From 30337fcf587c6edbd3dfaba0e8c279cf718cf4b0 Mon Sep 17 00:00:00 2001
From: "Piotr P. Karwasz" <pkarwasz-github@apache.org>
Date: Thu, 11 Dec 2025 22:55:23 +0100
Subject: [PATCH] Fix Dependabot configuration

This change restores a valid Dependabot configuration that was broken in #3990 (see the failing GHA run: [57824321555](https://github.com/apache/logging-log4j2/runs/57824321555)).

Because GitHub does not validate Dependabot configuration files before merge, the fix is based **entirely** on the documented format and examples in the [Dependabot options reference](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#exclude-paths-).

**Note:** Dependabot appears to interpret the `exclude-paths` key differently from `directories`; unlike `directories`, `exclude-paths` does **not** require a leading slash.
---
 .github/dependabot.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
index 739cbc2728f..3dfa7865b77 100644
--- a/.github/dependabot.yaml
+++ b/.github/dependabot.yaml
@@ -48,8 +48,8 @@ updates:
     exclude-paths:
       # These use versions of MongoDB and SLF4J different
       # from the remaining artifacts
-      - "/log4j-mongodb4"
-      - "/log4j-slf4j-impl"
+      - "log4j-mongodb4/**"
+      - "log4j-slf4j-impl/**"
     schedule:
       interval: "monthly"
     groups: