From d71dd90b9e30512bc754971792bf2c82322037de Mon Sep 17 00:00:00 2001
From: Scott Leggett <scott@sl.id.au>
Date: Mon, 5 Jan 2026 18:49:11 +0800
Subject: [PATCH] chore: update dependency-review allowlist

---
 .github/dependency-review-config.yaml | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/.github/dependency-review-config.yaml b/.github/dependency-review-config.yaml
index 08389a1..e6a54f0 100644
--- a/.github/dependency-review-config.yaml
+++ b/.github/dependency-review-config.yaml
@@ -1,15 +1,27 @@
-# https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md
+# https://github.com/cncf/foundation/blob/main/policies-guidance/allowed-third-party-license-policy.md
 allow-licenses:
+# default allowed
 - 'Apache-2.0'
+# explicit CNCF allowlist
+- '0BSD'
 - 'BSD-2-Clause'
 - 'BSD-2-Clause-FreeBSD'
 - 'BSD-3-Clause'
 - 'ISC'
 - 'MIT'
+- 'MIT-0'
+- 'OpenSSL'
+- 'OpenSSL-standalone'
+- 'PSF-2.0'
 - 'PostgreSQL'
 - 'Python-2.0'
+- 'Python-2.0.1'
+- 'SSLeay-standalone'
+- 'UPL-1.0'
 - 'X11'
 - 'Zlib'
+# Google's patent licence for Go
+- 'LicenseRef-scancode-google-patent-license-golang'
 
 allow-dependencies-licenses:
 # this action is GPL-3 but it is only used in CI