chore(deps): bulk bring dependencies to latest

.github/workflows/ci.yml

@@ -70,7 +70,7 @@ jobs:
       - name: license allowlist
         run: >
           pnpm exec license-checker-rseidelsohn
-          --onlyAllow 'Apache-2.0;MIT;BSD-2-Clause;BSD-3-Clause;ISC;CC0-1.0'
+          --onlyAllow 'Apache-2.0;MIT;BSD-2-Clause;BSD-3-Clause;ISC;CC0-1.0;BlueOak-1.0.0;0BSD'
           --excludePrivatePackages
           --production
 

CONTRIBUTING.md

@@ -6,7 +6,7 @@ OpenCodeHub is a clean-room implementation. Do not copy code from any
 PolyForm, BSL, Commons Clause, GPL, or AGPL source.
 
 CI enforces:
-- Apache-2.0 / MIT / BSD / ISC / CC0 license allowlist on all transitive deps
+- Permissive-license allowlist (Apache-2.0 / MIT / BSD / ISC / CC0 / BlueOak / 0BSD) on all transitive deps
 - Banned-strings grep over all tracked source (see `scripts/check-banned-strings.sh`)
 - `osv-scanner` vulnerability scan on the lockfile
 

SECURITY.md

@@ -16,7 +16,8 @@ fix or mitigation within 30 days for high/critical issues.
   `pnpm install --frozen-lockfile`.
 - `osv-scanner` runs on every PR via the reusable Google workflow.
 - `license-checker-rseidelsohn` enforces an OSI-approved license
-  allowlist (Apache-2.0, MIT, BSD-2-Clause, BSD-3-Clause, ISC, CC0-1.0).
+  allowlist (Apache-2.0, MIT, BSD-2-Clause, BSD-3-Clause, ISC, CC0-1.0,
+  BlueOak-1.0.0, 0BSD).
 - CodeQL (JavaScript/TypeScript + Python) runs on every PR and on a
   weekly schedule.
 - OpenSSF Scorecard runs on branch-protection changes and weekly.