fixed zip traversal vulnerability as per https://support.google.com/faqs/answer/9294009
