From c65b807bbdf25b51f6d0de4922c1efeb8bd96872 Mon Sep 17 00:00:00 2001
From: Andrey Nering <andreynering@users.noreply.github.com>
Date: Mon, 23 Feb 2026 17:55:23 -0300
Subject: [PATCH] ci: allow `MIT-0` dependencies (#2297)

One of our indirect dependencies switched to "MIT-0". This is even more
permissive than MIT, so totally valid for us.

* https://github.com/segmentio/asm/pull/86

Check failure:

* https://github.com/charmbracelet/crush/pull/2290
* https://github.com/charmbracelet/crush/actions/runs/22323633569/job/64588201366?pr=2290

About the license:

* https://github.com/aws/mit-0
* https://opensource.org/license/mit-0
---
 .github/workflows/security.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 0ec626008218192017791edf82972bcae57b0a5f..3d488dfaf901404d00a29a6aa52a32ba01f360e3 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -89,4 +89,4 @@ jobs:
       - uses: actions/dependency-review-action@05fe4576374b728f0c523d6a13d64c25081e0803 # v4.8.3
         with:
           fail-on-severity: critical
-          allow-licenses: BSD-2-Clause, BSD-3-Clause, MIT, Apache-2.0, MPL-2.0, ISC, LicenseRef-scancode-google-patent-license-golang, Unlicense
+          allow-licenses: BSD-2-Clause, BSD-3-Clause, MIT, MIT-0, Apache-2.0, MPL-2.0, ISC, LicenseRef-scancode-google-patent-license-golang, Unlicense