Backport warning to shutil.unpack_archive docs

Author: encukou

Doc/library/shutil.rst

@@ -562,6 +562,13 @@ provided.  They rely on the :mod:`zipfile` and :mod:`tarfile` modules.
    The ``'data'`` filter will become the default for tar files
    in Python 3.14.
 
+   .. warning::
+
+      Never extract archives from untrusted sources without prior inspection.
+      It is possible that files are created outside of the path specified in
+      the *extract_dir* argument, e.g. members that have absolute filenames
+      starting with "/" or filenames with two dots "..".
+
    .. versionchanged:: 3.7
       Accepts a :term:`path-like object` for *filename* and *extract_dir*.