fix: install into a Python 3.12 venv fails due to setuptools being a runtime dependency not just a dev dependency

[cpswan]

Description

After installing cve-bin-tool from PyPI into a Python 3.12 venv it won't run without first manually installing the setuptools package.

cve-bin-tool --version

Traceback (most recent call last):
  File "/home/chris/python/venvs/cve-bin-tool/bin/cve-bin-tool", line 5, in <module>
    from cve_bin_tool.cli import main
  File "/home/chris/python/venvs/cve-bin-tool/lib/python3.12/site-packages/cve_bin_tool/cli.py", line 75, in <module>
    from cve_bin_tool.version_scanner import VersionScanner
  File "/home/chris/python/venvs/cve-bin-tool/lib/python3.12/site-packages/cve_bin_tool/version_scanner.py", line 13, in <module>
    from cve_bin_tool.egg_updater import IS_DEVELOP, update_egg
  File "/home/chris/python/venvs/cve-bin-tool/lib/python3.12/site-packages/cve_bin_tool/egg_updater.py", line 9, in <module>
    from setuptools import Distribution, find_packages
ModuleNotFoundError: No module named 'setuptools'

To reproduce

I was using uv initially:

1. Create a fresh venv: uv venv -p 3.12 cve-bin-tool
2. Activate the venv: . cve-bin-tool/bin/activate
3. Install cve-bin-tool from PyPI: uv pip install cve-bin-tool
4. Run cve-bin-tool: cve-bin-tool --version

But this can also be recreated using the traditional (slower) Python mechanisms:

python3.12 -m venv oldskool-cve-bin-tool
. oldskool-cve-bin-tool/bin/activate
pip install cve-bin-tool
cve-bin-tool --version

Expected behaviour: cve-bin-tool prints it's version (3.3)
Actual behaviour: stack trace with ModuleNotFoundError: No module named 'setuptools'

After doing a pip install setuptools things work as expected:

cve-bin-tool --version
3.3

Version/platform info

Version of CVE-bin-tool( e.g. output of cve-bin-tool --version): 3.3
Installed from pypi or github? PyPI
Operating system: Linux DB4 5.15.153.1-microsoft-standard-WSL2 #1 SMP Fri Mar 29 23:14:13 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Python version (e.g. python3 --version): Python 3.12.3
Running in any particular CI environment we should know about? No
uv version: 0.1.2

Anything else?

I also tried installing into a venv using the system Python (3.8.10):

python3 -m venv 2oldskool-cve-bin-tool
. ./2oldskool-cve-bin-tool/bin/activate
pip install cve-bin-tool

This results in a bunch of error: invalid command 'bdist_wheel' but does result in a working install (at least for showing version info).

