Is this only triggerable when using setuptools itself to interact with a package index, or can it be triggered when using pip?
I could in theory be triggered using pip if:
pip builds a package from source
that package is built with setuptools
that package has build-time dependencies (setup_requires) that aren't already satisfied in the environment or by pip (either because build-requires isn't declared or the invocation has bypassed the pep 518 behavior to install them).
Additional environment information
The reported bug should be independent from env
This regex pattern is inefficient.
As described through PSRT channel, it may end in a DoS if an user is fetching malicious HTML from a package in PyPI or custom PackageIndex page.
Regex matches/not without hanging.
The following regex seems to be performing ok:
How to Reproduce
[ hangs forever ]
The text was updated successfully, but these errors were encountered: