Renovate creates only a fraction of PRs for Dependabot security alert #29650
-
What would you like help with?I think I found a bug How are you running Renovate?Mend Renovate hosted app on github.com If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate.No response Please tell us more about your question or problemI have a test repo that has 17 open Dependabot alerts, 3 of which are found by Renovate. https://github.com/MShekow/sec-test Configuration: {
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:recommended",
":disableRateLimiting"
],
"labels": ["dependencies"],
"vulnerabilityAlerts": {
"labels": ["security", "dependencies"],
},
"baseBranches": ["main"],
"forkProcessing": "enabled"
} Any ideas? The log is not really helpful. For instance, if I search for "mio" (a Rust dependency for which the PR is missing), it appears at the top of the log, but is never mentioned anymore towards the bottom (where PR creation happens). Logs (if relevant)Logs
|
Beta Was this translation helpful? Give feedback.
Answered by
viceice
Jun 13, 2024
Replies: 1 comment 1 reply
-
not a bug, renovate doesn't support transitive dependency upgrades. |
Beta Was this translation helpful? Give feedback.
1 reply
Answer selected by
MShekow
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
not a bug, renovate doesn't support transitive dependency upgrades.