A small patch release that fixes mise install --locked making unnecessary GitHub Releases API calls even when the lockfile already contains pre-resolved URLs and checksums.
Fixed
mise install --lockedno longer makes unnecessary GitHub API calls -- The aqua backend's cosign verification path was unconditionally downloading checksum files via the GitHub Releases API, even when cosign was disabled in settings or the package had no cosign configuration. This causedmise install --lockedto fail in restricted network environments despite the lockfile having everything needed to install offline. The fix checkssettings.aqua.cosignand whether the package actually has cosign configured before attempting any download. #8753 by @jdx
Full Changelog: v2026.3.15...v2026.3.16