In jaraco/zipp#117, I learned that the current implementation of is_symlink might have a security risk if a user is relying on it to ensure that a zipfile has no symlinks before using another tool to extract it.

zipp 3.19.0 adds an implementation for Path.is_symlink to alleviate this risk.

CPython should adopt this change as well, possibly as a security fix.

Linked PRs

• gh-119588: Implement zipfile.Path.is_symlink (zipp 3.19.0). #119591
• [3.13] gh-119588: Implement zipfile.Path.is_symlink (zipp 3.19.0). (GH-119591) #119985
• [3.12] gh-119588: Implement zipfile.Path.is_symlink (zipp 3.19.0). (GH-119591) #119988
• gh-119588: Update docs to reflect decision to include the change with Python 3.13 and not 3.12. #120043
• [3.13] gh-119588: Update docs to reflect decision to include the change with Python 3.13 and not 3.12. (GH-120043) #120046