From 1d451a6e7b485f4565eb48f6dbdb188ba896c37f Mon Sep 17 00:00:00 2001
From: Sindre Sorhus <sindresorhus@gmail.com>
Date: Wed, 8 Jun 2022 17:02:13 +0700
Subject: [PATCH] Add readme note

---
 readme.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index b420843..cf5c151 100644
--- a/readme.md
+++ b/readme.md
@@ -28,7 +28,9 @@ semverRegex().exec('unicorn 1.0.0 rainbow')[0];
 
 ## Important
 
-If you run the regex against untrusted user input, it's recommended to truncate the string to a sensible length (for example, 100). And if you use this in a server context, you should also [give it a timeout](https://github.com/sindresorhus/super-regex).
+If you run the regex against untrusted user input, it's recommended to truncate the string to a sensible length (for example, 50). And if you use this in a server context, you should also [give it a timeout](https://github.com/sindresorhus/super-regex).
+
+**I do not consider ReDoS a valid vulnerability for this package. It's simply not possible to make it fully ReDoS safe. It's up to the user to set a timeout for the regex if they accept untrusted user input.** However, I'm happy to accept pull requests to improve the regex.
 
 ## Related