lockfileMaintenance
messes up with vulnerability alerts and schedules
#22524
-
How are you running Renovate?Mend Renovate hosted app on github.com If you're self-hosting Renovate, tell us what version of Renovate you run.No response If you're self-hosting Renovate, select which platform you are using.None Was this something which used to work for you, and then stopped?It used to work, and then stopped Describe the problemThe real repository with this issue is jellyfin-vue. A minimal reproduction is located here The lockfieMaintenace option is messing the update logic of renovate in the following means:
I attached the full log of the run and also the specific parts where I think my points are better showcased. Relevant debug logsFull log
tauri-deps update being ignored
Have you created a minimal reproduction repository?I have linked to a minimal reproduction in the description above |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 10 replies
-
Please ensure that the renovate config is minimal. The config right now is large, which implies it's either not minimal, or it's a very narrow edge case |
Beta Was this translation helpful? Give feedback.
Here's what I found:
Ignore the security update - that's a red herring. Security updates intentionally bypass grouping and schedules, so that's why it popped up on its own, by design.
The
matchManagers=cargo
rule matches lock file maintenance updates too. i.e. all cargo updates including lock file maintenance are together. Then, the schedule for lock file maintenance applies to that branch too.I recommend against separateMajorMinor=true, but it's not the root cause of anything. It just makes the remaining config slightly longer.
You can see the "fixed" repo PR here: renovate-reproductions/22524#2
Check out the config within the same repo