Collecting cve-bin-tool
  Downloading cve_bin_tool-3.3-py3-none-any.whl (1.7 MB)
     |████████████████████████████████| 1.7 MB 8.6 MB/s
Collecting aiohttp[speedups]>=3.9.2
  Downloading aiohttp-3.9.5-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.3 MB)
     |████████████████████████████████| 1.3 MB 68.8 MB/s
Collecting filetype>=1.2.0
  Downloading filetype-1.2.0-py2.py3-none-any.whl (19 kB)
Collecting cvss
  Downloading cvss-3.1-py2.py3-none-any.whl (30 kB)
Collecting rpmfile>=1.0.6
  Downloading rpmfile-2.1.0-py3-none-any.whl (17 kB)
Collecting importlib-metadata>=3.6; python_version < "3.10"
  Downloading importlib_metadata-8.2.0-py3-none-any.whl (25 kB)
Collecting urllib3>=1.26.5
  Downloading urllib3-2.2.2-py3-none-any.whl (121 kB)
     |████████████████████████████████| 121 kB 76.2 MB/s
Collecting distro
  Downloading distro-1.9.0-py3-none-any.whl (20 kB)
Collecting packaging
  Downloading packaging-24.1-py3-none-any.whl (53 kB)
     |████████████████████████████████| 53 kB 2.1 MB/s
Collecting xmlschema
  Downloading xmlschema-3.3.1-py3-none-any.whl (415 kB)
     |████████████████████████████████| 415 kB 15.6 MB/s
Collecting defusedxml
  Downloading defusedxml-0.7.1-py2.py3-none-any.whl (25 kB)
Collecting python-gnupg
  Downloading python_gnupg-0.5.2-py2.py3-none-any.whl (20 kB)
Collecting rich
  Downloading rich-13.7.1-py3-none-any.whl (240 kB)
     |████████████████████████████████| 240 kB 49.3 MB/s
Collecting gsutil
  Downloading gsutil-5.30.tar.gz (3.0 MB)
     |████████████████████████████████| 3.0 MB 77.6 MB/s
Collecting packageurl-python
  Downloading packageurl_python-0.15.6-py3-none-any.whl (28 kB)
Collecting beautifulsoup4
  Using cached beautifulsoup4-4.12.3-py3-none-any.whl (147 kB)
Collecting zstandard; python_version >= "3.4"
  Downloading zstandard-0.23.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (5.4 MB)
     |████████████████████████████████| 5.4 MB 68.8 MB/s
Collecting jinja2>=2.11.3
  Downloading jinja2-3.1.4-py3-none-any.whl (133 kB)
     |████████████████████████████████| 133 kB 44.8 MB/s
Collecting pyyaml>=5.4
  Using cached PyYAML-6.0.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (736 kB)
Collecting plotly
  Downloading plotly-5.23.0-py3-none-any.whl (17.3 MB)
     |████████████████████████████████| 17.3 MB 48.0 MB/s
Collecting importlib-resources; python_version < "3.9"
  Downloading importlib_resources-6.4.0-py3-none-any.whl (38 kB)
Collecting requests
  Downloading requests-2.32.3-py3-none-any.whl (64 kB)
     |████████████████████████████████| 64 kB 4.3 MB/s
Collecting jsonschema>=3.0.2
  Downloading jsonschema-4.23.0-py3-none-any.whl (88 kB)
     |████████████████████████████████| 88 kB 9.3 MB/s
Collecting toml; python_version < "3.11"
  Downloading toml-0.10.2-py2.py3-none-any.whl (16 kB)
Collecting lib4sbom>=0.5.0
  Downloading lib4sbom-0.7.1-py2.py3-none-any.whl (2.1 MB)
     |████████████████████████████████| 2.1 MB 63.3 MB/s
Collecting attrs>=17.3.0
  Downloading attrs-23.2.0-py3-none-any.whl (60 kB)
     |████████████████████████████████| 60 kB 9.0 MB/s
Collecting multidict<7.0,>=4.5
  Downloading multidict-6.0.5-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (129 kB)
     |████████████████████████████████| 129 kB 57.6 MB/s
Collecting async-timeout<5.0,>=4.0; python_version < "3.11"
  Downloading async_timeout-4.0.3-py3-none-any.whl (5.7 kB)
Collecting yarl<2.0,>=1.0
  Downloading yarl-1.9.4-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (308 kB)
     |████████████████████████████████| 308 kB 12.1 MB/s
Collecting frozenlist>=1.1.1
  Downloading frozenlist-1.4.1-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl (240 kB)
     |████████████████████████████████| 240 kB 48.7 MB/s
Collecting aiosignal>=1.1.2
  Downloading aiosignal-1.3.1-py3-none-any.whl (7.6 kB)
Collecting Brotli; platform_python_implementation == "CPython" and extra == "speedups"
  Downloading Brotli-1.1.0-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.whl (2.8 MB)
     |████████████████████████████████| 2.8 MB 68.4 MB/s
Collecting aiodns; (sys_platform == "linux" or sys_platform == "darwin") and extra == "speedups"
  Downloading aiodns-3.2.0-py3-none-any.whl (5.7 kB)
Collecting zipp>=0.5
  Downloading zipp-3.19.2-py3-none-any.whl (9.0 kB)
Collecting elementpath<5.0.0,>=4.4.0
  Downloading elementpath-4.4.0-py3-none-any.whl (219 kB)
     |████████████████████████████████| 219 kB 60.8 MB/s
Collecting markdown-it-py>=2.2.0
  Downloading markdown_it_py-3.0.0-py3-none-any.whl (87 kB)
     |████████████████████████████████| 87 kB 8.8 MB/s
Collecting typing-extensions<5.0,>=4.0.0; python_version < "3.9"
  Downloading typing_extensions-4.12.2-py3-none-any.whl (37 kB)
Collecting pygments<3.0.0,>=2.13.0
  Downloading pygments-2.18.0-py3-none-any.whl (1.2 MB)
     |████████████████████████████████| 1.2 MB 53.8 MB/s
Collecting argcomplete>=1.9.4
  Downloading argcomplete-3.4.0-py3-none-any.whl (42 kB)
     |████████████████████████████████| 42 kB 1.4 MB/s
Collecting crcmod>=1.7
  Downloading crcmod-1.7.tar.gz (89 kB)
     |████████████████████████████████| 89 kB 10.5 MB/s
Collecting fasteners>=0.14.1
  Downloading fasteners-0.19-py3-none-any.whl (18 kB)
Collecting gcs-oauth2-boto-plugin>=3.2
  Downloading gcs-oauth2-boto-plugin-3.2.tar.gz (22 kB)
Collecting google-apitools>=0.5.32
  Downloading google_apitools-0.5.32-py3-none-any.whl (135 kB)
     |████████████████████████████████| 135 kB 58.1 MB/s
Collecting google-auth-httplib2>=0.2.0
  Downloading google_auth_httplib2-0.2.0-py2.py3-none-any.whl (9.3 kB)
Collecting google-auth[aiohttp]==2.17.0
  Downloading google_auth-2.17.0-py2.py3-none-any.whl (178 kB)
     |████████████████████████████████| 178 kB 66.7 MB/s
Collecting google-reauth>=0.1.0
  Downloading google_reauth-0.1.1-py2.py3-none-any.whl (17 kB)
Collecting httplib2==0.20.4
  Downloading httplib2-0.20.4-py3-none-any.whl (96 kB)
     |████████████████████████████████| 96 kB 6.5 MB/s
Collecting monotonic>=1.4
  Downloading monotonic-1.6-py2.py3-none-any.whl (8.2 kB)
Collecting pyOpenSSL>=0.13
  Downloading pyOpenSSL-24.2.1-py3-none-any.whl (58 kB)
     |████████████████████████████████| 58 kB 7.0 MB/s
Collecting retry_decorator>=1.0.0
  Downloading retry_decorator-1.1.1.tar.gz (3.9 kB)
Collecting six>=1.16.0
  Using cached six-1.16.0-py2.py3-none-any.whl (11 kB)
Collecting soupsieve>1.2
  Using cached soupsieve-2.5-py3-none-any.whl (36 kB)
Collecting MarkupSafe>=2.0
  Downloading MarkupSafe-2.1.5-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (26 kB)
Collecting tenacity>=6.2.0
  Downloading tenacity-8.5.0-py3-none-any.whl (28 kB)
Collecting charset-normalizer<4,>=2
  Using cached charset_normalizer-3.3.2-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (141 kB)
Collecting certifi>=2017.4.17
  Downloading certifi-2024.7.4-py3-none-any.whl (162 kB)
     |████████████████████████████████| 162 kB 51.1 MB/s
Collecting idna<4,>=2.5
  Downloading idna-3.7-py3-none-any.whl (66 kB)
     |████████████████████████████████| 66 kB 5.7 MB/s
Collecting pkgutil-resolve-name>=1.3.10; python_version < "3.9"
  Using cached pkgutil_resolve_name-1.3.10-py3-none-any.whl (4.7 kB)
Collecting jsonschema-specifications>=2023.03.6
  Downloading jsonschema_specifications-2023.12.1-py3-none-any.whl (18 kB)
Collecting referencing>=0.28.4
  Downloading referencing-0.35.1-py3-none-any.whl (26 kB)
Collecting rpds-py>=0.7.1
  Downloading rpds_py-0.19.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (355 kB)
     |████████████████████████████████| 355 kB 70.8 MB/s
Collecting semantic-version
  Using cached semantic_version-2.10.0-py2.py3-none-any.whl (15 kB)
Collecting pycares>=4.0.0
  Downloading pycares-4.4.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (288 kB)
     |████████████████████████████████| 288 kB 10.1 MB/s
Collecting mdurl~=0.1
  Downloading mdurl-0.1.2-py3-none-any.whl (10.0 kB)
Collecting boto>=2.29.1
  Downloading boto-2.49.0-py2.py3-none-any.whl (1.4 MB)
     |████████████████████████████████| 1.4 MB 46.2 MB/s
Collecting oauth2client>=2.2.0
  Downloading oauth2client-4.1.3-py2.py3-none-any.whl (98 kB)
     |████████████████████████████████| 98 kB 8.6 MB/s
Collecting rsa==4.7.2
  Downloading rsa-4.7.2-py3-none-any.whl (34 kB)
Collecting cachetools<6.0,>=2.0.0
  Downloading cachetools-5.4.0-py3-none-any.whl (9.5 kB)
Collecting pyasn1-modules>=0.2.1
  Downloading pyasn1_modules-0.4.0-py3-none-any.whl (181 kB)
     |████████████████████████████████| 181 kB 65.0 MB/s
Collecting pyu2f
  Downloading pyu2f-0.1.5.tar.gz (27 kB)
Collecting pyparsing!=3.0.0,!=3.0.1,!=3.0.2,!=3.0.3,<4,>=2.4.2; python_version > "3.0"
  Downloading pyparsing-3.1.2-py3-none-any.whl (103 kB)
     |████████████████████████████████| 103 kB 46.6 MB/s
Collecting cryptography<44,>=41.0.5
  Downloading cryptography-43.0.0-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (4.0 MB)
     |████████████████████████████████| 4.0 MB 76.5 MB/s
Collecting cffi>=1.5.0
  Downloading cffi-1.16.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (444 kB)
     |████████████████████████████████| 444 kB 61.6 MB/s
Collecting pyasn1>=0.1.7
  Downloading pyasn1-0.6.0-py2.py3-none-any.whl (85 kB)
     |████████████████████████████████| 85 kB 5.3 MB/s
Collecting pycparser
  Downloading pycparser-2.22-py3-none-any.whl (117 kB)
     |████████████████████████████████| 117 kB 77.4 MB/s
Building wheels for collected packages: gsutil, crcmod, gcs-oauth2-boto-plugin, retry-decorator, pyu2f
  Building wheel for gsutil (setup.py) ... error
  ERROR: Command errored out with exit status 1:
   command: /home/chris/python/venvs/oldskool-cve-bin-tool/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-6fmmze66/gsutil/setup.py'"'"'; __file__='"'"'/tmp/pip-install-6fmmze66/gsutil/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' bdist_wheel -d /tmp/pip-wheel-6p4dlzyl
       cwd: /tmp/pip-install-6fmmze66/gsutil/
  Complete output (6 lines):
  usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
     or: setup.py --help [cmd1 cmd2 ...]
     or: setup.py --help-commands
     or: setup.py cmd --help

