Only Security Updates preset still raises updates for other packages #29509
-
What would you like help with?I think I found a bug How are you running Renovate?Mend Renovate hosted app on github.com If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate.No response Please tell us more about your question or problemhttps://github.com/adamlyka/renovate-minimal-reproduction I only want Renovate to create PR's for security updates, and my config is exactly as found in the docs: https://docs.renovatebot.com/presets-security/#securityonly-security-updates Though both still create pr's for other dependencies: Logs (if relevant)Logs
|
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 7 replies
-
@adamlyka Is this your current Renovate config then? {
"extends": [
"config:recommended"
],
"packageRules": [
{
"enabled": false,
"matchPackageNames": [
"*"
]
}
],
"vulnerabilityAlerts": {
"enabled": true
},
"osvVulnerabilityAlerts": true
} |
Beta Was this translation helpful? Give feedback.
-
Hi there, Get your discussion fixed faster by creating a minimal reproduction. This means a repository dedicated to reproducing this issue with the minimal dependencies and config possible. Before we start working on your issue we need to know exactly what's causing the current behavior. A minimal reproduction helps us with this. Discussions without reproductions are less likely to be converted to Issues. Please follow these steps:
Good luck, The Renovate team |
Beta Was this translation helpful? Give feedback.
-
Not reproducible on my end when using Full config: {
"extends": [
"config:recommended"
],
"packageRules": [
{
"enabled": false,
"matchPackagePatterns": [
"*"
]
}
],
"vulnerabilityAlerts": {
"enabled": true
},
"osvVulnerabilityAlerts": true
} Logs show disabled deps: {
"depType": "dependencies",
"depName": "express",
"currentValue": "^4.18.2",
"datasource": "npm",
"prettyDepType": "dependency",
"updates": [],
"packageName": "express",
"skipReason": "disabled"
},
{
"depType": "dependencies",
"depName": "sqlite3",
"currentValue": "^5.1.7",
"datasource": "npm",
"prettyDepType": "dependency",
"updates": [],
"packageName": "sqlite3",
"skipReason": "disabled"
},
.... |
Beta Was this translation helpful? Give feedback.
Addressed in this PR -> #29801