Describe the bug
Fluentd depends on http_parser.rb but it's not maintained and not released new version since December 11, 2013.
In this gem, vulnerability is often detected mistakenly by several security tools because it includes a garbage Gemfile.lock. e.g.) #3409 #3374
I'm troublesome to support such issue, so that I've gotten ownership of http_parser.rb and I'll release a new gem which fixes this issue. Although such false positive will be suppressed by it, we should consider replacing http_parser.rb with other equivalents such as llhttp because dependent http-parser is already dead too.
To Reproduce
See https://github.com/nodejs/http-parser
http-parser is not actively maintained. New projects and projects looking to migrate should consider llhttp.
Expected behavior
Dependent libraries should be well maintained.
Your Environment
N/A
Your Configuration
N/A
Your Error Log
N/A
Additional context
N/A
Describe the bug
Fluentd depends on http_parser.rb but it's not maintained and not released new version since December 11, 2013.
In this gem, vulnerability is often detected mistakenly by several security tools because it includes a garbage Gemfile.lock. e.g.) #3409 #3374
I'm troublesome to support such issue, so that I've gotten ownership of http_parser.rb and I'll release a new gem which fixes this issue. Although such false positive will be suppressed by it, we should consider replacing http_parser.rb with other equivalents such as llhttp because dependent http-parser is already dead too.
To Reproduce
See https://github.com/nodejs/http-parser
Expected behavior
Dependent libraries should be well maintained.
Your Environment
N/A
Your Configuration
N/A
Your Error Log
N/A
Additional context
N/A