  error: invalid command 'bdist_wheel'
  ----------------------------------------
  ERROR: Failed building wheel for gsutil
  Running setup.py clean for gsutil
  Building wheel for crcmod (setup.py) ... error
  ERROR: Command errored out with exit status 1:
   command: /home/chris/python/venvs/oldskool-cve-bin-tool/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-6fmmze66/crcmod/setup.py'"'"'; __file__='"'"'/tmp/pip-install-6fmmze66/crcmod/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' bdist_wheel -d /tmp/pip-wheel-6k611ul_
       cwd: /tmp/pip-install-6fmmze66/crcmod/
  Complete output (6 lines):
  usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
     or: setup.py --help [cmd1 cmd2 ...]
     or: setup.py --help-commands
     or: setup.py cmd --help

  error: invalid command 'bdist_wheel'
  ----------------------------------------
  ERROR: Failed building wheel for crcmod
  Running setup.py clean for crcmod
  Building wheel for gcs-oauth2-boto-plugin (setup.py) ... error
  ERROR: Command errored out with exit status 1:
   command: /home/chris/python/venvs/oldskool-cve-bin-tool/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-6fmmze66/gcs-oauth2-boto-plugin/setup.py'"'"'; __file__='"'"'/tmp/pip-install-6fmmze66/gcs-oauth2-boto-plugin/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' bdist_wheel -d /tmp/pip-wheel-nyghc8nl
       cwd: /tmp/pip-install-6fmmze66/gcs-oauth2-boto-plugin/
  Complete output (6 lines):
  usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
     or: setup.py --help [cmd1 cmd2 ...]
     or: setup.py --help-commands
     or: setup.py cmd --help

  error: invalid command 'bdist_wheel'
  ----------------------------------------
  ERROR: Failed building wheel for gcs-oauth2-boto-plugin
  Running setup.py clean for gcs-oauth2-boto-plugin
  Building wheel for retry-decorator (setup.py) ... error
  ERROR: Command errored out with exit status 1:
   command: /home/chris/python/venvs/oldskool-cve-bin-tool/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-6fmmze66/retry-decorator/setup.py'"'"'; __file__='"'"'/tmp/pip-install-6fmmze66/retry-decorator/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' bdist_wheel -d /tmp/pip-wheel-_7qnaz62
       cwd: /tmp/pip-install-6fmmze66/retry-decorator/
  Complete output (6 lines):
  usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
     or: setup.py --help [cmd1 cmd2 ...]
     or: setup.py --help-commands
     or: setup.py cmd --help

  error: invalid command 'bdist_wheel'
  ----------------------------------------
  ERROR: Failed building wheel for retry-decorator
  Running setup.py clean for retry-decorator
  Building wheel for pyu2f (setup.py) ... error
  ERROR: Command errored out with exit status 1:
   command: /home/chris/python/venvs/oldskool-cve-bin-tool/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-6fmmze66/pyu2f/setup.py'"'"'; __file__='"'"'/tmp/pip-install-6fmmze66/pyu2f/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' bdist_wheel -d /tmp/pip-wheel-bzpa5vr8
       cwd: /tmp/pip-install-6fmmze66/pyu2f/
  Complete output (6 lines):
  usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
     or: setup.py --help [cmd1 cmd2 ...]
     or: setup.py --help-commands
     or: setup.py cmd --help

