[universal] Update setuptools package for Python v3.9 due to CVE-2022-40897 (devcontainers#519)

* [universal] Update setuptools due to CVE-2022-40897

- Bump Python 3.9 minor version
- Updated Dockerfile to install updated versions of `setuptools` package
- Added test to verify `setuptools` minimum version

* Revert "[universal] Update setuptools due to CVE-2022-40897"

This reverts commit 011db92.

* Rework: [universal] Update setuptools due to CVE-2022-40897

- Bump Python version 3.9.7 -> 3.9.16
- Update `setup-user` local feature to install updated `setuptools` package for Python v3.9.16
- Add tests to verify the `setuptools` minimum version for Python distributions

* Address review comments

- Replace Python minor version with an asterisk in the path to make the path to Python distribution universal
- Update tests to provide more context regarding version checks

Author: alexander-smolyakov

src/universal/.devcontainer/devcontainer.json

@@ -24,7 +24,7 @@
         "./local-features/nvs": "latest",
         "ghcr.io/devcontainers/features/python:1": {
             "version": "3.10.4",
-            "additionalVersions": "3.9.7",
+            "additionalVersions": "3.9.16",
             "installJupyterlab": "true",
             "configureJupyterlabAllowOrigin": "*"
         },

src/universal/.devcontainer/local-features/setup-user/install.sh

@@ -45,6 +45,8 @@ sudo_if() {
 # They are installed by the base image (python) which does not have the patch.
 sudo_if /usr/local/python/current/bin/python -m pip uninstall --yes setuptools
 sudo_if /usr/local/python/current/bin/python -m pip install --user --upgrade --no-cache-dir setuptools
+sudo_if /usr/local/python/3.9.*/bin/python -m pip uninstall --yes setuptools
+sudo_if /usr/local/python/3.9.*/bin/python -m pip install --user --upgrade --no-cache-dir setuptools
 
 # Enables the oryx tool to generate manifest-dir which is needed for running the postcreate tool
 DEBIAN_FLAVOR="focal-scm"

src/universal/test-project/test.sh

@@ -189,5 +189,11 @@ check-version-ge "wheel-requirement" "${wheel_version}" "0.38.1"
 
 ls -la /home/codespace
 
+setuptools_version_py_current=$(python -c "import setuptools; print(setuptools.__version__)")
+check-version-ge "setuptools-requirement-python_current" "${setuptools_version_py_current}" "65.5.1"
+
+setuptools_version_py_39=$(/usr/local/python/3.9.*/bin/python -c "import setuptools; print(setuptools.__version__)")
+check-version-ge "setuptools-requirement-python_39" "${setuptools_version_py_39}" "65.5.1"
+
 # Report result
 reportResults