Followed up immediately with "Are all parts of Angular affected?" The charitable interpretation is that he is asking "is there a safe subset of Angular that we can use instead of a blanket ban?".
Yeah that's a fair (and more charitable) way to read that. But it's also not that clear. He spends a lot of time worrying about how much time they've spent on their extension.
Why no "woah, our other angular apps could be affected, is there any safe subset of angular 1?"
There aren't many products where security matters THAT much. I'd hope that the people working on password managers have a total security first mindset.
If you're the engineer in question (since your comment history suggests you work at Bitwarden), you should explicitly state that and explain that ignoring any vulnerability was not the intent of your comment.
It's good you updated the Github comment, but you should also consider explicitly stating your affiliation when relevant when commenting on Hacker News in the future.
If you had done in this case, it would have immediately cleared up encoderer's questions about your Github comment.
It's not doing much for your reputation (or that of your employer) that you still haven't clarified whether you are the engineer or not - even after deliberately referring to yourself in the third person and being called out for it.