Fix: CodeQL ReDoS vulnerability in ULMFiT replace_url

[chanitnan0jr]

Description:

This PR addresses a critical Security Vulnerability (Regular Expression Denial of Service - ReDoS) flagged by CodeQL in pythainlp/ulmfit/preprocess.py.

The Issue:

The URL_PATTERN contained a nested greedy quantifier (?:[^\s()<>{}\[\]]+)+. When processing an invalid URL suffix containing repetitive non-space/non-bracket characters (e.g., !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!), the regex engine suffers from catastrophic exponential backtracking (O(2N)), leading to CPU exhaustion and potential DoS.

The Fix:

Removed the inner greedy quantifier +, simplifying the pattern to (?:[^\s()<>{}\[\]])+. This forces the regex engine to evaluate the string in linear time (O(N)), enabling it to fail-fast without altering the intended URL matching logic.

[sonarqubecloud]

Quality Gate failed

Failed conditions
D Maintainability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

[chanitnan0jr]

@sonarqubecloud The complexity issue flagged here is due to the exhaustive list of TLDs (.com|.net|.org|...) inherent to the original ULMFiT URL_PATTERN (ported from fastai).
Since this PR only aims to fix the ReDoS vulnerability by removing a nested quantifier (without altering the core matching logic), refactoring this entire pattern to satisfy the complexity rule would change the expected upstream behavior.

[coveralls]

coverage: 66.633%. remained the same
when pulling ac08838 on chanitnan0jr:fix-ulmfit-redos
into 3152a36 on PyThaiNLP:dev.