remove ossaudit

[seanieb]

Proposed changes

ossaudit has lots of flase positives. And there's better ways to address security for depenencies within github.

Types of changes

What types of changes does your code introduce?

• [x ] Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code.

• [x ] I have read the guidelines for contributing
• [x ] All unit tests pass on my local version with my changes
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

Further comments

If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc...

[ziirish]

Hello,

Thanks for your PR! I was about to remove ossaudit as well priori making a new release (in order to make sure all our tests are running as expected) but I'm open to any replacement suggestion 🙏

[seanieb]

The project already has Github Security Advisories, but enabling Githubs Dependabot opens up a pull request each time there's a dependency update. This pull requests have the change notes or a link too them, so it's easy to keep an eye on any that are relevant to this project. It the squashes any future updates into that PR.

For the wider security of the project we also use a static analysis like Semgrep, it's easy to setup and there's lot of existing Semgrep rules that we could just apply. But that can wait for separate PR.

[HenriBlacksmith]

Does this one need more approvals to be merged?

[seanieb]

I'm unable to merge it, black formatting seems to be failing too @ziirish