This is an automated email from the ASF dual-hosted git repository. pkarwasz pushed a commit to branch fix/2.x/dependabot-configuration in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
commit 30337fcf587c6edbd3dfaba0e8c279cf718cf4b0 Author: Piotr P. Karwasz <[email protected]> AuthorDate: Thu Dec 11 22:55:23 2025 +0100 Fix Dependabot configuration This change restores a valid Dependabot configuration that was broken in #3990 (see the failing GHA run: [57824321555](https://github.com/apache/logging-log4j2/runs/57824321555)). Because GitHub does not validate Dependabot configuration files before merge, the fix is based **entirely** on the documented format and examples in the [Dependabot options reference](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#exclude-paths-). **Note:** Dependabot appears to interpret the `exclude-paths` key differently from `directories`; unlike `directories`, `exclude-paths` does **not** require a leading slash. --- .github/dependabot.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 739cbc2728..3dfa7865b7 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -48,8 +48,8 @@ updates: exclude-paths: # These use versions of MongoDB and SLF4J different # from the remaining artifacts - - "/log4j-mongodb4" - - "/log4j-slf4j-impl" + - "log4j-mongodb4/**" + - "log4j-slf4j-impl/**" schedule: interval: "monthly" groups:
