feature request: add CVE support for dependencies. E.g: show info + add actions

[saecki]

Discussed in #140

^{Originally posted by gacallea July 6, 2024}
Hi :)

I am learning Rust and getting familiar with AppSec/DevSec/OWASP/Supply chain/etc... concerning security.

It would be awesome if this plugin could fetch CVE data pertaining specific dependencies (and their dependencies if that affects them) and show the CVE number and add actions (like link or something) the same way you already do for crates with the cool menu.

I suppose this is a very recursive and kinda heavy task, but it's just a thought :)

Cheers!

[ethanuppal]

I think a general cargo-deny integration would be good, since it allows the user to use a standard way to configure dependency lints (including CVEs) and running cargo deny check handles most of the logic (e.g. CVE checking) for you