security: replace ReDoS-vulnerable regex with safe string parsing

- Replace regex `/\([^)]*\)/` with indexOf/substring approach
- Prevents potential ReDoS attacks with nested parentheses
- Improves performance and readability
- Add comprehensive edge case tests for malformed scope inputs

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: vaind

danger/dangerfile-utils.js

@@ -43,7 +43,8 @@ function getFlavorConfig(prFlavor) {
   const normalizedFlavor = prFlavor.toLowerCase().trim();
 
   // Strip scope/context from conventional commit format: "type(scope)" -> "type"
-  const baseType = normalizedFlavor.replace(/\([^)]*\)/, '');
+  const parenIndex = normalizedFlavor.indexOf('(');
+  const baseType = parenIndex !== -1 ? normalizedFlavor.substring(0, parenIndex) : normalizedFlavor;
 
   const config = FLAVOR_CONFIG.find(config =>
     config.labels.includes(normalizedFlavor) || config.labels.includes(baseType)

danger/dangerfile-utils.test.js

@@ -89,6 +89,16 @@ describe('dangerfile-utils', () => {
 
       const scopedChore = getFlavorConfig('chore(deps)');
       assert.strictEqual(scopedChore.changelog, undefined);
+
+      // Test edge cases for scope stripping
+      const nestedParens = getFlavorConfig('feat(scope(nested))');
+      assert.strictEqual(nestedParens.changelog, 'Features'); // Should strip at first (
+
+      const noCloseParen = getFlavorConfig('feat(scope');
+      assert.strictEqual(noCloseParen.changelog, 'Features'); // Should still work
+
+      const multipleParens = getFlavorConfig('feat(scope1)(scope2)');
+      assert.strictEqual(multipleParens.changelog, 'Features'); // Should strip at first (
     });
   });