Consider updating http_parser or replacing it with llhttp

[atheriel]

This library is old, stable, and reliable, but recent releases include some security-related fixes. I know that httpuv-based applications are not usually exposed directly to the internet without a better-behaving proxy in front of them, but I think it's still worth updating on safety grounds. There is also one serious out-of-tree security fix in Node (as of December) that is not yet part of http_parser itself.

More generally: http_parser was declared officially unmaintained in October. Node has moved to llhttp, which apparently has a nearly identical API and is significantly faster. httpuv should consider moving to that project instead.

[Diniodoc]

Hi that is a good point, u should not use unmaintained projects in productive projects. Are there already efforts to replace the http_parser with llhttp?