chore(deps): bump jdx/mise-action from 2.0.0 to 4.1.0

[dependabot]

Bumps jdx/mise-action from 2.0.0 to 4.1.0.

Release notes

Sourced from jdx/mise-action's releases.

v4.1.0: automatic --locked installs

This release adds automatic locked installs when a mise.lock is present, and fixes a long-standing cache-key collision that could poison tool installs when workflows migrate between runner providers.

Added

Automatic --locked install when mise.lock exists (#495) by @​zeitlinger

When a repo contains mise.lock, the action now automatically passes --locked to mise install (on mise versions that support it). This removes the need to manually set install_args: --locked and prevents mise install from silently mutating the lockfile in CI. Explicit install_args and older mise versions are still respected.

Note: workflows with a stale lockfile may now fail earlier and more explicitly instead of silently updating mise.lock mid-run — this surfaces lockfile drift rather than hiding it.

Fixed

• Cache key collisions across runner providers (#456) — the default cache key now includes the runner image (e.g. macos15, ubuntu24 for GitHub-hosted runners; self-hosted otherwise). Previously, repos migrating between providers like github-hosted, namespace.so, BuildJet, and self-hosted runners with the same OS/arch could restore a peer provider's ~/.local/share/mise/installs/*, causing failures like does not have an executable named '…' or SIGILL crashes from binaries built against a different glibc/CPU featureset. Expect a one-time cache miss after upgrading; thereafter the cache stays scoped per image.
• mise-shim.exe missing on Windows (#476) by @​risu729 — the action now installs mise-shim.exe alongside mise.exe and repairs restored caches that lack the shim. Fixes #475.

Changed

• Migrated the bundled action build from ncc (CommonJS) to Rollup (ESM) (#436). No user-facing behavior change.

Full Changelog: jdx/mise-action@v4.0.1...v4.1.0

v4.0.1: Documentation and Internal Cleanup

A small maintenance release that updates the README documentation to reflect v4 and cleans up internal code. There are no functional changes to the action itself.

Changed

• Updated all README examples to reference jdx/mise-action@v4, actions/checkout@v6, and current tool versions by @​deining in #407 and #408
• Extracted getCwd() helper to deduplicate working directory resolution logic (internal refactor, no behavior change) by @​altendky in #403

New Contributors

• @​deining made their first contribution in #407

Full Changelog: jdx/mise-action@v4.0.0...v4.0.1

v3.6.3

What's Changed

• fix: pass cwd to all exec calls in exportMiseEnv() by @​andrewthauer in jdx/mise-action#390
• chore: release v3.6.3 by @​mise-en-dev in jdx/mise-action#391

New Contributors

• @​andrewthauer made their first contribution in jdx/mise-action#390

Full Changelog: jdx/mise-action@v3.6.2...v3.6.3

v3.6.2

What's Changed

• chore(deps): update dependency prettier to v3.8.1 by @​renovate[bot] in jdx/mise-action#368
• chore(deps): update dependency @​types/node to v24.10.9 by @​renovate[bot] in jdx/mise-action#367
• chore(deps): update github/codeql-action digest to 439137e by @​renovate[bot] in jdx/mise-action#370
• chore(deps): lock file maintenance by @​renovate[bot] in jdx/mise-action#372

... (truncated)

Changelog

Sourced from jdx/mise-action's changelog.

Changelog

---

4.1.0 - 2026-06-04

🚀 Features

• add wings_enabled input (mise-wings cache integration) (#454) by @​jdx in #454
• lock install when mise.lock is present (#495) by @​zeitlinger in #495

🐛 Bug Fixes

• (ci) add gh auth setup-git to release-plz.sh (#473) by @​jdx in #473
• (ci) pin codeql-action with exact version comment (#481) by @​jdx in #481
• include runner image in cache key to prevent cross-provider collisions (#456) by @​jdx in #456
• install mise-shim.exe on Windows (#476) by @​risu729 in #476

⚙️ Miscellaneous Tasks

• (ci) use !cancelled() instead of always() for final job (#460) by @​jdx in #460
• (ci) remove autofix.ci workflow (#470) by @​jdx in #470
• (ci) add zizmor workflow for github actions security analysis (#471) by @​jdx in #471
• (ci) close failing or conflicted PRs sooner (#480) by @​jdx in #480
• add communique to enhance release notes (#411) by @​jdx in #411
• migrate from ncc (CJS) to rollup (ESM) (#436) by @​jdx in #436
• add final job to aggregate build-test results (#438) by @​jdx in #438
• migrate package manager from npm/pnpm/bun to aube (#455) by @​jdx in #455
• remove pull_request_target workflow (#469) by @​jdx in #469
• update aube tool version (#501) by @​jdx in #501

---

4.0.1 - 2026-03-22

🐛 Bug Fixes

• run npm install in pre-commit hook before build (#410) by @​jdx in #410

🚜 Refactor

• extract getCwd() helper to deduplicate working directory resolution (#403) by @​altendky in #403

📚 Documentation

• bump versions listed im README.md (#407) by @​deining in #407
• bump more versions listed in README.md (#408) by @​deining in #408

⚙️ Miscellaneous Tasks

• add workflow to auto-close stale PRs (#409) by @​jdx in #409

... (truncated)

Commits

• dba1968 chore: release v4.1.0 (#490)
• f91a09d fix(ci): resolve zizmor findings (#503)
• a9d72a2 chore(deps): update github/codeql-action action to v4.36.0 (#500)
• 1f56d95 chore(deps): update dependency @​actions/cache to v6.0.1 (#497)
• e47eed9 chore: update aube tool version (#501)
• 69c24ed chore(deps): update dependency aube to v1.15.0 (#498)
• 76f8407 chore(deps): update zizmorcore/zizmor-action action to v0.5.4 (#488)
• 4a84c91 chore(deps): update dependency eslint to v10.4.0 (#492)
• 4d5418b chore(deps): update dependency @​types/node to v24.12.4 (#485)
• e676099 chore(deps): update dependency typescript-eslint to v8.59.3 (#487)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[greptile-apps]

PR author is in the excluded authors list.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/jdx/mise-action	dba19683ed58901619b14f395a24841710cb4925	Unknown	Unknown
actions/jdx/mise-action	dba19683ed58901619b14f395a24841710cb4925	Unknown	Unknown

Scanned Files

• .github/workflows/contracts-mainnet-readiness.yml
• .github/workflows/reorg-sim.yml