Renovate not create PRs for vulnerabilityAlerts #22747
-
How are you running Renovate?Mend Renovate hosted app on github.com If you're self-hosting Renovate, tell us what version of Renovate you run.No response If you're self-hosting Renovate, select which platform you are using.None Was this something which used to work for you, and then stopped?I am trying to get this working for the first time Describe the problemRenovate App don't create vulnerabilityAlerts PRs. Dependabot detects them and is able to create its own PRs All settings are done as specified in https://docs.renovatebot.com/configuration-options/#vulnerabilityalerts You can double-check Renovate App and repo settings in the minimal reproduce repo. Minimal reproduce repo - https://github.com/MaxymVlasov/renovate-vuln-alerts Relevant debug logsLogs
Have you created a minimal reproduction repository?I have linked to a minimal reproduction in the description above |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 5 replies
-
There are two vulnerability alerts, both are indirect/transitive dependencies (in the lock file, not Pipfile). Looking at the two Dependabot PRs, they seem identical and seem to be a full lockfile refresh rather than anything targeted. You can achieve the same with Renovate by enabling the "lockFileMaintenance" feature. |
Beta Was this translation helpful? Give feedback.
There are two vulnerability alerts, both are indirect/transitive dependencies (in the lock file, not Pipfile).
Looking at the two Dependabot PRs, they seem identical and seem to be a full lockfile refresh rather than anything targeted. You can achieve the same with Renovate by enabling the "lockFileMaintenance" feature.