I'm fixing a bug or typo

• if this is your first time contributing, run npm run add-contributor and follow the prompts to add yourself to the README
• squash merge the PR with commit message "fix: [Description of fix]"
  Steps to reproduce
  Hello,

I am writing to report a potential Regular Expression Denial of Service (ReDoS) vulnerability or Inefficient Regular Expression in the project. When using specially crafted input strings in the context, it may lead to extremely high CPU usage, application freezing, or denial of service attacks.

Location of Issue:

The vulnerability is related to a regular expression used in the following validation file, which may result in significantly prolonged execution times under certain conditions.

1.git clone https://github.com/mmmsssttt404/isomorphic-git.git
2.npm install
3.npx jest __tests__/test-GitRefSpec.js 
4.npx jest __tests__/test-GitRefSpecSet.js 

use time:

Benchmarks show clear quadratic growth with input size, not linear. Even at ~100k chars, runtime reaches several seconds. ReDoS does not require exponential blowup — Polynomial behavior is already recognized as exploitable

Proposed Solution:
Change the regular expression to

Thank you for your attention to this matter. Your evaluation and response to this potential security concern would be greatly appreciated.

Best regards,

Search keywords: ReDoS