  error: invalid command 'bdist_wheel'
  ----------------------------------------
  ERROR: Failed building wheel for pyu2f
  Running setup.py clean for pyu2f
Failed to build gsutil crcmod gcs-oauth2-boto-plugin retry-decorator pyu2f
Installing collected packages: attrs, multidict, async-timeout, idna, yarl, frozenlist, aiosignal, Brotli, pycparser, cffi, pycares, aiodns, aiohttp, filetype, cvss, rpmfile, zipp, importlib-metadata, urllib3, distro, packaging, elementpath, xmlschema, defusedxml, python-gnupg, mdurl, markdown-it-py, typing-extensions, pygments, rich, argcomplete, crcmod, fasteners, boto, cachetools, pyasn1, rsa, pyasn1-modules, six, charset-normalizer, certifi, requests, google-auth, pyparsing, httplib2, google-auth-httplib2, pyu2f, google-reauth, oauth2client, cryptography, pyOpenSSL, retry-decorator, gcs-oauth2-boto-plugin, google-apitools, monotonic, gsutil, packageurl-python, soupsieve, beautifulsoup4, zstandard, MarkupSafe, jinja2, pyyaml, tenacity, plotly, importlib-resources, pkgutil-resolve-name, rpds-py, referencing, jsonschema-specifications, jsonschema, toml, semantic-version, lib4sbom, cve-bin-tool
    Running setup.py install for crcmod ... done
    Running setup.py install for pyu2f ... done
    Running setup.py install for retry-decorator ... done
    Running setup.py install for gcs-oauth2-boto-plugin ... done
    Running setup.py install for gsutil ... done
Successfully installed Brotli-1.1.0 MarkupSafe-2.1.5 aiodns-3.2.0 aiohttp-3.9.5 aiosignal-1.3.1 argcomplete-3.4.0 async-timeout-4.0.3 attrs-23.2.0 beautifulsoup4-4.12.3 boto-2.49.0 cachetools-5.4.0 certifi-2024.7.4 cffi-1.16.0 charset-normalizer-3.3.2 crcmod-1.7 cryptography-43.0.0 cve-bin-tool-3.3 cvss-3.1 defusedxml-0.7.1 distro-1.9.0 elementpath-4.4.0 fasteners-0.19 filetype-1.2.0 frozenlist-1.4.1 gcs-oauth2-boto-plugin-3.2 google-apitools-0.5.32 google-auth-2.17.0 google-auth-httplib2-0.2.0 google-reauth-0.1.1 gsutil-5.30 httplib2-0.20.4 idna-3.7 importlib-metadata-8.2.0 importlib-resources-6.4.0 jinja2-3.1.4 jsonschema-4.23.0 jsonschema-specifications-2023.12.1 lib4sbom-0.7.1 markdown-it-py-3.0.0 mdurl-0.1.2 monotonic-1.6 multidict-6.0.5 oauth2client-4.1.3 packageurl-python-0.15.6 packaging-24.1 pkgutil-resolve-name-1.3.10 plotly-5.23.0 pyOpenSSL-24.2.1 pyasn1-0.6.0 pyasn1-modules-0.4.0 pycares-4.4.0 pycparser-2.22 pygments-2.18.0 pyparsing-3.1.2 python-gnupg-0.5.2 pyu2f-0.1.5 pyyaml-6.0.1 referencing-0.35.1 requests-2.32.3 retry-decorator-1.1.1 rich-13.7.1 rpds-py-0.19.1 rpmfile-2.1.0 rsa-4.7.2 semantic-version-2.10.0 six-1.16.0 soupsieve-2.5 tenacity-8.5.0 toml-0.10.2 typing-extensions-4.12.2 urllib3-2.2.2 xmlschema-3.3.1 yarl-1.9.4 zipp-3.19.2 zstandard-0.23.0

[terriko]

Looks like setuptools is missing from https://github.com/intel/cve-bin-tool/blob/main/requirements.txt (It's in dev-requirements.txt but not the main requirements.txt used to build the package). Thanks for pointing that out!

Should be an easy fix in source. (just add "setuptools>=65.5.1" to requirements.txt and similar in requirements.csv for scanning).

I'll likely need to generate a 3.3.1 release to fix the package after it's merged, which may take a bit longer because of our release processes.