From 934fde16ecc6345c9ab2b59f56cd6f5086977333 Mon Sep 17 00:00:00 2001
From: Julio Jimenez <julio@clickhouse.com>
Date: Mon, 28 Jul 2025 20:20:08 -0400
Subject: [PATCH 1/7] Sanitize Patterns, Licenses 2025-07-29

Signed-off-by: Julio Jimenez <julio@clickhouse.com>
---
 lib/sanitize.sh       | 48 +++++++++++++++++++++++++++++++++++-------
 license-mappings.json |  1 +
 test/simple.bats      | 49 +++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 90 insertions(+), 8 deletions(-)

diff --git a/lib/sanitize.sh b/lib/sanitize.sh
index f367216..8a43ca6 100644
--- a/lib/sanitize.sh
+++ b/lib/sanitize.sh
@@ -176,6 +176,38 @@ sanitize_database_name() {
     echo "$sanitized"
 }
 
+# Sanitize comma-separated patterns (for include/exclude)
+sanitize_patterns() {
+    local patterns="$1"
+    
+    if [[ -z "$patterns" ]]; then
+        echo ""
+        return
+    fi
+    
+    # Split by comma and sanitize each pattern
+    local sanitized_patterns=()
+    IFS=',' read -ra pattern_array <<< "$patterns"
+    
+    for pattern in "${pattern_array[@]}"; do
+        # Trim whitespace
+        pattern=$(echo "$pattern" | xargs)
+        
+        # Remove dangerous characters but keep wildcards
+        local sanitized_pattern
+        sanitized_pattern=$(echo "$pattern" | sed 's/[^a-zA-Z0-9.*_-]//g')
+        
+        if [[ -n "$sanitized_pattern" ]]; then
+            sanitized_patterns+=("$sanitized_pattern")
+        fi
+    done
+    
+    # Join back with commas
+    local result
+    result=$(IFS=','; echo "${sanitized_patterns[*]}")
+    echo "$result"
+}
+
 # Main sanitization function - sanitizes all environment variables
 sanitize_inputs() {
     log_debug "Sanitizing input parameters..."
@@ -347,15 +379,15 @@ sanitize_inputs() {
     #     log_debug "Validated MERGE: $MERGE"
     # fi
     
-    # if [[ -n "${INCLUDE:-}" ]]; then
-    #     INCLUDE=$(sanitize_patterns "$INCLUDE")
-    #     log_debug "Sanitized INCLUDE: $INCLUDE"
-    # fi
+    if [[ -n "${INCLUDE:-}" ]]; then
+        INCLUDE=$(sanitize_patterns "$INCLUDE")
+        log_debug "Sanitized INCLUDE: $INCLUDE"
+    fi
     
-    # if [[ -n "${EXCLUDE:-}" ]]; then
-    #     EXCLUDE=$(sanitize_patterns "$EXCLUDE")
-    #     log_debug "Sanitized EXCLUDE: $EXCLUDE"
-    # fi
+    if [[ -n "${EXCLUDE:-}" ]]; then
+        EXCLUDE=$(sanitize_patterns "$EXCLUDE")
+        log_debug "Sanitized EXCLUDE: $EXCLUDE"
+    fi
     
