diff --git a/.github/dependency-review-config.yml b/.github/dependency-review-config.yml
index 7ec450c..77b80c1 100644
--- a/.github/dependency-review-config.yml
+++ b/.github/dependency-review-config.yml
@@ -11,7 +11,8 @@ comment_summary_in_pr: always
 # Any number of packages (in purl format) to block in a PR.
 # Unfortunately, while there is a draft purl spec for specifying a range of package versions, it is not yet merged into the actual spec.
 # Until this happens, we will need to specify each version individually.
-deny_packages: pkg:maven/org.apache.logging.log4j/log4j-core@2.16.0
+deny_packages: 
+  - "pkg:maven/org.apache.logging.log4j/log4j-core@2.16.0"
 # Enable or disable retrying the action every 10 seconds while waiting for dependency submission actions to complete.
 # This will have no effect on GHES until the Dependency Submission API is available.
 retry_on_snapshot_warnings: true