Release v2026.5.11: Provenance verification at lock time (opens in new tab)

jdx/mise ( dev tools, env vars, task runner #Rust Added (security) Verify and record provenance during mise lock, with a new provenance_api_failures_fatal setting to control whether GitHub attestation API failures are fatal (#9945 by @jdx). (security) Fall back to verifying archive contents when SLSA provenance attests every file inside an archive but not the archive itself, fixing releases like github:prefix-dev/pixi@0.68.1 (#9898 by @sargunv). (plugins) Support remote git subdirectory sourc...