The Python Package Index (PyPI), run by the Python Software Foundation, has officially invalidated all the publishing tokens that were stolen in the GhostAction supply chain attack that happened ...