Skip to content
Discussion options

You must be logged in to vote

Hey, I have found the issue. There is a problem in one of your presets:

https://github.com/mui/mui-public/blob/a646322dc5697683ef464c5a05a0de6240de9f05/renovate/default.json#L103

This package rule tried to use isVulnerabilityAlert as a matcher but it is not one, hence this leaks into all deps/PR which use npm datasource converting them into security updates :)

The fix would be to move the task into the top-level vulnerabilityAlerts object (in default.json) and delete the packageRule.

Replies: 1 comment 1 reply

Comment options

You must be logged in to vote
1 reply
@RahulGautamSingh
Comment options

Answer selected by RahulGautamSingh
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
2 participants