     # Sanitize tokens (GitHub token, etc.) - just remove dangerous characters
     if [[ -n "${GITHUB_TOKEN:-}" ]]; then
diff --git a/license-mappings.json b/license-mappings.json
index 3d1b54f..32e9f4c 100644
--- a/license-mappings.json
+++ b/license-mappings.json
@@ -188,6 +188,7 @@
   "github.com/butuzov/mirror": "MIT",
   "github.com/bytedance/sonic": "Apache-2.0",
   "github.com/bytedance/sonic/loader": "Apache-2.0",
+  "github.com/c-bata/go-prompt": "MIT",
   "github.com/Azure/azure-amqp-common-go/v3": "MIT",
   "github.com/Azure/azure-pipeline-go": "MIT",
   "github.com/Azure/azure-sdk-for-go-extensions": "MIT",
diff --git a/test/simple.bats b/test/simple.bats
index 36cc886..242dcef 100644
--- a/test/simple.bats
+++ b/test/simple.bats
@@ -707,3 +707,52 @@ EOF
     [ "$status" -eq 0 ]
     [[ "$output" == "testdatabase" ]]
 }
+
+# Test 79: sanitize_patterns accepts valid patterns
+@test "sanitize_patterns accepts valid patterns" {
+    run sanitize_patterns "*.json,test*.txt,file.log"
+    [ "$status" -eq 0 ]
+    [[ "$output" == "*.json,test*.txt,file.log" ]]
+}
+
+# Test 80: sanitize_patterns trims whitespace
+@test "sanitize_patterns trims whitespace" {
+    run sanitize_patterns " *.json , test*.txt , file.log "
+    [ "$status" -eq 0 ]
+    [[ "$output" == "*.json,test*.txt,file.log" ]]
+}
+
+# Test 81: sanitize_patterns removes dangerous characters
+@test "sanitize_patterns removes dangerous characters" {
+    run sanitize_patterns "*.json,test\$bad.txt"
+    [ "$status" -eq 0 ]
+    [[ "$output" == "*.json,testbad.txt" ]]
+}
+
+# Test 82: sanitize_patterns preserves valid wildcards
+@test "sanitize_patterns preserves wildcards" {
+    run sanitize_patterns "*-prod.json,production-*.json"
+    [ "$status" -eq 0 ]
+    [[ "$output" == "*-prod.json,production-*.json" ]]
+}
+
+# Test 83: sanitize_patterns handles empty input
+@test "sanitize_patterns handles empty input" {
+    run sanitize_patterns ""
+    [ "$status" -eq 0 ]
+    [[ "$output" == "" ]]
+}
+
+# Test 84: sanitize_patterns removes empty patterns
+@test "sanitize_patterns removes empty patterns" {
+    run sanitize_patterns "*.json,,test*.txt"
+    [ "$status" -eq 0 ]
+    [[ "$output" == "*.json,test*.txt" ]]
+}
+
+# Test 85: sanitize_patterns handles single pattern
+@test "sanitize_patterns handles single pattern" {
+    run sanitize_patterns "*.json"
+    [ "$status" -eq 0 ]
+    [[ "$output" == "*.json" ]]
+}
\ No newline at end of file

From 152dc7e2c7c734955d4e53e7cd5be85858f5a259 Mon Sep 17 00:00:00 2001
From: Julio Jimenez <julio@clickhouse.com>
Date: Mon, 28 Jul 2025 20:30:34 -0400
Subject: [PATCH 2/7] Sanitize Patterns, Licenses 2025-07-29

Signed-off-by: Julio Jimenez <julio@clickhouse.com>
---
 README.md        | 18 +++++++++---------
 lib/sanitize.sh  |  6 ++++++
 test/simple.bats |  7 +++++++
 3 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 8bb4d5c..fee313e 100644
--- a/README.md
+++ b/README.md
@@ -137,7 +137,7 @@ jobs:
           aws-region: us-east-1
 
       - name: Upload SBOM
-        uses: ClickHouse/ClickBom@v1.0.5
+        uses: ClickHouse/ClickBom@v1.0.6
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           aws-access-key-id: ${{ steps.aws-creds.outputs.aws-access-key-id }}
@@ -180,7 +180,7 @@ jobs:
           aws-region: us-east-1
 
       - name: Upload SBOM
-        uses: ClickHouse/ClickBom@v1.0.5
+        uses: ClickHouse/ClickBom@v1.0.6
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           aws-access-key-id: ${{ steps.aws-creds.outputs.aws-access-key-id }}
@@ -234,7 +234,7 @@ jobs:
           aws-region: us-east-1
 
