docs/usage/configuration-options.md

@@ -4004,3 +4004,7 @@ To disable the vulnerability alerts feature, set `enabled=false` in a `vulnerabi
   }
 }
 ```
+
+<!-- prettier-ignore -->
+!!! note
+    If you want to raise only vulnerability fix PRs, you may use the `security:only-security-updates` preset.

lib/config/presets/internal/security.ts

@@ -21,4 +21,19 @@ export const presets: Record<string, Preset> = {
       },
     ],
   },
+  'only-security-updates': {
+    description:
+      'Only update dependencies if vulnerabilities have been detected.',
+    extends: ['config:recommended'],
+    packageRules: [
+      {
+        enabled: false,
+        matchPackageNames: ['*'],
+      },
+    ],
+    vulnerabilityAlerts: {
+      enabled: true,
+    },
+    osvVulnerabilityAlerts: true,
+  },
 };