csspin-python 3.2.0__py3-none-any.whl → 4.1.0rc1__py3-none-any.whl

csspin_python/devpi.py

@@ -17,7 +17,6 @@
 
 """Module implementing the devpi plugin for spin"""
 
-
 from typing import Iterable
 
 from csspin import Command, config, die, exists, readyaml, setenv, sh, task

csspin_python/pytest.py

@@ -17,7 +17,6 @@
 
 """Module implementing the pytest plugin for spin"""
 
-
 from typing import Iterable
 
 from csspin import Path, Verbosity, config, die, interpolate1, option, setenv, sh, task

csspin_python/python.py

@@ -69,13 +69,16 @@ point to the base installation.
 import abc
 import configparser
 import hashlib
+import json
 import logging
 import os
 import re
 import shutil
+import subprocess
 import sys
 from contextlib import contextmanager
-from subprocess import check_output
+from functools import cache
+from subprocess import CalledProcessError, check_output
 from textwrap import dedent, indent
 from typing import Generator, Iterable, Type, Union
 
@@ -88,6 +91,7 @@ except ImportError:
 
 from click.exceptions import Abort
 from csspin import (
+    CONFIG,
     EXPORTS,
     Command,
     Memoizer,
@@ -289,20 +293,65 @@ def nuget_install(cfg: ConfigTree) -> None:
     )
 
 
-def provision(cfg: ConfigTree) -> None:
-    """Provision the python plugin"""
-    if not cfg.python.use and exists(cfg.python.python):
+def _check_venv(  # pylint: disable=too-many-return-statements
+    cfg: ConfigTree,
+) -> bool:
+    """
+    Checks whether the venv is actually a venv compatible
+    with our configuration and not just some dir.
+    """
+    try:
         python_version = (
             check_output([cfg.python.python, "--version"])
             .decode()
             .strip()
             .replace("Python ", "")
         )
-        if python_version and not python_version.startswith(cfg.python.version):
+    except CalledProcessError:
+        return False
+    if not cfg.python.version and not cfg.python.use:
+        return False
+    if cfg.python.use:
+        try:
+            use_python_version = (
+                check_output([cfg.python.use, "--version"])
+                .decode()
+                .strip()
+                .replace("Python ", "")
+            )
+        except CalledProcessError:
+            return False
+        if use_python_version == python_version:
+            return True
+        else:
+            warn(
+                "The cfg.python.use version does not match the cfg.python.python "
+                "version set in the venv. If you want to update the python version "
+                "used in the venv, you have to manually remove it."
+            )
+            return True
+    if python_version.startswith(cfg.python.version):
+        return True
+    return False
+
+
+def provision(cfg: ConfigTree) -> None:
+    """Provision the python plugin"""
+
+    info("Checking venv '{python.venv}'")
+
+    fresh_venv = False
+
+    if exists("{python.venv}"):
+        if not _check_venv(cfg):
             _cleanup_memoed_provisioners(cfg)
             rmtree(cfg.python.provisioner_memo)
             rmtree(cfg.python.aws_auth.memo)
             rmtree(cfg.python.venv)
+            fresh_venv = True
+    else:
+        fresh_venv = True
+
     with memoizer(cfg.python.provisioner_memo) as memo:
         if cfg.python.provisioner is None:
             cfg.python.provisioner = SimpleProvisioner(cfg)
@@ -311,7 +360,7 @@ def provision(cfg: ConfigTree) -> None:
     if not shutil.which(cfg.python.interpreter):
         cfg.python.provisioner.provision_python(cfg)
 
-    venv_provision(cfg)
+    venv_provision(cfg, fresh_venv)
 
     cfg.python.site_packages = get_site_packages(interpreter=cfg.python.python)
 