       - name: Upload SBOM
-        uses: ClickHouse/ClickBom@v1.0.5
+        uses: ClickHouse/ClickBom@v1.0.6
         with:
           github-token: ${{ steps.generate-token.outputs.token }}
           aws-access-key-id: ${{ steps.aws-creds.outputs.aws-access-key-id }}
@@ -299,7 +299,7 @@ jobs:
           aws-region: us-east-1
 
       - name: Upload SBOM
-        uses: ClickHouse/ClickBom@v1.0.5
+        uses: ClickHouse/ClickBom@v1.0.6
         with:
           github-token: ${{ steps.generate-token.outputs.token }}
           aws-access-key-id: ${{ steps.aws-creds.outputs.aws-access-key-id }}
@@ -363,7 +363,7 @@ jobs:
           aws-region: us-east-1
 
       - name: Upload SBOM
-        uses: ClickHouse/ClickBom@v1.0.5
+        uses: ClickHouse/ClickBom@v1.0.6
         with:
           github-token: ${{ steps.generate-token.outputs.token }}
           aws-access-key-id: ${{ steps.aws-creds.outputs.aws-access-key-id }}
@@ -405,7 +405,7 @@ jobs:
           aws-region: us-east-1
 
       - name: Upload SBOM
-        uses: ClickHouse/ClickBom@v1.0.5
+        uses: ClickHouse/ClickBom@v1.0.6
         with:
           github-token: ${{ steps.generate-token.outputs.token }}
           aws-access-key-id: ${{ steps.aws-creds.outputs.aws-access-key-id }}
@@ -459,7 +459,7 @@ jobs:
           aws-region: us-east-1
 
       - name: Merge Production SBOMs Only
-        uses: ClickHouse/ClickBom@v1.0.5
+        uses: ClickHouse/ClickBom@v1.0.6
         with:
           github-token: ${{ steps.generate-token.outputs.token }}
           aws-access-key-id: ${{ steps.aws-creds.outputs.aws-access-key-id }}
@@ -514,7 +514,7 @@ jobs:
           aws-region: us-east-1
 
       - name: Upload SBOM from Mend
-        uses: ClickHouse/ClickBom@v1.0.5
+        uses: ClickHouse/ClickBom@v1.0.6
         with:
           aws-access-key-id: ${{ steps.aws-creds.outputs.aws-access-key-id }}
           aws-secret-access-key: ${{ steps.aws-creds.outputs.aws-secret-access-key }}
@@ -565,7 +565,7 @@ jobs:
           aws-region: us-east-1
 
       - name: Upload SBOM from Wiz
-        uses: ClickHouse/ClickBom@v1.0.5
+        uses: ClickHouse/ClickBom@v1.0.6
         with:
           aws-access-key-id: ${{ steps.aws-creds.outputs.aws-access-key-id }}
           aws-secret-access-key: ${{ steps.aws-creds.outputs.aws-secret-access-key }}
diff --git a/lib/sanitize.sh b/lib/sanitize.sh
index 8a43ca6..3d9d7bd 100644
--- a/lib/sanitize.sh
+++ b/lib/sanitize.sh
@@ -196,6 +196,12 @@ sanitize_patterns() {
         # Remove dangerous characters but keep wildcards
         local sanitized_pattern
         sanitized_pattern=$(echo "$pattern" | sed 's/[^a-zA-Z0-9.*_-]//g')
+
+        # Prevent directory traversal patterns
+        if [[ "$sanitized_pattern" =~ (\.\./|^\./) ]]; then
+            log_error "Invalid pattern: $pattern contains directory traversal sequences"
+            exit 1
+        fi
         
         if [[ -n "$sanitized_pattern" ]]; then
             sanitized_patterns+=("$sanitized_pattern")
diff --git a/test/simple.bats b/test/simple.bats
index 242dcef..8c7b83f 100644
--- a/test/simple.bats
+++ b/test/simple.bats
@@ -755,4 +755,11 @@ EOF
     run sanitize_patterns "*.json"
     [ "$status" -eq 0 ]
     [[ "$output" == "*.json" ]]
+}
+
+# Test 86: sanitize_patterns rejects patterns with directory traversal
+@test "sanitize_patterns rejects patterns with directory traversal" {
+    run sanitize_patterns "../test.json,./test.txt"
+    [ "$status" -eq 1 ]
+    [[ "$output" =~ Invalid pattern: ../test.json contains directory traversal sequences ]]
 }
\ No newline at end of file

