Contact information is available on PyPI.

The following are not considered vulnerabilities in pathspec:

• ReDoS / regular expression complexity: pathspec is a pattern-matching library, not a sandboxed input parser. The regex complexity is proportional to that of the pattern. Applications that expose pattern input to untrusted users are responsible for sanitizing that input.

• Any actual vulnerabilities discovered in Python's re module, hyperscan, or google-re2 should be reported to the maintainers of those libraries.