@@ -468,24 +517,19 @@ class BashActivate(ActivateScriptPatcher):
     replacements = [
         ("deactivate", "origdeactivate"),
     ]
-    old_env_pattern = dedent(
-        """
+    old_env_pattern = dedent("""
         if [ -z ${{{name}+x}} ]; then
             export _OLD_SPIN_UNSET{name}=""
         else
             export _OLD_SPIN_VALUE{name}="${name}"
         fi
-        """
-    )
-    setpattern = dedent(
-        """
+        """)
+    setpattern = dedent("""
         {name}="{value}"
         export {name}
-        """
-    )
+        """)
     resetpattern = indent(
-        dedent(
-            """
+        dedent("""
             if ! [ -z "${{_OLD_SPIN_VALUE{name}+_}}" ] ; then
                 {name}="$_OLD_SPIN_VALUE{name}"
                 export {name}
@@ -495,12 +539,10 @@ class BashActivate(ActivateScriptPatcher):
                 unset {name}
                 unset _OLD_SPIN_UNSET{name}
             fi
-            """
-        ),
+            """),
         prefix="    ",
     )
-    script = dedent(
-        """
+    script = dedent("""
         {patchmarker}
         {original}
         deactivate () {{
@@ -520,8 +562,7 @@ class BashActivate(ActivateScriptPatcher):
         # commands. Without forgetting past commands the $PATH changes
         # we made may not be respected
         hash -r 2>/dev/null
-        """
-    )
+        """)
 
     @staticmethod
     def interpolate_environ_value(value: str) -> str:
@@ -543,24 +584,19 @@ class PowershellActivate(ActivateScriptPatcher):
     old_env_pattern = (
         "New-Variable -Scope global -Name _OLD_SPIN_{name} -Value $env:{name}"
     )
-    setpattern = dedent(
-        """
+    setpattern = dedent("""
         $env:{name} = "{value}"
-        """
-    )
+        """)
     resetpattern = indent(
-        dedent(
-            """
+        dedent("""
                 if (Test-Path variable:_OLD_SPIN_{name}) {{
                     $env:{name} = $variable:_OLD_SPIN_{name}
                     Remove-Variable "_OLD_SPIN_{name}" -Scope global
                 }}
-            """
-        ),
+            """),
         prefix="    ",
     )
-    script = dedent(
-        """
+    script = dedent("""
         {patchmarker}
         {original}
         function global:deactivate([switch] $NonDestructive) {{
@@ -574,8 +610,7 @@ class PowershellActivate(ActivateScriptPatcher):
         deactivate -nondestructive
         {old_value_setters}
         {setters}
-        """
-    )
+        """)
 
     @staticmethod
     def interpolate_environ_value(value: str) -> str:
@@ -592,8 +627,7 @@ class BatchActivate(ActivateScriptPatcher):
     patchmarker = "\nREM Patched by csspin_python.python\n"
     activatescript = Path("{python.scriptdir}") / "activate.bat"
     replacements = []
-    old_env_pattern = dedent(
-        """
+    old_env_pattern = dedent("""
         if defined _OLD_SPIN_VALUE_{name} goto ENDIFSPIN{name}1
         if defined _OLD_SPIN_UNSET_{name} goto ENDIFSPIN{name}2
         if defined {name} goto ENDIFSPIN{name}3
@@ -613,19 +647,16 @@ class BatchActivate(ActivateScriptPatcher):
             set "_OLD_SPIN_UNSET_{name}= "
             goto ENDIFSPIN{name}5
         :ENDIFSPIN{name}5
-        """
-    )
+        """)
     setpattern = 'set "{name}={value}"'
     resetpattern = ""
-    script = dedent(
-        """
+    script = dedent("""
         @echo off
         {patchmarker}
         {original}
         {old_value_setters}
         {setters}
-        """
-    )
+        """)
 