From c29d5474cf189ddc290e2d814378482a57775978 Mon Sep 17 00:00:00 2001
From: Julio Jimenez <julio@clickhouse.com>
Date: Mon, 28 Jul 2025 20:33:05 -0400
Subject: [PATCH 3/7] Sanitize Patterns, Licenses 2025-07-29

Signed-off-by: Julio Jimenez <julio@clickhouse.com>
---
 test/simple.bats | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/simple.bats b/test/simple.bats
index 8c7b83f..3cf8f96 100644
--- a/test/simple.bats
+++ b/test/simple.bats
@@ -761,5 +761,5 @@ EOF
 @test "sanitize_patterns rejects patterns with directory traversal" {
     run sanitize_patterns "../test.json,./test.txt"
     [ "$status" -eq 1 ]
-    [[ "$output" =~ Invalid pattern: ../test.json contains directory traversal sequences ]]
+    [[ "$output" =~ Invalid\ pattern\:\ \.\.\/test\.json\ contains\ directory\ traversal\ sequences ]]
 }
\ No newline at end of file

From 42961e3584f1faf7ac51aa1267ca21ebf22476ab Mon Sep 17 00:00:00 2001
From: Julio Jimenez <julio@clickhouse.com>
Date: Mon, 28 Jul 2025 20:34:19 -0400
Subject: [PATCH 4/7] Sanitize Patterns, Licenses 2025-07-29

Signed-off-by: Julio Jimenez <julio@clickhouse.com>
---
 test/simple.bats | 1 +
 1 file changed, 1 insertion(+)

diff --git a/test/simple.bats b/test/simple.bats
index 3cf8f96..0faa4c3 100644
--- a/test/simple.bats
+++ b/test/simple.bats
@@ -760,6 +760,7 @@ EOF
 # Test 86: sanitize_patterns rejects patterns with directory traversal
 @test "sanitize_patterns rejects patterns with directory traversal" {
     run sanitize_patterns "../test.json,./test.txt"
+    echo "$output"
     [ "$status" -eq 1 ]
     [[ "$output" =~ Invalid\ pattern\:\ \.\.\/test\.json\ contains\ directory\ traversal\ sequences ]]
 }
\ No newline at end of file

From 2b30571e31d86726fee10012115d7a209d464017 Mon Sep 17 00:00:00 2001
From: Julio Jimenez <julio@clickhouse.com>
Date: Mon, 28 Jul 2025 20:38:45 -0400
Subject: [PATCH 5/7] Sanitize Patterns, Licenses 2025-07-29

Signed-off-by: Julio Jimenez <julio@clickhouse.com>
---
 lib/sanitize.sh       | 6 ------
 license-mappings.json | 1 +
 test/simple.bats      | 8 --------
 3 files changed, 1 insertion(+), 14 deletions(-)

diff --git a/lib/sanitize.sh b/lib/sanitize.sh
index 3d9d7bd..8a43ca6 100644
--- a/lib/sanitize.sh
+++ b/lib/sanitize.sh
@@ -196,12 +196,6 @@ sanitize_patterns() {
         # Remove dangerous characters but keep wildcards
         local sanitized_pattern
         sanitized_pattern=$(echo "$pattern" | sed 's/[^a-zA-Z0-9.*_-]//g')
-
-        # Prevent directory traversal patterns
-        if [[ "$sanitized_pattern" =~ (\.\./|^\./) ]]; then
-            log_error "Invalid pattern: $pattern contains directory traversal sequences"
-            exit 1
-        fi
         
