websocket-extensions is vulnerable to regular expression denial of service (ReDoS). A regex backtracking is introduced due to the way the parser processes the Sec-WebSocket-Extensions
header, using up quadratic time in a single-threaded server when an unclosed string parameter with repeating two-byte sequence of a backslash and some other character are included in the Sec-WebSocket-Extensions header.