dependabot · efcasado · Mar 17, 2026 · Mar 26, 2026
@@ -71,6 +71,9 @@ julia:
 maven:
   - *shared
   - 'maven/**'
+mise:
+  - *shared
+  - 'mise/**'
 nix:
   - *shared
   - 'nix/**'

@@ -87,3 +87,6 @@
 
 "L: nix":
     - '(nix)'
+
+"L: mise":
+    - '(mise)'
@@ -47,6 +47,9 @@ hex:
 maven:
   - *common
   - 'maven/**'
+mise:
+  - *common
+  - 'mise/**'
 nix:
   - *common
   - 'nix/**'

@@ -79,6 +79,11 @@
     "test": "maven",
     "ecosystem": "maven"
   },
+  {
+    "core": "mise",
+    "test": "mise",
+    "ecosystem": "mise"
+  },
   {
     "core": "nix",
     "test": "nix",

@@ -40,6 +40,7 @@ jobs:
           - { path: hex, name: hex, ecosystem: mix }
           - { path: julia, name: julia, ecosystem: julia }
           - { path: maven, name: maven, ecosystem: maven }
+          - { path: mise, name: mise, ecosystem: mise }
           - { path: nix, name: nix, ecosystem: nix }
           - { path: npm_and_yarn, name: npm_and_yarn, ecosystem: npm }
           - { path: nuget, name: nuget, ecosystem: nuget }

@@ -81,6 +81,7 @@ jobs:
           - { name: hex, ecosystem: mix }
           - { name: julia, ecosystem: julia }
           - { name: maven, ecosystem: maven }
+          - { name: mise, ecosystem: mise }
           - { name: nix, ecosystem: nix }
           - { name: npm_and_yarn, ecosystem: npm }
           - { name: nuget, ecosystem: nuget }

@@ -55,6 +55,7 @@ jobs:
           - { name: hex, ecosystem: mix }
           - { name: julia, ecosystem: julia }
           - { name: maven, ecosystem: maven }
+          - { name: mise, ecosystem: mise }
           - { name: nix, ecosystem: nix }
           - { name: npm_and_yarn, ecosystem: npm }
           - { name: nuget, ecosystem: nuget }

@@ -162,7 +162,7 @@ COPY --chown=dependabot:dependabot updater/Gemfile updater/Gemfile.lock dependab
 COPY --chown=dependabot:dependabot --parents */.bundle */*.gemspec common/lib/dependabot.rb LICENSE omnibus $DEPENDABOT_HOME
 
 # This ARG must be updated when adding/removing ecosystems - it invalidates Docker layer cache
-ARG ECOSYSTEM_LIST="bazel bun bundler cargo composer conda devcontainers docker docker_compose dotnet_sdk elm git_submodules github_actions go_modules gradle helm hex julia maven nix npm_and_yarn nuget opentofu pre_commit pub python rust_toolchain silent swift terraform uv vcpkg"
+ARG ECOSYSTEM_LIST="bazel bun bundler cargo composer conda devcontainers docker docker_compose dotnet_sdk elm git_submodules github_actions go_modules gradle helm hex julia maven mise nix npm_and_yarn nuget opentofu pre_commit pub python rust_toolchain silent swift terraform uv vcpkg"
 # prevent having all the source in every ecosystem image
 RUN for ecosystem in $ECOSYSTEM_LIST; do \
     mkdir -p $ecosystem/lib/dependabot; \

@@ -22,6 +22,7 @@ gem "dependabot-helm", path: "helm"
 gem "dependabot-hex", path: "hex"
 gem "dependabot-julia", path: "julia"
 gem "dependabot-maven", path: "maven"
+gem "dependabot-mise", path: "mise"
 gem "dependabot-npm_and_yarn", path: "npm_and_yarn"
 gem "dependabot-nuget", path: "nuget"
 gem "dependabot-opentofu", path: "opentofu"

@@ -144,6 +144,12 @@ PATH
       dependabot-common (= 0.369.0)
       rexml (~> 3.4.1)
 
+PATH
+  remote: mise
+  specs:
+    dependabot-mise (0.369.0)
+      dependabot-common (= 0.369.0)
+
 PATH
   remote: npm_and_yarn
   specs:
@@ -504,6 +510,7 @@ DEPENDENCIES
   dependabot-hex!
   dependabot-julia!
   dependabot-maven!
+  dependabot-mise!
   dependabot-npm_and_yarn!
   dependabot-nuget!
   dependabot-opentofu!
@@ -572,6 +579,7 @@ CHECKSUMS
   dependabot-hex (0.369.0)
   dependabot-julia (0.369.0)
   dependabot-maven (0.369.0)
+  dependabot-mise (0.369.0)
   dependabot-npm_and_yarn (0.369.0)
   dependabot-nuget (0.369.0)
   dependabot-opentofu (0.369.0)

