Add regex security testing as part of the CI pipeline
DamonOehlman opened this issue · comments
Damon Oehlman commented
Obviously very keen to make sure that we keep an open approach to accepting PRs, but we have to be aware that detect-browser
is driven entirely by regexes running in the browser. Regexes are well known to have a significant risk factor around vulnerabilities so I think we need to some kind of testing as part of our CI pipeline.
I need to dig up an email around this where a friendly soul pointed me in the direction of some automated test tools...