[features/conda] Address CVE-2023-0286, CVE-2023-23931, and CVE-2022-40897 vulnerabilities (#518)feature_conda_1.0.9

* [features/conda] Address CVE-2023-0286, CVE-2023-23931, and CVE-2022-40897 vulnerabilities - Update `install.sh` to install updates for `cryptography` and `setuptools` packages - Add tests to verify `cryptography` and `setuptools` packages version * Bump feature version
author: Alexander Smolyakov <v-asmoliakov@microsoft.com> 2023-04-06 20:02:49 +0300
committer: GitHub <noreply@github.com> 2023-04-06 20:02:49 +0300
commit: 8d3e9aca9d352a3c4459e321de5d0a0b12062112 (patch)
tree: 1289e63c1b4fc840f02f29bf1c56fcd5c8731df6 /src/conda/install.sh
parent: 74959ec14975fe1c95133dc6d3ad5677e4cf66e1 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/src/conda/install.sh b/src/conda/install.sh
index 55b280c..43ab82f 100644
--- a/src/conda/install.sh
+++ b/src/conda/install.sh
@@ -114,8 +114,13 @@ if ! conda --version &> /dev/null ; then
     
     find "${CONDA_DIR}" -type d -print0 | xargs -n 1 -0 chmod g+s
 
-    # Temporary due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491
+    # Temporary fixes
+    # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491
     install_user_package certifi
+    # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286 and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23931
+    install_user_package cryptography
+    # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897
+    install_user_package setuptools
 fi
 
 # Display a notice on conda when not running in GitHub Codespaces
author	Alexander Smolyakov <v-asmoliakov@microsoft.com>	2023-04-06 20:02:49 +0300
committer	GitHub <noreply@github.com>	2023-04-06 20:02:49 +0300
commit	8d3e9aca9d352a3c4459e321de5d0a0b12062112 (patch)
tree	1289e63c1b4fc840f02f29bf1c56fcd5c8731df6 /src/conda/install.sh
parent	74959ec14975fe1c95133dc6d3ad5677e4cf66e1 (diff)