From 98ed29c74b4aae9b1d7386e66966956edab42f77 Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@arkins.net>
Date: Tue, 8 Feb 2022 08:55:27 +0100
Subject: [PATCH] fix(npm): don't disable lock file updates when remediating
 (#14082)

---
 .../repository/init/__snapshots__/vulnerability.spec.ts.snap    | 1 -
 lib/workers/repository/init/vulnerability.ts                    | 2 --
 2 files changed, 3 deletions(-)

diff --git a/lib/workers/repository/init/__snapshots__/vulnerability.spec.ts.snap b/lib/workers/repository/init/__snapshots__/vulnerability.spec.ts.snap
index b96003fda5..e4f34d30fd 100644
--- a/lib/workers/repository/init/__snapshots__/vulnerability.spec.ts.snap
+++ b/lib/workers/repository/init/__snapshots__/vulnerability.spec.ts.snap
@@ -3,7 +3,6 @@
 exports[`workers/repository/init/vulnerability detectVulnerabilityAlerts() returns alerts and remediations 1`] = `
 Array [
   Object {
-    "enabled": false,
     "matchCurrentVersion": "= 1.8.2",
     "matchDatasources": Array [
       "npm",
diff --git a/lib/workers/repository/init/vulnerability.ts b/lib/workers/repository/init/vulnerability.ts
index b0dc3e7d29..439f1e9443 100644
--- a/lib/workers/repository/init/vulnerability.ts
+++ b/lib/workers/repository/init/vulnerability.ts
@@ -208,8 +208,6 @@ export async function detectVulnerabilityAlerts(
               prBodyNotes,
             };
             config.remediations[fileName].push(remediation);
-            // Disable the package rule as all vulnerabilities will be remediated via the lock file
-            matchRule.enabled = false;
           } else {
             // Remediate only direct dependencies
             matchRule = {
-- 
GitLab