1)

  • • apache/ant

Activity

• No human activity has been recorded for this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[greptile-apps]

Greptile Summary

This is the v2026.3.5 release PR for mise, consisting of routine version bumps across all packaging files (Cargo.toml, Cargo.lock, default.nix, snapcraft.yaml, packaging/rpm/mise.spec, completions) and a new apache/ant aqua registry entry. The underlying features and bug fixes (vfox RUNTIME.envType, provenance lockfile, prefer-offline env fix, task deduplication, Windows binary detection) were already merged in separate PRs and are simply captured in the changelog here.

Key changes:

• Version bumped from 2026.3.4 → 2026.3.5 consistently across all packaging manifests and completion cache filenames
• New aqua registry entry added for apache/ant, resolving versions from GitHub tags (rel/ prefix) and downloading from archive.apache.org
• aqua-registry crate version bumped from 2026.3.1 → 2026.3.2 to reflect the new package

Critical issue: The apache/ant registry entry uses format: tar.xz, but Apache Ant binary distributions on archive.apache.org are only available as .tar.gz and .zip. This will cause all mise install ant@... invocations to fail with HTTP 404 errors. The sibling apache/maven entry correctly uses format: tar.gz for the same host.

Confidence Score: 3/5

• Routine version bumps are safe, but the apache/ant registry entry has a critical format bug that will cause all installations to fail with 404 errors.
• All version bump changes across packaging files are mechanical and correct, maintaining consistency from 2026.3.4 to 2026.3.5. However, the new apache/ant registry entry uses format: tar.xz, which is not provided by archive.apache.org for Ant binary distributions (only .tar.gz and .zip are available). This is a functional defect affecting the primary purpose of the new registry entry — every attempt to install Apache Ant will fail.
• crates/aqua-registry/aqua-registry/pkgs/apache/ant/registry.yaml — The format: tar.xz must be changed to format: tar.gz to match the actual available formats from archive.apache.org (reference: the apache/maven entry uses tar.gz on the same host).

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["mise install ant@version"] --> B{"version <= 1.10.0?"}
    B -->|yes| C["Error: Please use 1.10.1 or later"]
    B -->|no| D["Build download URL<br/>archive.apache.org/dist/ant/binaries/<br/>apache-ant-SemVer-bin.Format"]
    D --> E{"goos == windows?"}
    E -->|yes| F["files: ant.bat<br/>format: tar.xz ⚠️"]
    E -->|no| G["files: ant<br/>format: tar.xz ⚠️"]
    F --> H["Fetch archive — HTTP 404<br/>tar.xz not available on archive.apache.org"]
    G --> H
    H --> I["Installation fails"]
    style H fill:#f66,color:#fff
    style I fill:#f66,color:#fff
    style C fill:#fa0,color:#fff

Loading

_{Last reviewed commit: 2fbfce4}

[gemini-code-assist]

Code Review

This pull request prepares for the 2026.3.5 release by updating the version across various files, including Cargo.toml, README.md, and completion scripts. It also adds a new package definition for apache/ant to the Aqua registry. I've found an issue in the new package definition that will cause checksum verification to fail.

_{Note: Security Review is unavailable for this PR.}

[gemini-code-assist]

The regular expression for the checksum appears to be incorrect. The checksum file for Apache Ant follows the format filename: HASH, but the provided regex ^(\b[A-Fa-f0-9]{128}\b) expects the hash to be at the beginning of the line. This will cause checksum verification to fail.

A more appropriate regex would capture the hash that appears after the colon at the end of the line.

            checksum: ':\s*([a-fA-F0-9]{128})$'

[github-actions]

Hyperfine Performance

mise x -- echo

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.3.4 x -- echo	23.2 ± 0.9	22.0	40.0	1.00
mise x -- echo	23.3 ± 0.4	21.7	28.1	1.00 ± 0.04

mise env

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.3.4 env	22.6 ± 0.7	21.1	29.3	1.00
mise env	22.7 ± 0.3	21.6	24.3	1.00 ± 0.03

mise hook-env

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.3.4 hook-env	23.3 ± 0.3	22.5	24.6	1.00
mise hook-env	23.5 ± 0.3	22.8	25.0	1.01 ± 0.02

mise ls

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.3.4 ls	22.7 ± 0.4	21.7	24.8	1.00
mise ls	22.7 ± 0.3	21.3	23.8	1.00 ± 0.02

xtasks/test/perf

Command	mise-2026.3.4	mise	Variance
install (cached)	148ms	149ms	+0%
ls (cached)	82ms	81ms	+1%
bin-paths (cached)	84ms	83ms	+1%
task-ls (cached)	833ms	820ms	+1%