chore: Upgrade to Pillow 10.0.1

[Dosenpfand]

Description

Pillow < 10.0.1 is affected by CVE-2023-4863, see https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html .

ADDITIONAL INFORMATION

• Has associated issue:
• Is CRUD MVC related.
• Is Auth, RBAC security related.
• Changes the security db schema.
• Introduces new feature
• Removes existing feature

[codecov]

Codecov Report

Attention: 2 lines in your changes are missing coverage. Please review.

Comparison is base (6f00efc) 79.71% compared to head (a312b6a) 79.31%.
Report is 2 commits behind head on master.

❗ Current head a312b6a differs from pull request most recent head c67b9b1. Consider uploading reports for the commit c67b9b1 to get more accurate results

Files	Patch %	Lines
flask_appbuilder/filemanager.py	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2136      +/-   ##
==========================================
- Coverage   79.71%   79.31%   -0.40%     
==========================================
  Files          72       72              
  Lines        8990     8974      -16     
==========================================
- Hits         7166     7118      -48     
- Misses       1824     1856      +32     

Flag	Coverage Δ
python	79.31% <0.00%> (-0.40%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Dosenpfand]

The reason for the failed CI runs is that Pillow >=10.0 only supports Python >= 3.8 but these CIs use Python 3.7.
What to do here? Keep using a vulnerable and unmaintained version of Pillow, clearly seems like not a solution.

[dpgaspar]

The reason for the failed CI runs is that Pillow >=10.0 only supports Python >= 3.8 but these CIs use Python 3.7. What to do here? Keep using a vulnerable and unmaintained version of Pillow, clearly seems like not a solution.

True, python 3.7 has reached it's EOL, so it's time to drop it and support 3.11

[Dosenpfand]

True, python 3.7 has reached it's EOL, so it's time to drop it and support 3.11

Good point. I opened #2147 to do just that.

[dpgaspar]

Thank you once more for #2147, let's bring this one in also

[dpgaspar]

heighth -> height

[Dosenpfand]

Fixed.

[dpgaspar]

Looks good to me after the conflict is fixed

[Dosenpfand]

@dpgaspar Conflicht should be fixed now.