Restrict PyPI package file types
Problem
A user could use the PyPI upload endpoints to upload files of any type. This presents an unnecessary security vulnerability.
Solution
We should restrict files uploaded to this endpoint to only allow for .tar.gz
and .whl
files. It should be double checked that these are the only file types PyPI allows and update to include any other filetypes that may be allowed.