         if [[ -n "$sanitized_pattern" ]]; then
             sanitized_patterns+=("$sanitized_pattern")
diff --git a/license-mappings.json b/license-mappings.json
index 32e9f4c..96e2653 100644
--- a/license-mappings.json
+++ b/license-mappings.json
@@ -189,6 +189,7 @@
   "github.com/bytedance/sonic": "Apache-2.0",
   "github.com/bytedance/sonic/loader": "Apache-2.0",
   "github.com/c-bata/go-prompt": "MIT",
+  "github.com/cactus/go-statsd-client/statsd": "MIT",
   "github.com/Azure/azure-amqp-common-go/v3": "MIT",
   "github.com/Azure/azure-pipeline-go": "MIT",
   "github.com/Azure/azure-sdk-for-go-extensions": "MIT",
diff --git a/test/simple.bats b/test/simple.bats
index 0faa4c3..bfff8fd 100644
--- a/test/simple.bats
+++ b/test/simple.bats
@@ -756,11 +756,3 @@ EOF
     [ "$status" -eq 0 ]
     [[ "$output" == "*.json" ]]
 }
-
-# Test 86: sanitize_patterns rejects patterns with directory traversal
-@test "sanitize_patterns rejects patterns with directory traversal" {
-    run sanitize_patterns "../test.json,./test.txt"
-    echo "$output"
-    [ "$status" -eq 1 ]
-    [[ "$output" =~ Invalid\ pattern\:\ \.\.\/test\.json\ contains\ directory\ traversal\ sequences ]]
-}
\ No newline at end of file

From 832b9d04dae303659c28495e511eb69cf47d7432 Mon Sep 17 00:00:00 2001
From: Julio Jimenez <julio@clickhouse.com>
Date: Mon, 28 Jul 2025 21:00:35 -0400
Subject: [PATCH 6/7] licenses

Signed-off-by: Julio Jimenez <julio@clickhouse.com>
---
 license-mappings.json | 86 ++++++++++++++++++++++++++++++++-----------
 1 file changed, 65 insertions(+), 21 deletions(-)

