The point is valid, but parsing a template is kind of the point.

We could explore a safer regex, but given that the only code that would be vulnerable to it is the code that calls it, I think the issue should be resolved there.

Tracking issue for:

• https://github.com/tsmarsh/gridql/security/code-scanning/8

This could be an issue but only if the consuming application shoots itself in the foot. Hopefully, that would be caught by there testing.