Renovate cannot read vulnerability alerts. #9396
-
I am trying to automate the creation of pull requests for vulnerabilities, but they are not being created. Refering this issue, I created a configuration that intentionally specifies the package that contains the vulnerability and only creates the pull request for the vulnerability. https://github.com/va-lgtm/vulnerability-alerts-test/blob/fbe8ebef9ba7eeb165421f4b907fb55c4b8f720b/renovate.json node-forge@^0.9.1, as specified in the package.json of this repository, contains the following vulnerability. However, the log in the renovate dashboard shows the following, and it appears that no pull request has been created for the vulnerability.
If I am missing some settings or permissions, could you please let me know? FYI: Full log of renovate is bellow. logs
|
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 16 replies
-
You've disabled all managers, so no updates at all. Package rule is applied after global config, so you need s package rule to re-enable those security updates |
Beta Was this translation helpful? Give feedback.
-
I'm not looking at the config at all yet, because the log |
Beta Was this translation helpful? Give feedback.
I'm not looking at the config at all yet, because the log
DEBUG: Cannot read vulnerability alerts
usually indicates a permissions problem [Update: no it doesn't, it just means there are zero alerts] so I want to check that first. Please got to https://github.com/apps/renovate, Configure it for the applicable account, and then you should get to a URL likehttps://github.com/settings/installations/12345678
. Scroll down and see what it says in this section: