Fix ZIP bomb threshold too low (#13967)

* Fix ZIP bomb threshold too low

See #13962

* Update legacy.py

Set threshold to 100x

* Update warehouse/forklift/legacy.py

---------

Co-authored-by: Ee Durbin <[email protected]>

Author: miohtama

warehouse/forklift/legacy.py

@@ -83,7 +83,13 @@
 PATH_HASHER = "blake2_256"
 
 COMPRESSION_RATIO_MIN_SIZE = 64 * ONE_MB
-COMPRESSION_RATIO_THRESHOLD = 10
+
+# If the zip file decompressed to 50x more space
+# than it is uncompressed, consider it a ZIP bomb.
+# Note that packages containing interface descriptions, JSON,
+# such resources can compress really well.
+# See discussion here: https://github.com/pypi/warehouse/issues/13962
+COMPRESSION_RATIO_THRESHOLD = 50
 
 
 # Wheel platform checking