From fc0d31881c007bf0f77265f9d2379ddd6ffa77b0 Mon Sep 17 00:00:00 2001
From: edeleon <edeleon@newrelic.com>
Date: Wed, 20 Nov 2024 16:02:42 -0800
Subject: [PATCH 1/2] remove unrecognized configuration and fix typo

---
 .github/workflows/dependency-submission.yml | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/dependency-submission.yml b/.github/workflows/dependency-submission.yml
index de5d673..daad756 100644
--- a/.github/workflows/dependency-submission.yml
+++ b/.github/workflows/dependency-submission.yml
@@ -4,10 +4,7 @@
 #
 # Purpose: It generates and submits a dependency graph to the GitHub Dependency Submission API. The graph is used to
 # trigger Dependabot Alerts for vulnerable dependencies, and to populate the Dependency Graph insights view in GitHub.
-#
-# Excludes:
-# - Test-only dependencies
-# - Modules named `core-test` and `examples`
+
 
 name: Dependency Submission
 
@@ -32,8 +29,6 @@ jobs:
       - name: Generate and submit dependency graph
         uses: gradle/actions/dependency-submission@d156388eb19639ec20ade50009f3d199ce1e2808 # pin@v4
         with:
-          dependency-graph-exclude-configurations: '.*[Tt]est(Compile|Runtime)Classpath'
-          dependency-graph-exclude-projects: ':core-test, :examples'
           build-scan-publish: true
-          build-scan-terms-of-use-url: "https://gralde.com/help/legal-terms-of-use"
+          build-scan-terms-of-use-url: "https://gradle.com/help/legal-terms-of-use"
           build-scan-terms-of-use-agree: "yes"

From 6fa4013daf5224ef9cb9d8113de4417e6251bca8 Mon Sep 17 00:00:00 2001
From: edeleon <edeleon@newrelic.com>
Date: Wed, 20 Nov 2024 16:12:11 -0800
Subject: [PATCH 2/2] add dependabot.yml for scanning config

---
 .github/dependabot.yml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..10867ab
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,22 @@
+# Dependabot Configuration
+#
+# This configuration file specifies the settings for Dependabot Scanning.
+# It monitors the Gradle dependencies in the specified subprojects and runs checks
+# on a weekly basis. This will only provide vulnerability alerts and will not create
+# pull requests for version updates.
+
+version: 2
+updates:
+  - package-ecosystem: "gradle"
+    directories:
+      - "/core"
+      - "/dropwizard"
+      - "/jul"
+      - "/log4j1"
+      - "/log4j2"
+      - "/logback"
+      - "/logback11"
+      - "/performance"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 0
\ No newline at end of file