     @staticmethod
     def interpolate_environ_value(value: str) -> str:
@@ -644,8 +675,7 @@ class BatchDeactivate(ActivateScriptPatcher):
     replacements = []
     old_env_pattern = ""
     setpattern = ""
-    resetpattern = dedent(
-        """
+    resetpattern = dedent("""
         if defined _OLD_SPIN_VALUE_{name} goto ENDIFVSPIN{name}1
         if defined _OLD_SPIN_UNSET_{name} goto ENDIFVSPIN{name}2
         :ENDIFVSPIN{name}1
@@ -657,16 +687,13 @@ class BatchDeactivate(ActivateScriptPatcher):
             set _OLD_SPIN_UNSET_{name}=
             goto ENDIFVSPIN{name}0
         :ENDIFVSPIN{name}0
-        """
-    )
-    script = dedent(
-        """
+        """)
+    script = dedent("""
         @echo off
         {patchmarker}
         {original}
         {resetters}
-        """
-    )
+        """)
 
 
 class PythonActivate(ActivateScriptPatcher):
@@ -676,13 +703,11 @@ class PythonActivate(ActivateScriptPatcher):
     old_env_pattern = ""
     setpattern = 'os.environ["{name}"] = fr"{value}"'
     resetpattern = ""
-    script = dedent(
-        """
+    script = dedent("""
         {patchmarker}
         {original}
         {setters}
-        """
-    )
+        """)
 
     @staticmethod
     def interpolate_environ_value(value: str) -> str:
@@ -695,6 +720,30 @@ class PythonActivate(ActivateScriptPatcher):
         return value
 
 
+@cache
+def get_project_metadata(project_path: str, index_url: str) -> dict:  # type: ignore[return] # pylint: disable=inconsistent-return-statements # noqa: E501
+    """
+    Retrieve project metadata of ``project_path`` via ``python -m build
+    --metadata``.
+
+    Cached since ``build --metadata`` is noisy and the output is identical for
+    every caller within the same process.
+    """
+    setenv(PIP_INDEX_URL=index_url)
+    kwargs = {}
+    if CONFIG.verbosity < Verbosity.INFO:
+        kwargs["stderr"] = subprocess.DEVNULL
+    raw_metadata = backtick(
+        "python", "-m", "build", "--metadata", project_path, **kwargs
+    )
+    setenv(PIP_INDEX_URL=None)
+
+    if raw_metadata:
+        return json.loads(raw_metadata)  # type: ignore[no-any-return]
+
+    die(f"Could not retrieve project metadata of '{project_path}'.")
+
+
 def get_site_packages(interpreter: Path) -> Path:
     """Return the path to the virtual environments site-packages."""
     return Path(
@@ -919,15 +968,12 @@ def _req_for_memo(
 
 
 def venv_provision(  # pylint: disable=too-many-branches,missing-function-docstring
-    cfg: ConfigTree,
+    cfg: ConfigTree, fresh_venv: bool = False
 ) -> None:
-    fresh_env = False
-    info("Checking venv '{python.venv}'")
 
-    if not exists(cfg.python.venv):
+    if fresh_venv:
         info("Provisioning venv '{python.venv}'")
         cfg.python.provisioner.provision_venv(cfg)
-        fresh_env = True
 
     # This sets PATH to the venv
     init(cfg)
@@ -935,7 +981,7 @@ def venv_provision(  # pylint: disable=too-many-branches,missing-function-docstr
     _configure_pipconf(cfg)
 