diff --git a/license-mappings.json b/license-mappings.json
index 96e2653..b573e63 100644
--- a/license-mappings.json
+++ b/license-mappings.json
@@ -166,6 +166,26 @@
   "github.com/aws/smithy-go": "Apache-2.0",
   "github.com/aymanbagabas/go-osc52/v2": "MIT",
   "github.com/aymerick/douceur": "MIT",
+  "github.com/Azure/azure-amqp-common-go/v3": "MIT",
+  "github.com/Azure/azure-pipeline-go": "MIT",
+  "github.com/Azure/azure-sdk-for-go-extensions": "MIT",
+  "github.com/Azure/azure-sdk-for-go/sdk/azcore": "MIT",
+  "github.com/Azure/azure-sdk-for-go/sdk/azidentity": "MIT",
+  "github.com/Azure/azure-sdk-for-go/sdk/containers/azcontainerregistry": "MIT",
+  "github.com/Azure/azure-sdk-for-go/sdk/internal": "MIT",
+  "github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus": "MIT",
+  "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v3": "MIT",
+  "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4": "MIT",
+  "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v6": "MIT",
+  "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi": "MIT",
+  "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5": "MIT",
+  "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph": "MIT",
+  "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources": "MIT",
+  "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob": "MIT",
+  "github.com/Azure/azure-storage-blob-go": "MIT",
+  "github.com/Azure/go-amqp": "MIT",
+  "github.com/Azure/go-ansiterm": "MIT",
+  "github.com/AzureAD/microsoft-authentication-library-for-go": "MIT",
   "github.com/bahlo/generic-list-go": "BSD-3-Clause",
   "github.com/baidubce/bce-sdk-go": "Apache-2.0",
   "github.com/bboreham/go-loser": "Apache-2.0",
@@ -184,42 +204,66 @@
   "github.com/briandowns/spinner": "Apache-2.0",
   "github.com/bufbuild/protocompile": "Apache-2.0",
   "github.com/buger/jsonparser": "MIT",
+  "github.com/BurntSushi/toml": "MIT",
   "github.com/butuzov/ireturn": "MIT",
   "github.com/butuzov/mirror": "MIT",
   "github.com/bytedance/sonic": "Apache-2.0",
   "github.com/bytedance/sonic/loader": "Apache-2.0",
   "github.com/c-bata/go-prompt": "MIT",
   "github.com/cactus/go-statsd-client/statsd": "MIT",
-  "github.com/Azure/azure-amqp-common-go/v3": "MIT",
-  "github.com/Azure/azure-pipeline-go": "MIT",
-  "github.com/Azure/azure-sdk-for-go-extensions": "MIT",
-  "github.com/Azure/azure-sdk-for-go/sdk/azcore": "MIT",
-  "github.com/Azure/azure-sdk-for-go/sdk/azidentity": "MIT",
-  "github.com/Azure/azure-sdk-for-go/sdk/containers/azcontainerregistry": "MIT",
-  "github.com/Azure/azure-sdk-for-go/sdk/internal": "MIT",
-  "github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus": "MIT",
-  "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v3": "MIT",
-  "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4": "MIT",
-  "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v6": "MIT",
-  "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi": "MIT",
-  "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5": "MIT",
-  "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph": "MIT",
-  "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources": "MIT",
-  "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob": "MIT",
-  "github.com/Azure/azure-storage-blob-go": "MIT",
-  "github.com/Azure/go-amqp": "MIT",
-  "github.com/Azure/go-ansiterm": "MIT",
-  "github.com/AzureAD/microsoft-authentication-library-for-go": "MIT",
-  "github.com/BurntSushi/toml": "MIT",
+  "github.com/cactus/go-statsd-client/v5": "MIT",
+  "github.com/casbin/casbin/v2": "Apache-2.0",
+  "github.com/casbin/govaluate": "MIT",
+  "github.com/catenacyber/perfsprint": "MIT",
+  "github.com/ccojocar/zxcvbn-go": "MIT",
   "github.com/cenkalti/backoff/v4": "MIT",
+  "github.com/cenkalti/backoff/v5": "MIT",
+  "github.com/census-instrumentation/opencensus-proto": "Apache-2.0",
+  "github.com/cert-manager/cert-manager": "Apache-2.0",
+  "github.com/cespare/xxhash/v2": "MIT",
+  "github.com/chai2010/gettext-go": "BSD-3-Clause",
+  "github.com/charithe/durationcheck": "Apache-2.0",
+  "github.com/charmbracelet/bubbles": "MIT",
+  "github.com/charmbracelet/bubbletea": "MIT",
+  "github.com/charmbracelet/colorprofile": "MIT",
+  "github.com/charmbracelet/glamour": "MIT",
+  "github.com/charmbracelet/lipgloss": "MIT",
+  "github.com/charmbracelet/x/ansi": "MIT",
+  "github.com/charmbracelet/x/cellbuff": "MIT",
+  "github.com/charmbracelet/x/exp/slice": "MIT",
+  "github.com/charmbracelet/x/term": "MIT",
+  "github.com/chavacava/garif": "MIT",
+  "github.com/chzyer/readline": "MIT",
+  "github.com/cihub/seelog": "BSD-3-Clause",
+  "github.com/cilium/cilium": "Apache-2.0",
+  "github.com/cilium/ebpf": "MIT",
+  "github.com/cilium/hive": "Apache-2.0",
+  "github.com/cilium/proxy": "Apache-2.0",
+  "github.com/ckaznocha/intrange": "MIT",
+  "github.com/clbanning/mxj": "BSD-3-Clause",
   "github.com/ClickHouse/ch-go": "Apache-2.0",
   "github.com/ClickHouse/clickhouse-go/v2": "Apache-2.0",
+  "github.com/cloudflare/circl": "BSD-3-Clause",
+  "github.com/cloudprober/cloudprober": "Apache-2.0",
+  "github.com/cloudwego/base64x": "Apache-2.0",
+  "github.com/cloudwego/iasm": "Apache-2.0",
+  "github.com/cncf/xds/go": "Apache-2.0",
+  "github.com/coder/quartz": "CC0-1.0",
+  "github.com/coder/websocket": "ISC",
+  "github.com/containerd/console": "Apache-2.0",
+  "github.com/containerd/containerd": "Apache-2.0",
   "github.com/containerd/errdefs": "Apache-2.0",
   "github.com/containerd/errdefs/pkg": "Apache-2.0",
   "github.com/containerd/log": "Apache-2.0",
   "github.com/containerd/platforms": "Apache-2.0",
+  "github.com/containerd/stargz-snapshotter/estargz": "Apache-2.0",
+  "github.com/coreos/go-oidc/v3": "Apache-2.0",
+  "github.com/coreos/go-systemd/v22": "Apache-2.0",
   "github.com/cpuguy83/dockercfg": "MIT",
+  "github.com/cpuguy83/go-md2man/v2": "MIT",
   "github.com/Crocmagnon/fatcontext": "MIT",
+  "github.com/curioswitch/go-reassign": "MIT",
+  "github.com/cyphar/filepath-securejoin": "BSD-3-Clause",
   "github.com/DATA-DOG/go-sqlmock": "BSD-3-Clause",
   "github.com/DataDog/appsec-internal-go": "Apache-2.0",
   "github.com/DataDog/datadog-agent/pkg/obfuscate": "Apache-2.0",

