This starts the process of removing our dependency on zcash/zcash for our cargo-vet audits. We import audits from there and other upstreams to bootstrap audits here; once this PR merges, we'll include this repo into our aggregated audit set, and then we can use audits here (for the MSRV-compatible dependencies pinned in this repo's Cargo.lock) to augment the audits done in our end binary repos (zcashd and the mobile SDKs, which use as close to stable Rust as we can).
The other orgs are all ones we already depend on for audits in zcash/zcash except for Fermyon, and their repo only introduces one additional audit (for oorandom 11.1.3).
This starts the process of removing our dependency on
zcash/zcash
for ourcargo-vet
audits. We import audits from there and other upstreams to bootstrap audits here; once this PR merges, we'll include this repo into our aggregated audit set, and then we can use audits here (for the MSRV-compatible dependencies pinned in this repo'sCargo.lock
) to augment the audits done in our end binary repos (zcashd
and the mobile SDKs, which use as close to stable Rust as we can).