The Python Package Index is introducing new restrictions to protect Python package installers and inspectors from ZIP confusion attacks. There is no evidence that this vulnerability has been exploited. Read the blog post for more information:

Preventing ZIP parser confusion attacks on Python package installers - The Python Package Index Blog

PyPI will begin warning and will later reject wheels that contain differentiable ZIP features or incorrect RECORD files.