From ea05e3295ba77ada08d618d547ddfef470f0fb1f Mon Sep 17 00:00:00 2001
From: Julio Jimenez <julio@clickhouse.com>
Date: Mon, 28 Jul 2025 21:08:56 -0400
Subject: [PATCH 7/7] licenses

Signed-off-by: Julio Jimenez <julio@clickhouse.com>
---
 license-mappings.json | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/license-mappings.json b/license-mappings.json
index b573e63..a51efe4 100644
--- a/license-mappings.json
+++ b/license-mappings.json
@@ -264,6 +264,7 @@
   "github.com/Crocmagnon/fatcontext": "MIT",
   "github.com/curioswitch/go-reassign": "MIT",
   "github.com/cyphar/filepath-securejoin": "BSD-3-Clause",
+  "github.com/daixiang0/gci": "BSD-3-Clause",
   "github.com/DATA-DOG/go-sqlmock": "BSD-3-Clause",
   "github.com/DataDog/appsec-internal-go": "Apache-2.0",
   "github.com/DataDog/datadog-agent/pkg/obfuscate": "Apache-2.0",
@@ -283,11 +284,24 @@
   "github.com/DataDog/sketches-go": "Apache-2.0",
   "github.com/DataDog/zstd": "BSD-3-Clause",
   "github.com/davecgh/go-spew": "ISC",
+  "github.com/deckarep/golang-set/v2": "MIT",
+  "github.com/decred/dcrd/dcrec/secp256k1/v4": "ISC",
+  "github.com/denis-tingaikin/go-header": "GPL-3.0",
+  "github.com/denisenkom/go-mssqldb": "BSD-3-Clause",
+  "github.com/dennwc/varint": "MIT",
+  "github.com/dgryski/go-farm": "MIT",
+  "github.com/dgryski/go-rendezvous": "MIT",
   "github.com/distribution/reference": "Apache-2.0",
   "github.com/Djarvur/go-err113": "MIT",
+  "github.com/dlclark/regexp2": "MIT",
+  "github.com/docker/cli": "MIT",
+  "github.com/docker/distribution": "Apache-2.0",
   "github.com/docker/docker": "Apache-2.0",
+  "github.com/docker/docker-credential-helpers": "MIT",
   "github.com/docker/go-connections": "Apache-2.0",
+  "github.com/docker/go-metrics": "Apache-2.0",
   "github.com/docker/go-units": "Apache-2.0",
+  "github.com/dustin/go-humanize": "MIT",
   "github.com/ebitengine/purego": "Apache-2.0",
   "github.com/felixge/httpsnoop": "MIT",
   "github.com/GaijinEntertainment/go-exhaustruct/v3": "MIT",