     # Establish the prerequisites
-    if fresh_env:
+    if fresh_venv:
         cfg.python.provisioner.prerequisites(cfg)
 
     # Plugins can define a 'venv_hook' function, to give them a

csspin_python/python_sbom.py

@@ -0,0 +1,196 @@
+# -*- mode: python; coding: utf-8 -*-
+#
+# Copyright (C) 2026 CONTACT Software GmbH
+# https://www.contact-software.com/
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Module implementing the python_sbom plugin for csspin"""
+
+import json
+import sys
+from subprocess import DEVNULL, PIPE
+from tempfile import TemporaryDirectory
+
+from csspin import (
+    Verbosity,
+    backtick,
+    config,
+    die,
+    exists,
+    info,
+    memoizer,
+    rmtree,
+    sh,
+    task,
+)
+from csspin.tree import ConfigTree
+from packaging.requirements import Requirement
+from path import Path
+
+defaults = config(
+    cyclonedx_bom_version="7.3.0",
+    project_paths=["{spin.project_root}"],
+    requires=config(spin=["csspin_python.python"]),
+)
+
+
+@task("python-sbom", when="sbom:build")
+def sbom(cfg: ConfigTree) -> None:
+    """
+    Create the SBOMs for Python projects defined in via
+    'python_sbom.project_paths'.
+
+    This task assumes that the current package defines its dependencies that
+    are to be included in the SBOM via the "thirdparty" extra.
+
+    If there is no such extra, the SBOM generation is skipped.
+    """
+    from csspin_python.python import get_project_metadata
+
+    stderr = PIPE if cfg.verbosity > Verbosity.NORMAL else DEVNULL
+    for project_path in cfg.python_sbom.project_paths:
+        if not exists(project_path):
+            die(f"Project path '{project_path}' does not exist.")
+
+        project_path = Path(project_path).absolute()
+        metadata = get_project_metadata(project_path, cfg.python.index_url)
+        third_party_deps = _collect_thirdparty_deps(
+            metadata.get("requires_dist", set()), python_version=cfg.python.version
+        )
+        sbom_content = _run_cyclonedx(cfg, third_party_deps, stderr)
+        _write_sbom(cfg, sbom_content, metadata.get("name"), metadata.get("version"))
+
+
+def cleanup(cfg: ConfigTree) -> None:
+    """Get rid of all generated .cdx.json files and the cyclonedx-bom venv."""
+    for cdx_file in cfg.spin.project_root.glob("*.python_sbom.cdx.json"):
+        rmtree(cdx_file)
+    rmtree(cfg.spin.project_root / ".spin" / "venv_csspin_python__python_sbom")
+
+
+# ---- Internals ---------------------------------------------------------------
+
+
+def _ensure_cyclonedx_venv(cfg: ConfigTree, binary_dir: str, quiet: str | None) -> Path:
+    """Return the cyclonedx-bom interpreter path, (re)creating the venv if needed.
+
+    We install cyclonedx-bom into a persistent venv since defining it as a
+    dependency of csspin-python itself doesn't work at this moment.
+    See https://github.com/CycloneDX/cyclonedx-python/issues/1045
+    """
+    venv_cdx = cfg.spin.project_root / ".spin" / "venv_csspin_python__python_sbom"
+    interpreter_cdx = venv_cdx / binary_dir / "python" + cfg.platform.exe
+
+    requested_version = cfg.python_sbom.cyclonedx_bom_version
+    memo_key = f"cyclonedx-bom=={requested_version}"
+    memo_file = venv_cdx / "csspin_python_sbom.memo"
+
+    if venv_cdx.exists():
+        with memoizer(memo_file) as memo:
+            if memo.check(memo_key):
+                info(
+                    f"Reusing existing cyclonedx-bom {requested_version} from {venv_cdx}"
+                )
+                return interpreter_cdx
+        info(
+            f"cyclonedx-bom version mismatch (wanted={requested_version}), "
+            f"recreating {venv_cdx}"
+        )
+        rmtree(venv_cdx)
+
+    sh(cfg.python.interpreter, "-m", "venv", venv_cdx)
+    sh(
+        interpreter_cdx,
+        "-m",
+        "pip",
+        quiet,
+        "--disable-pip-version-check",
+        "install",
+        "--index-url",
+        cfg.python.index_url,
+        "cyclonedx-bom==" + requested_version,
+    )
+    with memoizer(memo_file) as memo:
+        memo.add(memo_key)
+    return interpreter_cdx
+
+
+def _run_cyclonedx(cfg: ConfigTree, third_party_deps: set[str], stderr: int) -> str:
+    """
+    Install third-party deps into a temp venv and return the CycloneDX JSON.
+    """
+
+    binary_dir = "Scripts" if sys.platform == "win32" else "bin"
+    quiet = None if cfg.verbosity > Verbosity.NORMAL else "-q"
+    interpreter_cdx = _ensure_cyclonedx_venv(cfg, binary_dir, quiet)
+
+    with TemporaryDirectory() as tmp_dir:
+        venv = Path(tmp_dir) / "venv"
+        interpreter = venv / binary_dir / "python" + cfg.platform.exe
+        sh(cfg.python.interpreter, "-m", "venv", venv)
+        if third_party_deps:
+            sh(
+                interpreter,
+                "-m",
+                "pip",
+                quiet,
+                "install",
+                "--index-url",
+                cfg.python.index_url,
+                *[
+                    f"--constraint={constraint}"
+                    for constraint in cfg.python.constraints
+                ],
+                *third_party_deps,
+                stderr=stderr,
+            )
+        sh(interpreter, "-m", "pip", quiet, "uninstall", "-y", "pip")
+        return backtick(interpreter_cdx, "-m", "cyclonedx_py", "environment", venv, stderr=stderr)  # type: ignore[no-any-return] # noqa: E501
+
+
+def _write_sbom(
+    cfg: ConfigTree, content: str, project_name: str, project_version: str
+) -> None:
+    """Inject project metadata into the cyclonedx JSON and write the output file."""
+    output_file = cfg.spin.project_root / f"{project_name}.python_sbom.cdx.json"
+    # cyclonedx-bom doesn't add primary component name and version when not
+    # using pyproject.toml
+    sbom_json = json.loads(content)
+    sbom_json |= {
+        "metadata": {"component": {"name": project_name, "version": project_version}}
+    }
+    with open(output_file, "w", encoding="utf-8") as f:
+        json.dump(sbom_json, f, indent=2, sort_keys=True)
+    info(f"Generated Python SBOM successfully ({output_file})")
+
+
+def _collect_thirdparty_deps(requires_dist: list, python_version: str) -> set[str]:
+    """Extract 'thirdparty' dependency specifiers from project metadata."""
+
+    import platform
+
+    env = {
+        "sys_platform": sys.platform,
+        "extra": "thirdparty",
+        "platform_system": platform.system(),
+        "python_version": python_version,
+    }
+
+    dependencies = set()
+
+    for require in requires_dist:
+        req = Requirement(require)
+        if req.marker and req.marker.evaluate(environment=env):
+            dependencies.add(req.name + str(req.specifier))
+    return dependencies

