Issue with filtering Vulnerability Alerts MR creation using matchJsonata matcher in Renovate v39.96.0

[kush225]

How are you running Renovate?

Self-hosted Renovate

If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate.

giltab - v39.96.0,

Please tell us more about your question or problem

I am currently using Renovate version v39.96.0, and I’ve encountered an issue with the configuration related to creating merge requests (MRs) for vulnerabilities of type security with severity levels CRITICAL, HIGH, or UNKNOWN. Despite configuring the rules according to the example outlined in issue #27838, it seems like it's creating MRs of all severity levels, so matchJsonata matcher is not working properly, the expected behavior should be only MRs of type security with the severity levels CRITICAL, HIGH, or UNKNOWN are created.

Here is the configuration I’m using:

{
  "packageRules": [
    {
      "enabled": true,
      "matchJsonata": [
        "$exists(vulnerabilitySeverity) and vulnerabilitySeverity='CRITICAL'",
        "$exists(vulnerabilitySeverity) and vulnerabilitySeverity='HIGH'",
        "$exists(vulnerabilitySeverity) and vulnerabilitySeverity='UNKNOWN'"
      ]

    }
  ],
  "vulnerabilityAlerts": {
    "enabled": true,
    "labels": ["security"],
    "commitMessageSuffix": "[SECURITY-{{{vulnerabilitySeverity}}}]"
  },
  "osvVulnerabilityAlerts": true
}

Questions:

1. Is there an issue with the way I’ve configured the matchJsonata rules for filtering based on vulnerabilitySeverity?
2. Could this be related to the implementation of vulnerability alerts in Renovate, or is there a different approach I should be taking to achieve this filtering?

I would appreciate any insights into whether this is a configuration issue or a potential bug with Renovate.

Thank you for your help!

Logs (if relevant)

Logs

Replace this text with your logs, between the starting and ending triple backticks