Recent dependabot go bumps that update golang.org/* pkgs appear to introduce a new LicenseRef-scancode-google-patent-license-golang license which isn't currently allowed in the dependency review action, thus failing CI.
Do we want to add this license to the allow-licenses list?
Meanwhile, I'm not sure what to do about the sig.k8s.io/json license reporting as Null - which also fails CI - though I suspect it would be ameliorated by kubernetes-sigs/json#26.