[features/conda] Address CVE-2023-0286, CVE-2023-23931, and CVE-2022-40897 vulnerabilities (#518)feature_conda_1.0.9

* [features/conda] Address CVE-2023-0286, CVE-2023-23931, and CVE-2022-40897 vulnerabilities

- Update `install.sh` to install updates for `cryptography` and `setuptools`  packages
- Add tests to verify `cryptography` and `setuptools`  packages version

* Bump feature version

2 files changed, 7 insertions, 2 deletions

diff --git a/src/conda/devcontainer-feature.json b/src/conda/devcontainer-feature.json
index 8e1a5fc..9a23652 100644
--- a/src/conda/devcontainer-feature.json
+++ b/src/conda/devcontainer-feature.json
@@ -1,6 +1,6 @@
 {
     "id": "conda",
-    "version": "1.0.8",
+    "version": "1.0.9",
     "name": "Conda",
     "description": "A cross-platform, language-agnostic binary package manager",
     "documentationURL": "https://github.com/devcontainers/features/tree/main/src/conda",
diff --git a/src/conda/install.sh b/src/conda/install.sh
index 55b280c..43ab82f 100644
--- a/src/conda/install.sh
+++ b/src/conda/install.sh
@@ -114,8 +114,13 @@ if ! conda --version &> /dev/null ; then
     
     find "${CONDA_DIR}" -type d -print0 | xargs -n 1 -0 chmod g+s
 
-    # Temporary due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491
+    # Temporary fixes
+    # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491
     install_user_package certifi
+    # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286 and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23931
+    install_user_package cryptography
+    # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897
+    install_user_package setuptools
 fi
 
 # Display a notice on conda when not running in GitHub Codespaces