Apparently, some of those high-level vendored dependencies went through a MIR+security process already, as part of the rustc MIR (LP: #1957932):
$ for dep in anyhow byteorder cfg-if clap curl libc log openssl serde serde_yaml thiserror zerocopy; do grep Vendor /var/lib/apt/lists/*_main_source_Sources | egrep -q "$dep" && echo "FOUND $dep" || echo "MISSING $dep"; done; FOUND anyhow MISSING byteorder FOUND cfg-if FOUND clap MISSING curl FOUND libc FOUND log MISSING openssl FOUND serde MISSING serde_yaml FOUND thiserror MISSING zerocopy
Apparently, some of those high-level vendored dependencies went through a MIR+security process already, as part of the rustc MIR (LP: #1957932):
$ for dep in anyhow byteorder cfg-if clap curl libc log openssl serde serde_yaml thiserror zerocopy; do grep Vendor /var/lib/ apt/lists/ *_main_ source_ Sources | egrep -q "$dep" && echo "FOUND $dep" || echo "MISSING $dep"; done;
FOUND anyhow
MISSING byteorder
FOUND cfg-if
FOUND clap
MISSING curl
FOUND libc
FOUND log
MISSING openssl
FOUND serde
MISSING serde_yaml
FOUND thiserror
MISSING zerocopy