fix(brotli) remove re2 dependency

[yigaldviri]

Use a fixed version of re2 to maintain support for Node14 (now need 14.21.3)

Checklist

• [V] I have ensured my pull request is not behind the main or master branch of the original repository.
• [V] I have rebased all commits where necessary so that reviewing this pull request can be done without having to merge it first.
• [V] I have written a commit message that passes commitlint linting.
• [V] I have ensured that my code changes pass linting tests.
• [V] I have ensured that my code changes pass unit tests.
• [V] I have described my pull request and the reasons for code changes along with context if necessary.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher

🚮 Removed packages: npm/re2@1.21.3

View full report↗︎

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report↗︎

[yigaldviri]

Hi @titanism - can we merge it? It will help to keep support for Node 14 as well

[titanism]

It looks like this causes problems on some architectures, so we may need to look at an alternative.

#1814

At a glance, it seems like the regular expressions here are actually safe:

superagent/src/utils.js

Lines 121 to 139 in 134cdd7

	/**
	* Check if the response is compressed using Gzip or Deflate.
	* @param {Object} res
	* @return {Boolean}
	*/
	exports.isGzipOrDeflateEncoding = (res) => {
	return new SafeRegExp(/^\s*(?:deflate|gzip)\s*$/).test(res.headers['content-encoding']);
	};
	/**
	* Check if the response is compressed using Brotli.
	* @param {Object} res
	* @return {Boolean}
	*/
	exports.isBrotliEncoding = (res) => {
	return new SafeRegExp(/^\s*(?:br)\s*$/).test(res.headers['content-encoding']);
	};

> require('safe-regex2')(/^\s*(?:deflate|gzip)\s*$/)
true
> require('safe-regex2')(/^\s*(?:br)\s*$/)
true

So we may not need RE2 after all. Though this might need tested.

[yigaldviri]

@titanism - I removed re2. we have unit tests around that area

[titanism]

superagent v10.0.1 is released (we removed re2 dependency)

https://github.com/ladjs/superagent/releases/tag/v10.0.1