ref-manual: update pypi documentation for CVE_PRODUCT default in 4.1

In 4.1 the pypi class has been updated to set a default CVE_PRODUCT
value.

(From yocto-docs rev: e4b25d6790c3966bad3c63818729c1baaf2b3ca9)

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

documentation/ref-manual/classes.rst

@@ -2018,7 +2018,8 @@ some cases you may need to set it manually in the recipe by setting
 :term:`PYPI_PACKAGE`.
 
 Variables set by the ``pypi`` class include :term:`SRC_URI`, :term:`SECTION`,
-:term:`HOMEPAGE`, :term:`UPSTREAM_CHECK_URI`, and :term:`UPSTREAM_CHECK_REGEX`.
+:term:`HOMEPAGE`, :term:`UPSTREAM_CHECK_URI`, :term:`UPSTREAM_CHECK_REGEX`
+and :term:`CVE_PRODUCT`.
 
 .. _ref-classes-python_flit_core:
 

documentation/ref-manual/variables.rst

@@ -1474,7 +1474,9 @@ system and gives an overview of their function and contents.
       In a recipe, defines the name used to match the recipe name
       against the name in the upstream `NIST CVE database <https://nvd.nist.gov/>`__.
 
-      The default is ${:term:`BPN`}. If it does not match the name in the NIST CVE
+      The default is ${:term:`BPN`} (except for recipes that inherit the
+      :ref:`pypi <ref-classes-pypi>` class where it is set based upon
+      :term:`PYPI_PACKAGE`). If it does not match the name in the NIST CVE
       database or matches with multiple entries in the database, the default
       value needs to be changed.