Progress on Zip Bomb vulnerability

[krnick]

Hello @vstinner ,

Thank you very much for recording all the issues related to Python security.
I am Junwei Song, the reporter of the zip bomb vulnerability.

This patch does not fix the CPython zipfile library itself. Instead, we improved the documentation with Serhiy and Christian's suggestion to inform users of the problems they might have and the pull request got merged last week.

The link below is the pull request
python/cpython#13378

Also, the improvement of the documentation was
committed in versions 3.8 and 3.9 😄.

Thank you!

[vstinner]

I removed Zip Bomb from vulnerabilities and document it instead:
33037c8