@@ -240,6 +240,12 @@ docker run --rm -ti \
   -v "$(pwd)/maven/lib:$CODE_DIR/maven/lib" \
   -v "$(pwd)/maven/script:$CODE_DIR/maven/script" \
   -v "$(pwd)/maven/spec:$CODE_DIR/maven/spec" \
+  -v "$(pwd)/mise/.rubocop.yml:$CODE_DIR/mise/.rubocop.yml" \
+  -v "$(pwd)/mise/dependabot-mise.gemspec:$CODE_DIR/mise/dependabot-mise.gemspec" \
+  -v "$(pwd)/mise/helpers:$CODE_DIR/mise/helpers" \
+  -v "$(pwd)/mise/lib:$CODE_DIR/mise/lib" \
+  -v "$(pwd)/mise/script:$CODE_DIR/mise/script" \
+  -v "$(pwd)/mise/spec:$CODE_DIR/mise/spec" \
   -v "$(pwd)/npm_and_yarn/.rubocop.yml:$CODE_DIR/npm_and_yarn/.rubocop.yml" \
   -v "$(pwd)/npm_and_yarn/dependabot-npm_and_yarn.gemspec:$CODE_DIR/npm_and_yarn/dependabot-npm_and_yarn.gemspec" \
   -v "$(pwd)/npm_and_yarn/helpers:$CODE_DIR/npm_and_yarn/helpers" \

@@ -35,6 +35,7 @@
 # - helm
 # - hex
 # - maven
+# - mise
 # - npm_and_yarn
 # - nuget
 # - pip (includes pipenv)
@@ -79,6 +80,7 @@
 $LOAD_PATH << "./hex/lib"
 $LOAD_PATH << "./julia/lib"
 $LOAD_PATH << "./maven/lib"
+$LOAD_PATH << "./mise/lib"
 $LOAD_PATH << "./nix/lib"
 $LOAD_PATH << "./npm_and_yarn/lib"
 $LOAD_PATH << "./nuget/lib"
@@ -137,6 +139,7 @@
 require "dependabot/hex"
 require "dependabot/julia"
 require "dependabot/maven"
+require "dependabot/mise"
 require "dependabot/npm_and_yarn"
 require "dependabot/nuget"
 require "dependabot/pre_commit"
@@ -380,6 +383,7 @@
   helm
   hex
   maven
+  mise
   npm_and_yarn
   nuget
   pip

@@ -78,6 +78,7 @@ def self.parse(config)
           "helm" => "helm",
           "julia" => "julia",
           "maven" => "maven",
+          "mise" => "mise",
           "mix" => "hex",
           "nix" => "nix",
           "npm" => "npm_and_yarn",