csspin_python/python_sbom_schema.yaml

@@ -0,0 +1,18 @@
+# -*- mode: yaml; coding: utf-8 -*-
+#
+# Schema for the python_sbom plugin for csspin
+
+python_sbom:
+    type: object
+    help: Configuration related to the python_sbom plugin for csspin
+    properties:
+        project_paths:
+            type: list
+            help: |
+                List of paths to the Python projects for which to generate the
+                SBOM.
+        cyclonedx_version:
+            type: str
+            help: |
+                Version of the cyclonedx-bom package to use for generating the
+                SBOM.

csspin_python/uv_provisioner.py

@@ -181,8 +181,9 @@ def _update_index_url_in_toml(cfg: ConfigTree) -> None:
     Update the index-url in the uv.toml in case it changed.
     """
     if (uv_toml_path := interpolate1(Path(cfg.uv_provisioner.uv_toml_path))).exists():
-        with open(uv_toml_path, mode="r+b") as fd:
+        with open(uv_toml_path, mode="rb") as fd:
             toml_content = tomllib.load(fd)
-            if toml_content.get("index-url") != cfg.python.index_url:
-                toml_content["index-url"] = cfg.python.index_url
+        if toml_content.get("index-url") != cfg.python.index_url:
+            toml_content["index-url"] = cfg.python.index_url
+            with open(uv_toml_path, mode="wb") as fd:
                 tomli_w.dump(toml_content, fd)

