Merge pull request #7 from Boyeep/chore/relax-dependency-review-policy

Relax dependency review policy

Author: Boyeep

.github/dependency-review-config.yml

@@ -1,23 +1,7 @@
 # Keep the initial policy focused on risky dependency changes first.
-# This allowlist is intentionally based on the licenses already present in the
-# current dependency tree so normal updates do not become noisy immediately.
+# Avoid a strict license allowlist here because it tends to make normal
+# Dependabot updates noisy across ecosystems and workflow dependencies.
 fail-on-severity: high
 fail-on-scopes:
   - runtime
-  - unknown
 license-check: true
-allow-licenses:
-  - Apache-2.0
-  - Apache-2.0 AND LGPL-3.0-or-later
-  - Apache-2.0 OR BSD-2-Clause
-  - BSD-2-Clause
-  - BSD-3-Clause
-  - BlueOak-1.0.0
-  - CC-BY-4.0
-  - CC0-1.0
-  - ISC
-  - MIT
-  - MPL-2.0
-  - PSF-2.0
-  - Python-2.0
-  - 0BSD

.github/workflows/dependency-review.yml

@@ -5,7 +5,6 @@ on:
 
 permissions:
   contents: read
-  pull-requests: write
 
 jobs:
   dependency-review: