PyPI is now requiring wheels to be too much compressed #13962
Labels
Comments
moriyoshi
added
bug 🐛
requires triaging
|
I encountered this issue with web3-ethereum-defi and can no longer not upload new versions of the package produced with Poetry. |
miohtama
added a commit
to miohtama/warehouse
that referenced
this issue
Jun 20, 2023
miohtama
added a commit
to tradingstrategy-ai/web3-ethereum-defi
that referenced
this issue
Jun 20, 2023
ewdurbin
added a commit
that referenced
this issue
Jun 21, 2023
* Fix ZIP bomb threshold too low See #13962 * Update legacy.py Set threshold to 100x * Update warehouse/forklift/legacy.py --------- Co-authored-by: Ee Durbin <[email protected]>
|
Should be fixed by #13967. |
msk-rj921
pushed a commit
to InvoBloxTeamHub/ethereum-defi-protocol
that referenced
this issue
Apr 7, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Describe the bug
The change (#13877) done in last week made my valid wheels that contain some native shared objects totally unuploadable. IMO requiring compression ratio < 0.1 is pretty rigorous.
Expected behavior
The threshold is too heuristic. Mitigation for zipbombs should be done in another way.
To Reproduce
Build any wheel of the following project and upload it to pypi:
https://github.com/opencollector/jntajis-python
My Platform
I am using cibuildwheel to build wheels.
Additional context
N/A
The text was updated successfully, but these errors were encountered: