[BUG] API call in getVulnerabilityAlerts function lacks pagination, misses alerts

[jporzucek]

How are you running Renovate?

A Mend.io-hosted app

If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate.

No response

Please tell us more about your question or problem

Summary

Renovate's getVulnerabilityAlerts function lacks pagination, causing security alerts to be missed when repositories have >100 Dependabot alerts.

Issue

• Location: lib/modules/platform/github/index.ts
• Function: getVulnerabilityAlerts
• Problem: No pagination in GraphQL query, only fetches first 100 alerts

Impact

• Users think security is monitored when alerts are missed
• Most vulnerable repositories (many alerts) are most affected
• Silent failure with no indication of missed alerts

Fix

Add pagination support to fetch all alerts, not just first 100. Simple fix - set pagination parameter to true in API request.

Reproduction

1. Create repo with >100 Dependabot alerts
2. Enable Renovate with vulnerabilityAlerts
3. Observe only first 100 alerts processed (look up for GitHub vulnerability details entry in logs)

Logs (if relevant)

No response

[jporzucek]

Fixed in #37395