Renovate not creating PRs to update npm security vulnerabilities by Dependabot #28451
Answered
by
viceice
pbas-bs
asked this question in
Request Help
-
What would you like help with?I would like help with my configuration How are you running Renovate?Mend Renovate hosted app on github.com If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate.No response Please tell us more about your question or problemI am trying to have Renovate open a PR when Dependabot alerts a security vulnerability. I have a security vulnerability reported: My renovate configuration enables security vulnerabilities and transitive remediation: {
$schema: "https://docs.renovatebot.com/renovate-schema.json",
extends: [
"config:base",
"schedule:weekly",
":autodetectPinVersions",
":enableVulnerabilityAlerts",
":labels(dependencies)",
":preserveSemverRanges",
":prImmediately",
":rebaseStalePrs",
":semanticCommits",
":semanticPrefixChore",
":separateMajorReleases",
":timezone(Europe/Rome)",
],
packageRules: [
{
groupName: "node minor + patch dependencies",
matchManagers: ["npm"],
matchUpdateTypes: ["minor", "patch"],
},
],
draftPR: true,
reviewersFromCodeOwners: false,
reviewersSampleSize: 1,
stabilityDays: 2,
vulnerabilityAlerts: {
enabled: true,
draftPR: false,
reviewersFromCodeOwners: true,
},
prConcurrentLimit: 3,
prHourlyLimit: 2,
enabledManagers: ["npm"],
transitiveRemediation: true,
} From the logs it appears as Renovate finds the two allerts. Logs (if relevant)Logs
|
Beta Was this translation helpful? Give feedback.
Answered by
viceice
Apr 16, 2024
Replies: 1 comment 13 replies
-
check |
Beta Was this translation helpful? Give feedback.
13 replies
Answer selected by
pbas-bs
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
check
packageFiles with updates
message. renovate can't update transitive npm dependencies