From 1840a7ca3a835a48626913228ac6495589f7636d Mon Sep 17 00:00:00 2001
From: emmanuelgjr <emmanuelgjr@users.noreply.github.com>
Date: Sun, 14 Jun 2026 13:42:35 -0400
Subject: [PATCH] Fix Dependency Review: drop deny-licenses (mutually exclusive
 with allow-licenses)

actions/dependency-review-action rejects specifying both allow-licenses and
deny-licenses ('You cannot specify both...'), so the check errored on every PR.
Keeping the allow-licenses allowlist preserves the policy: anything not listed
(incl. all GPL/AGPL/LGPL/SSPL variants the denylist named) is blocked by default.
---
 .github/workflows/dependency-review.yml | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index aef3328..43fe274 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -56,16 +56,6 @@
               CC-BY-4.0,
               CC0-1.0,
               Unlicense
-            deny-licenses: >-
-              AGPL-1.0-only,
-              AGPL-1.0-or-later,
-              AGPL-3.0-only,
-              AGPL-3.0-or-later,
-              GPL-2.0-only,
-              GPL-3.0-only,
-              LGPL-2.0-only,
-              LGPL-3.0-only,
-              SSPL-1.0
             # Block dependencies with active GitHub Security Advisories
             # in the npm/PyPI/Maven/etc. ecosystems regardless of severity.
             vulnerability-check: true