* Extend dependency status box to report more issues
- replace render_dev_dependency_box
with an extended render_dependency_box
- reports insecure dev dependencies,
outdated main dependencies,
and outdated dev dependencies
- handle pluralization in dependency count message
- change methods in AnalyzeDependenciesOutcome
- add count_outdated
- remove any_dev_issues
- remove AnalyzedDependencies::any_dev_issues
* Format status.rs
* Simplify AnalyzeDependenciesOutcome method impls
- match ergonomics lint
* Use bullet point list
* Tweak dependency box again
- only use list items if there is more than one dependency kind
* Fix outdated dependency count
- `count_outdated` already counts only main dependencies
* Tweak dependency box to no longer assume non-zero issues
- check for when all dependency component counts are zero,
render nothing
- always call `render_dependency_box` if it finds no security issues
Co-authored-by: Cecile Tonglet <cecile.tonglet@cecton.com>
* Add methods to check always insecure dependencies
Unlike checks for `_insecure`,
`always_insecure_ only accounts for
vulnerabilities not patched in the latest version in the range
* Update status renders to show "maybe insecure"
- show always insecure dependencies as insecure,
and remaining ones as "possibly insecure"
- show warning sign on all dependencies with possible vulnerability
- tweak security banner in case
all insecure dependencies are "possibly insecure"
* Update badge renderer to show "maybe insecure"
- only show the red "inscure"
if >=1 dependency is always insecure
- show "possibly insecure" if all are up to date but might be vulnerable
* Update status renderer
- more complete counts per project
* Format code
* Extend banner to explain what "maybe insecure" means