{csspin_python-3.2.0.dist-info → csspin_python-4.1.0rc1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: csspin-python
-Version: 3.2.0
+Version: 4.1.0rc1
 Summary: Plugin-package for csspin providing Python related plugins
 Author-email: CONTACT Software GmbH <info@contact-software.com>
 Maintainer-email: Waleri Enns <waleri.enns@contact-software.com>, Benjamin Thomas Schwertfeger <benjaminthomas.schwertfeger@contact-software.com>, Fabian Hafer <fabian.hafer@contact-software.com>
@@ -15,13 +15,13 @@ Classifier: Development Status :: 5 - Production/Stable
 Classifier: Intended Audience :: Developers
 Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
 Classifier: Topic :: Software Development
-Requires-Python: >=3.9
+Requires-Python: >=3.10
 Description-Content-Type: text/x-rst
 License-File: LICENSE
 Requires-Dist: platformdirs~=4.3.8
@@ -45,18 +45,21 @@ The following plugins are available:
 - `csspin_python.debugpy`: A plugin for debugging Python code using `debugpy`_.
 - `csspin_python.devpi`: A plugin for simplified usage of `devpi`_.
 - `csspin_python.pytest`: A plugin for running tests using pytest.
-- `csspin_python.python`: A plugin for provisioning Python environments  and
-  installing dependencies.
+- `csspin_python.python`: A plugin for provisioning Python environments,
+  installing dependencies, and managing the virtual environment.
+- `csspin_python.python_sbom`: A plugin for generating a `CycloneDX`_ Software
+  Bill of Materials (SBOM) for Python third-party dependencies.
 - `csspin_python.radon`: A plugin for running `radon`_ to analyze code
   complexity.
 - `csspin_python.sphinx`: A plugin for building Sphinx documentation.
 - `csspin_python.playwright`: A plugin for running tests using `playwright`_.
   This plugin is deprecated, use the pytest plugin with the
   'pytest.playwright.enabled=true' setting instead.
-- `csspin_python.uv_provisioner`: A plugin that uses `uv`_ to provision the Python environment.
+- `csspin_python.uv_provisioner`: A plugin that uses `uv`_ to provision the
+  Python environment.
 
 The package provides an ``aws_auth`` extra, that, if enabled, can authenticate
-to `CONTACT Software GmbH`_'s AWS Codeartifact. It also provides an ``uv``
+to `CONTACT Software GmbH`_'s AWS CodeArtifact. It also provides an ``uv``
 extra, that is necessary for using the ``csspin_python.uv_provisioner`` plugin.
 
 Prerequisites
@@ -90,7 +93,7 @@ within the `spinfile.yaml` configuration file of your project.
       - csspin_python.pytest
 
     python:
-      version: 3.9.8
+      version: 3.10.19
       requirements:
         - sphinx-click
         - sphinx-rtd-theme
@@ -120,4 +123,5 @@ tests using ``spin pytest`` and do other great things.
 .. _`devpi`: https://pypi.org/project/devpi
 .. _`playwright`: https://pypi.org/project/pytest-playwright
 .. _`radon`: https://pypi.org/project/radon
+.. _`CycloneDX`: https://cyclonedx.org/
 .. _`uv`: https://docs.astral.sh/uv/

