Skip to content

Fix Dependabot configuration #3997

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ppkarwasz merged 1 commit into from
Dec 11, 2025
Merged

Fix Dependabot configuration #3997

ppkarwasz merged 1 commit into from
Dec 11, 2025

Conversation

@ppkarwasz
Copy link
Contributor

@ppkarwasz ppkarwasz commented Dec 11, 2025

This change restores a valid Dependabot configuration that was broken in #3990 (see the failing GHA run: 57824321555).

Because GitHub does not validate Dependabot configuration files before merge, the fix is based entirely on the documented format and examples in the Dependabot options reference.

Note: Dependabot appears to interpret the exclude-paths key differently from directories; unlike directories, exclude-paths does not require a leading slash.

@ppkarwasz
Fix Dependabot configuration
30337fc 
This change restores a valid Dependabot configuration that was broken in #3990 (see the failing GHA run: [57824321555](https://github.com/apache/logging-log4j2/runs/57824321555)).

Because GitHub does not validate Dependabot configuration files before merge, the fix is based **entirely** on the documented format and examples in the [Dependabot options reference](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#exclude-paths-).

**Note:** Dependabot appears to interpret the `exclude-paths` key differently from `directories`; unlike `directories`, `exclude-paths` does **not** require a leading slash.
@ppkarwasz ppkarwasz enabled auto-merge (squash) December 11, 2025 21:56
FreeAndNil
FreeAndNil approved these changes Dec 11, 2025
View reviewed changes
Copy link

@FreeAndNil FreeAndNil left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ppkarwasz ppkarwasz merged commit 5cd8887 into 2.x Dec 11, 2025
5 checks passed
@ppkarwasz ppkarwasz deleted the fix/2.x/dependabot-configuration branch December 11, 2025 22:16
@github-project-automation github-project-automation bot moved this from Approved to Merged in Log4j pull request tracker Dec 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@FreeAndNil FreeAndNil FreeAndNil approved these changes

Assignees

No one assigned

Labels

None yet

Projects

Log4j pull request tracker
Status: Merged

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ppkarwasz @FreeAndNil