Comment 2 for bug 2030482

Apparently, some of those high-level vendored dependencies went through a MIR+security process already, as part of the rustc MIR (LP: #1957932):

$ for dep in anyhow byteorder cfg-if clap curl libc log openssl serde serde_yaml thiserror zerocopy; do grep Vendor /var/lib/apt/lists/*_main_source_Sources | egrep -q "$dep" && echo "FOUND $dep" || echo "MISSING $dep"; done;
FOUND anyhow
MISSING byteorder
FOUND cfg-if
FOUND clap
MISSING curl
FOUND libc
FOUND log
MISSING openssl
FOUND serde
MISSING serde_yaml
FOUND thiserror
MISSING zerocopy