fix: make sure that stripping backslashes for notification urls cannot cause catastophic backtracking (ReDOS)

[ShiyuBanzhou]

⚠️⚠️⚠️ Since we do not accept all types of pull requests and do not want to waste your time. Please be sure that you have read pull request rules:
https://github.com/louislam/uptime-kuma/blob/master/CONTRIBUTING.md#can-i-create-a-pull-request-for-uptime-kuma

Tick the checkbox if you understand [x]:

• I have read and understand the pull request rules.

Description

Fixes #5574
By modifying the regular expression matching rule to /(?<!/)/*$/, we prevent the matching process from starting with a slash. This change ensures that the matching can only start from the first slash and proceed toward the end. For each subsequent slash, the regular expression checks if the previous character is a slash; if so, it will not backtrack further.

.replace(/(?<!\/)\/*$/, "")

Type of change

Please delete any options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)

Checklist

• My code follows the style guidelines of this project
• I ran ESLint and other linters for modified files
• I have performed a self-review of my own code and tested it
• I have commented my code, particularly in hard-to-understand areas (including JSDoc for methods)
• My changes generates no new warnings
• My code needed automated testing. I have added them (this is optional task)

Screenshots (if any)

[ShiyuBanzhou]

/home/runner/work/uptime-kuma/uptime-kuma/server/notification-providers/pushdeer.js
Error: 15:53 error Unnecessary escape character: / no-useless-escape

/home/runner/work/uptime-kuma/uptime-kuma/server/notification-providers/whapi.js
Error: 27:93 error Unnecessary escape character: / no-useless-escape

[CommanderStorm]

Could you fix the linting issues?
We can merge afterwards.

[ShiyuBanzhou]

I have fixed the issue with the regularization term, please check it out

[ShiyuBanzhou]

Hello, sorry to bother you. I would like to ask if I want to apply for a CVE for this vulnerability, what should I do? Can I submit the vulnerability through the Security module in your warehouse? I submitted a document about this vulnerability not long ago. Application, but there has been no reply yet. I look forward to hearing from you. Thank you very much.

[CommanderStorm]

LGTM

Only @louislam can manage the security reports.
I have no access there.
But for this one (i.e. not https://github.com/louislam/uptime-kuma/security/advisories/GHSA-5rg9-2hjc-q924, as that turned out to not be a vulnerability), I think we can publish one.

[ShiyuBanzhou]

I will release a security vulnerability related to these two regularization terms. Could you please help me contact the author and ask them to pay attention as soon as possible? Thank you very much for your help

[ShiyuBanzhou]

this is the security url:GHSA-hx7h-9vf7-5xhg