@@ -0,0 +1 @@
+BUNDLE_GEMFILE: "../dependabot-updater/Gemfile"
@@ -0,0 +1,4 @@
+/.bundle/*
+!.bundle/config
+/tmp
+/dependabot-*.gem
@@ -0,0 +1 @@
+inherit_from: ../.rubocop.yml
@@ -0,0 +1,15 @@
+# syntax=docker.io/docker/dockerfile:1.20
+FROM ghcr.io/dependabot/dependabot-updater-core
+
+ARG MISE_VERSION=v2026.3.9
+RUN curl -fsSL https://github.com/jdx/mise/releases/download/${MISE_VERSION}/install.sh \
+    | MISE_INSTALL_PATH=/usr/local/bin/mise sh
+
+USER dependabot
+
+# required by mise's npm backend
+RUN MISE_YES=1 mise use -g node@lts
+
+
+COPY --chown=dependabot:dependabot --parents mise common $DEPENDABOT_HOME/
+COPY --chown=dependabot:dependabot updater $DEPENDABOT_HOME/dependabot-updater
@@ -0,0 +1,18 @@
+## `dependabot-mise`
+
+Mise support for [`dependabot-core`][core-repo].
+
+### Running locally
+
+1. Start a development shell
+
+  ```
+  $ bin/docker-dev-shell mise
+  ```
+
+2. Run tests
+  ```
+  [dependabot-core-dev] ~ $ cd mise && rspec
+  ```
+
+[core-repo]: https://github.com/dependabot/dependabot-core
@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+Gem::Specification.new do |spec|
+  common_gemspec =
+    Bundler.load_gemspec_uncached("../common/dependabot-common.gemspec")
+
+  spec.name         = "dependabot-mise"
+  spec.summary      = "Provides Dependabot support for mise"
+  spec.description  = "Dependabot-mise provides support for bumping mise dependencies via Dependabot. " \
+                      "If you want support for multiple package managers, you probably want the meta-gem " \
+                      "dependabot-omnibus."
+
+  spec.author       = common_gemspec.author
+  spec.email        = common_gemspec.email
+  spec.homepage     = common_gemspec.homepage
+  spec.license      = common_gemspec.license
+
+  spec.metadata = {
+    "bug_tracker_uri" => common_gemspec.metadata["bug_tracker_uri"],
+    "changelog_uri" => common_gemspec.metadata["changelog_uri"]
+  }
+
+  spec.version = common_gemspec.version
+  spec.required_ruby_version = common_gemspec.required_ruby_version
+  spec.required_rubygems_version = common_gemspec.required_ruby_version
+
+  spec.require_path = "lib"
+  spec.files        = Dir["lib/**/*"]
+
+  spec.add_dependency "dependabot-common", Dependabot::VERSION
+
+  common_gemspec.development_dependencies.each do |dep|
+    spec.add_development_dependency dep.name, *dep.requirement.as_list
+  end
+end
@@ -0,0 +1,22 @@
+# typed: strong
+# frozen_string_literal: true
+
+# These all need to be required so the various classes can be registered in a
+# lookup table of package manager names to concrete classes.
+require "dependabot/mise/version"
+require "dependabot/mise/requirement"
+require "dependabot/mise/metadata_finder"
+require "dependabot/mise/file_fetcher"
+require "dependabot/mise/file_parser"
+require "dependabot/mise/update_checker"
+require "dependabot/mise/file_updater"
+
+# 8B2252 is used as vp-c-brand-1 in mise's official website
+require "dependabot/pull_request_creator/labeler"
+Dependabot::PullRequestCreator::Labeler
+  .register_label_details("mise", name: "mise", colour: "8B2252")
+
+require "dependabot/dependency"
+Dependabot::Dependency.register_production_check("mise", ->(_) { true })
+
+Dependabot::Utils.register_version_class("mise", Dependabot::Mise::Version)
@@ -0,0 +1,66 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "dependabot/file_fetchers"
+require "dependabot/file_fetchers/base"
+
+module Dependabot
+  module Mise
+    class FileFetcher < Dependabot::FileFetchers::Base
+      extend T::Sig
+
+      sig { override.returns(String) }
+      def self.required_files_message
+        "Repo must contain a mise configuration file " \
+          "(mise.toml, .mise.toml, mise.<env>.toml, or .mise.<env>.toml)."
+      end
+
+      sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
+      def self.required_files_in?(filenames)
+        filenames.any? { |filename| mise_config_file?(filename) }
+      end
+
+      sig { params(filename: String).returns(T::Boolean) }
+      def self.mise_config_file?(filename)
+        filename == "mise.toml" ||
+          filename == ".mise.toml" ||
+          filename.match?(/^mise\.[a-zA-Z0-9_-]+\.toml$/) || # mise.<env>.toml
+          filename.match?(/^\.mise\.[a-zA-Z0-9_-]+\.toml$/) # .mise.<env>.toml
+      end
+
+      sig { override.returns(T::Array[DependencyFile]) }
+      def fetch_files
+        # Implement beta feature flag check
+        unless allow_beta_ecosystems?
+          raise Dependabot::DependencyFileNotFound.new(
+            nil,
+            "Mise support is currently in beta. Set ALLOW_BETA_ECOSYSTEMS=true to enable it."
+          )
+        end
+
+        # Fetch all mise config files that exist in the repo
+        fetched_files = repo_contents.filter_map do |file|
+          # Access properties directly - repo_contents items have name and type
+          next unless file.type == "file"
+          next unless self.class.mise_config_file?(file.name)
+
+          fetch_file_from_host(file.name)
+        end
+
+        return fetched_files unless fetched_files.empty?
+
+        raise Dependabot::DependencyFileNotFound.new(
+          "mise.toml",
+          "No mise configuration file found"
+        )
+      end
+
+      sig { override.returns(T.nilable(T::Hash[Symbol, T.untyped])) }
+      def ecosystem_versions
+        nil
+      end
+    end
+  end
+end
+
+Dependabot::FileFetchers.register("mise", Dependabot::Mise::FileFetcher)
-Original file line number
+Diff line change
@@ Expand Up / @@ -71,6 +71,9 @@ julia: @@
     maven:
       - *shared
       - 'maven/**'
+    mise:
+      - *shared
+      - 'mise/**'
     nix:
       - *shared
       - 'nix/**'
@@ Expand Down @@
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		BUNDLE_GEMFILE: "../dependabot-updater/Gemfile"