From eb65890934fc9b2999a646ba10920d45fab1b506 Mon Sep 17 00:00:00 2001
From: Alex Wilson <awilson@esri.com>
Date: Tue, 27 Feb 2024 13:37:22 -0700
Subject: [PATCH 1/3] Update DependencyReview.yml

---
 .github/workflows/DependencyReview.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/DependencyReview.yml b/.github/workflows/DependencyReview.yml
index a5747ea..53c6dd7 100644
--- a/.github/workflows/DependencyReview.yml
+++ b/.github/workflows/DependencyReview.yml
@@ -14,12 +14,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v3
+        uses: actions/dependency-review-action@v4
         with:
           # This argument supplies the configuration file in this repo to your action.
           config-file: './.github/dependency-review-config.yml'
           # You only need this if the repo containing the config file is not publicly accessible.
           # This currently includes all GHES repos.
-          #external-repo-token: ${{ secrets.GITHUB_TOKEN }} # or a personal access token
\ No newline at end of file
+          #external-repo-token: ${{ secrets.GITHUB_TOKEN }} # or a personal access token

From 1a27fb7a7c9f9475348ec6b5d98332d41c5772bf Mon Sep 17 00:00:00 2001
From: Alex Wilson <awilson@esri.com>
Date: Tue, 27 Feb 2024 13:39:12 -0700
Subject: [PATCH 2/3] Update pom.xml

Should be blocked by deny-group check.
---
 my-app/pom.xml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/my-app/pom.xml b/my-app/pom.xml
index 8671f90..f617983 100644
--- a/my-app/pom.xml
+++ b/my-app/pom.xml
@@ -19,6 +19,12 @@
   </properties>
 
   <dependencies>
+    <!-- https://mvnrepository.com/artifact/log4j/log4j -->
+    <dependency>
+        <groupId>log4j</groupId>
+        <artifactId>log4j</artifactId>
+        <version>1.2.17</version>
+    </dependency>
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>

From d7f1fae1a15e4a512f1a62641933e573e7e2060a Mon Sep 17 00:00:00 2001
From: Alex Wilson <awilson@esri.com>
Date: Tue, 27 Feb 2024 13:46:44 -0700
Subject: [PATCH 3/3] Update dependency-review-config.yml

Removing deny group
---
 .github/dependency-review-config.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/dependency-review-config.yml b/.github/dependency-review-config.yml
index e39a95b..203a04b 100644
--- a/.github/dependency-review-config.yml
+++ b/.github/dependency-review-config.yml
@@ -65,9 +65,9 @@ deny_packages:
   - 'pkg:maven/org.apache.logging.log4j/log4j-core@2.0-alpha2'
   - 'pkg:maven/org.apache.logging.log4j/log4j-core@2.0-alpha1'
 # Any number of groups (namespaces in purl format) to block in a PR.
-deny_groups:
+#deny_groups:
   # All log4j v1
-  - 'pkg:maven/log4j'
+  #- 'pkg:maven/log4j'
 # Enable or disable retrying the action every 10 seconds while waiting for dependency submission actions to complete.
 # This will have no effect on GHES until the Dependency Submission API is available.
 retry_on_snapshot_warnings: true
@@ -78,4 +78,4 @@ warn_only: true
 # We are not going to run license checks for now.
 # We will look into running them later.
 # This check doesn't run on GHES anyway due to limitations in the API, so enabling it would only change things in github.com
-license_check: false
\ No newline at end of file
+license_check: false