diff --git a/lib/config/definitions.ts b/lib/config/definitions.ts
index 45050769c6140ddf5d063878c0952aa0d3312ecb..63fc47ded228abb5a60386281fb9814af08758f9 100644
--- a/lib/config/definitions.ts
+++ b/lib/config/definitions.ts
@@ -1264,7 +1264,7 @@ const options: RenovateOptions[] = [
       groupName: null,
       schedule: [],
       dependencyDashboardApproval: false,
-      rangeStrategy: 'update-lockfile',
+      rangeStrategy: 'bump',
       commitMessageSuffix: '[SECURITY]',
       branchTopic: `{{{datasource}}}-{{{depName}}}-vulnerability`,
       prCreation: 'immediate',
diff --git a/lib/workers/repository/init/__snapshots__/vulnerability.spec.ts.snap b/lib/workers/repository/init/__snapshots__/vulnerability.spec.ts.snap
index 446c9640bcf9cfd1208b13b02faf9aea6bb8acee..692d19e3b2fbf31a64c67763ae1ab6060a3963a2 100644
--- a/lib/workers/repository/init/__snapshots__/vulnerability.spec.ts.snap
+++ b/lib/workers/repository/init/__snapshots__/vulnerability.spec.ts.snap
@@ -10,7 +10,7 @@ Array [
       "dependencyDashboardApproval": false,
       "groupName": null,
       "prCreation": "immediate",
-      "rangeStrategy": "update-lockfile",
+      "rangeStrategy": "bump",
       "schedule": Array [],
     },
     "matchCurrentVersion": "= 1.8.2",
@@ -39,7 +39,7 @@ Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3
       "dependencyDashboardApproval": false,
       "groupName": null,
       "prCreation": "immediate",
-      "rangeStrategy": "update-lockfile",
+      "rangeStrategy": "bump",
       "schedule": Array [],
     },
     "matchCurrentVersion": "= 1.6.7",
@@ -83,7 +83,7 @@ Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validati
       "dependencyDashboardApproval": false,
       "groupName": null,
       "prCreation": "immediate",
-      "rangeStrategy": "update-lockfile",
+      "rangeStrategy": "bump",
       "schedule": Array [],
     },
     "matchCurrentVersion": "= 2.4.2",