chore: Bump Pillow to 9.3.0

[EugeneTorap]

SUMMARY

Fix #22235 to resolve next CVE:

upgrade Pillow to 9.3.0 to resolve GHSA-hr8g-f6r6-mr22, GHSA-m2vv-5vj5-2hm7, GHSA-q4mp-jvh2-76fj

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

• Has associated issue:
• Required feature flags:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

[codecov]

Codecov Report

Merging #22489 (40434a2) into master (630c129) will decrease coverage by 0.01%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master   #22489      +/-   ##
==========================================
- Coverage   66.90%   66.88%   -0.02%     
==========================================
  Files        1851     1851              
  Lines       70696    70696              
  Branches     7764     7764              
==========================================
- Hits        47299    47288      -11     
- Misses      21375    21386      +11     
  Partials     2022     2022              

Flag	Coverage Δ
hive	52.46% <ø> (ø)
mysql	?
postgres	78.04% <ø> (ø)
presto	52.36% <ø> (ø)
python	81.21% <ø> (-0.04%)	⬇️
sqlite	76.51% <ø> (ø)
unit	51.14% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
superset/common/utils/dataframe_utils.py	90.47% <0.00%> (-4.77%)	⬇️
superset/db_engine_specs/mysql.py	94.04% <0.00%> (-4.77%)	⬇️
superset/models/core.py	89.81% <0.00%> (-0.70%)	⬇️
superset/views/core.py	74.75% <0.00%> (-0.23%)	⬇️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[villebro]

LGTM

[codyml]

@codyml Can you see my #22489 PR and check failed cypress CI?

@EugeneTorap Is it possible it's related to this PR (cc: @villebro)? It looks like it changed some permissions for examples, and while CI shows up as green in GitHub when I click through to the Cypress run it looks like E2E failed with the same issues.

[villebro]

@codyml Can you see my #22489 PR and check failed cypress CI?

@EugeneTorap Is it possible it's related to this PR (cc: @villebro)? It looks like it changed some permissions for examples, and while CI shows up as green in GitHub when I click through to the Cypress run it looks like E2E failed with the same issues.

@codyml thanks for investigating this. This seems to be quite the accumulation of problems.. I can work on fixing/improving those tests, but in the short term I think we should disable them, as they're testing something that's assumed to be incorrect behavior right now; the examples should not be created by the Admin user, otherwise the welcome page is incorrect. Also, it's weird that those tests were passing on CI if my PR broke them..

[codyml]

@villebro That all makes sense! I actually couldn't even tell that it was triggered by your PR when running locally at first because the Docker test setup names the admin user "Superset Admin" instead of "admin user" which caused a different fail 😪 skipping them for now sounds fine to me. No idea why the Cypress fail is showing up as green either! I think there are several tests that rely on database content that the tests themselves don't ensure is present before running – do you think at some point it would make sense to rewrite tests so they all input their own required content individually rather than relying on a pre-seeded database? Or at least do an audit to make sure that any mutations are reset at the end of the specs that do the mutations? On the other hand, I remember E2E catching issues for me that didn't break any tests directly but did mess with the database enough that it caused unrelated tests to fail, so making them more independent could decrease coverage...

[villebro]

Hotfix to unblock master branch: #22512