[RFC] "http-types" breakage / additions / rework

@jaror no, this only takes care of vulnerabilities in http-types, not downstream libraries.

Here’s an example:

1. x-1.0 depends on http-types < 1.0.
2. http-types-1.0 is released, breaking API.
3. x-2.0 is released, requiring http-types >= 1.0.
4. A vulnerability is discovered in x, a fix is made, x-2.1 released.

If you depend on x and want to update to 2.1 that fixes the vulnerability, all your other dependencies need to work with http-types >= 1.0.

You’d need to convince the author of an affected downstream library to maintain two versions, one that depends on http-types < 1.0 and one that depends on http-types >= 1.0.