build: move to the PEP 621 project

all project metadata was moved to pyproject.toml

Author: Molkree

dev-requirements.txt

@@ -1,3 +1,116 @@
 [build-system]
 requires = ["setuptools >= 64", "wheel"]
-build-backend = "setuptools.build_meta"
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "cve-bin-tool"
+dynamic = ["version"]
+description = "CVE Binary Checker Tool"
+readme = "README.md"
+requires-python = ">=3.9"
+license = "GPL-3.0-or-later"
+authors = [{ name = "Terri Oda", email = "terri.oda@intel.com" }]
+maintainers = [{ name = "Terri Oda", email = "terri.oda@intel.com" }]
+keywords = ["security", "tools", "CVE"]
+classifiers = [
+    "Development Status :: 5 - Production/Stable",
+    "Intended Audience :: Developers",
+    "Natural Language :: English",
+    "Operating System :: OS Independent",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Programming Language :: Python :: Implementation :: CPython",
+    "Programming Language :: Python :: Implementation :: PyPy",
+]
+dependencies = [
+    "aiohttp[speedups]>=3.9.4",
+    "beautifulsoup4",
+    "cvss",
+    "defusedxml",
+    "distro",
+    "filetype>=1.2.0",
+    "gsutil",
+    "importlib_metadata>=3.6; python_version < '3.10'",
+    "importlib_resources; python_version < '3.9'",
+    "jinja2>=2.11.3",
+    "jsonschema>=3.0.2",
+    "lib4sbom>=0.8.7",
+    "lib4vex>=0.2.0",
+    "packageurl-python",
+    "packaging>=22.0",
+    "plotly",
+    "python-gnupg",
+    "pyyaml>=5.4",
+    "requests>=2.32.2",
+    "rich",
+    "rpmfile>=1.0.6",
+    "setuptools>=70.0.0",                               # pinned by Snyk to avoid a vulnerability
+    "toml; python_version < '3.11'",
+    "urllib3>=2.2.2",                                   # dependency of requests added explicitly to avoid CVEs
+    "xmlschema",
+    "zipp>=3.19.1",                                     # not directly required, pinned by Snyk to avoid a vulnerability
+    "zstandard",
+]
+
+[project.optional-dependencies]
+PDF = ["reportlab"]
+dev = [
+    "bandit; python_version <= '3.8'",
+    "bandit==1.8.6; python_version > '3.8'",
+    "black==25.1.0; python_version > '3.8'",
+    "black; python_version <= '3.8'",
+    "build",
+    "isort==6.0.1",
+    "pre-commit; python_version <= '3.8'",
+    "pre-commit==4.3.0; python_version > '3.8'",
+    "codespell==v2.4.1",
+    "flake8==7.3.0",
+    "gitlint==v0.19.1",
+    "interrogate",
+    "jsonschema",
+    "mypy==v1.17.1",
+    "playwright",
+    "pytest>=7.2.0",
+    "pytest-asyncio",
+    "pytest-cov",
+    "pytest-mock",
+    "pytest-playwright",
+    "pytest-xdist",
+    "types-beautifulsoup4",
+    "types-jsonschema",
+    "types-PyYAML",
+    "types-requests",
+    "types-setuptools",
+    "types-toml",
+]
+
+[project.urls]
+homepage = "https://github.com/intel/cve-bin-tool"
+github = "https://github.com/intel/cve-bin-tool"
+issues = "https://github.com/intel/cve-bin-tool/issues"
+documentation = "https://cve-bin-tool.readthedocs.io/en/latest/"
+
+[project.scripts]
+cve-bin-tool = "cve_bin_tool.cli:main"
+csv2cve = "cve_bin_tool.csv2cve:main"
+mismatch = "mismatch.cli:main"
+
+[tool.setuptools.packages.find]
+exclude = ["locales", "presentation"]
+
+[tool.setuptools.dynamic]
+version = { attr = "cve_bin_tool.version.VERSION" }
+
+[tool.setuptools.package-data]
+"cve_bin_tool.output_engine" = [
+    "html_reports/templates/*.html",
+    "html_reports/css/*.css",
+    "html_reports/js/*.js",
+    "print_mode/templates/*.html",
+]
+"cve_bin_tool" = ["schemas/*.xsd"]
+"sbom" = ["*.spdx", "*.json"]
+"mismatch" = ["*.py"]