Dnf-automatic vs dnf --security

There is a difference between the output of dnf-automatic and dnf --security check-update

One claims there is no security updates needed …

dnf-automatic --installupdates

Last metadata expiration check: 0:04:20 ago on Mon 01 Nov 2021 15:25:23 GMT.
No security updates needed, but 74 updates available

But the other has quite a few

dnf --security check-update

Last metadata expiration check: 0:06:14 ago on Mon 01 Nov 2021 15:25:23 GMT.

bpftool.x86_64 4.18.0-305.19.1.el8_4 baseos
kernel.x86_64 4.18.0-305.19.1.el8_4 baseos
kernel-core.x86_64 4.18.0-305.19.1.el8_4 baseos
kernel-devel.x86_64 4.18.0-305.19.1.el8_4 baseos
kernel-headers.x86_64 4.18.0-305.19.1.el8_4 baseos
kernel-modules.x86_64 4.18.0-305.19.1.el8_4 baseos

Im not clear at all why this is happening. Has anyone else noticed this or can offer some advice ?



Well mysteriously last night machines actually did patch automatically as hoped for. I have it on 4 such machines and it went through.

I am using this in cron to detect if there is a reboot is needed (kernel patching):
dnf needs-restarting -r >/dev/null || /sbin/shutdown -r now needs-restarting