{csspin_python-3.2.0.dist-info → csspin_python-4.1.0rc1.dist-info}/RECORD

@@ -2,20 +2,22 @@ csspin_python/behave.py,sha256=iJZeyIqB7V_NzTdLTZldNY9W_GGwCWkXe6WY69wpDqs,4997
 csspin_python/behave_schema.yaml,sha256=8qoOCK-uTmwgRRW29urgK0X_kgn0zO0X34v89bvii2w,1241
 csspin_python/debugpy.py,sha256=v0ZZopv5TNoSaFf2kiePsw9OmhBpjfOBFh0u71jTcnQ,962
 csspin_python/debugpy_schema.yaml,sha256=BeH30nSirDYctkdhS9xMXUG5htj3PED_ZjmxPG5WRUc,364
-csspin_python/devpi.py,sha256=C-5O_vA06CwQR4uElOw-2VH2-m001SpxowM_X6RbRwo,2352
+csspin_python/devpi.py,sha256=o7O06Dw-xt47y-M74TShcl9MUMaW78aFmw6i6ISYwoU,2351
 csspin_python/devpi_schema.yaml,sha256=2gPATWjVcfvCTrGZX2FK6wH8hh9KS0XzZ35JvZeJGEU,487
 csspin_python/playwright.py,sha256=oFfphLqa4AB6K9vasCUFHN0kFXu63n3ocrsqVuRp4-0,5102
 csspin_python/playwright_schema.yaml,sha256=TSeR16YHa7m7bfO59F2eMV-jXcglluTJdEpUeL16saY,1178
-csspin_python/pytest.py,sha256=pTOb5zFd9RINZwJsHNaRuSGVDkPMABzaAhwpAJo1nQE,4574
+csspin_python/pytest.py,sha256=N9YaU_ouQab0PFPf46HLE7Vg4JeoZW4dzVD7EevqJ1U,4573
 csspin_python/pytest_schema.yaml,sha256=tzXtdF6MvGC9v59EVRJFfLeMMHqPsXcFXy2zJtRECBI,1535
-csspin_python/python.py,sha256=rSdF72FkcxiCrzLWSV7Cr4Thx5OgHGN7b6RKgOaXFEg,35871
+csspin_python/python.py,sha256=yqH1eG6mqRJomu-F99cB74PFaUzbSoG_dhpUjYwr1xE,37725
+csspin_python/python_sbom.py,sha256=RpqobiJ768Q6no7uwYAqvykp1-Bj0bkvED3a3pZbEBI,6817
+csspin_python/python_sbom_schema.yaml,sha256=VCxY9E2AG_fS00dvIYe6Fbvz1maPjpY0zyZK1Z0wJu4,538
 csspin_python/python_schema.yaml,sha256=pgVVjByUYjxQWek7aFmjQzRwmq2ROLvHYgwGPMrT9sM,6351
 csspin_python/radon.py,sha256=uFqm6FEi5oWj-_XVaAm3s9cam0cUmr1_FwRf40K6xWs,1876
 csspin_python/radon_schema.yaml,sha256=rlRzXw5z4XbjOVznRiUxWGP4E9hx1Jm-gGw1iQiYzE0,548
-csspin_python/uv_provisioner.py,sha256=MGedx4e286ZE1miwh70y6b3wePw3mmc0m1kG6H_738I,5999
+csspin_python/uv_provisioner.py,sha256=1e-_Sb39JrqNWyaUNeBX59R5tutXLJ1ZsT7urCN1U0I,6044
 csspin_python/uv_provisioner_schema.yaml,sha256=Y8ZNC2OMnhR8Us3WUXAXK9hMjqGWAKFJB2puX4X5XNQ,727
-csspin_python-3.2.0.dist-info/licenses/LICENSE,sha256=4MAecetnRTQw5DlHtiikDSzKWO1xVLwzM5_DsPMYlnE,10172
-csspin_python-3.2.0.dist-info/METADATA,sha256=54Kz-P7RQC4aHc31QmvyZnY2QSZgrnn9BnIW5ogr8ws,5031
-csspin_python-3.2.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-csspin_python-3.2.0.dist-info/top_level.txt,sha256=QSeglMEGbFu1z4L6MCQYwo01NgL0KojWvC4rzgMQ8gU,14
-csspin_python-3.2.0.dist-info/RECORD,,
+csspin_python-4.1.0rc1.dist-info/licenses/LICENSE,sha256=4MAecetnRTQw5DlHtiikDSzKWO1xVLwzM5_DsPMYlnE,10172
+csspin_python-4.1.0rc1.dist-info/METADATA,sha256=kW0dZXu1Wwuhw4EooWroAHOZGMw5wjBso1MFJDzkJX8,5257
+csspin_python-4.1.0rc1.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
+csspin_python-4.1.0rc1.dist-info/top_level.txt,sha256=QSeglMEGbFu1z4L6MCQYwo01NgL0KojWvC4rzgMQ8gU,14
+csspin_python-4.1.0rc1.dist-info/RECORD,,

{csspin_python-3.2.0.dist-info → csspin_python-4.1.0rc1.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (80.9.0)
+Generator: setuptools (82.0.1)
 Root-Is-Purelib: true
 Tag: py3-none-any