chore: bump major on Pillow, optional dependency

[dpgaspar]

SUMMARY

Bump Pillow optional dependency (used for taking web screenshots) to address several security vulnerabilities: https://www.cvedetails.com/product/27460/Python-Pillow.html?vendor_id=10210

TESTING INSTRUCTIONS

Make sure we are still able to generate thumbnails and reports with charts and dashboards screenshots

ADDITIONAL INFORMATION

• Has associated issue:
• Required feature flags:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

[codecov]

Codecov Report

Merging #17521 (ba02223) into master (bc855f4) will decrease coverage by 0.13%.
The diff coverage is n/a.

❗ Current head ba02223 differs from pull request most recent head 721948e. Consider uploading reports for the commit 721948e to get more accurate results

@@            Coverage Diff             @@
##           master   #17521      +/-   ##
==========================================
- Coverage   76.92%   76.78%   -0.14%     
==========================================
  Files        1048     1048              
  Lines       56514    56509       -5     
  Branches     7805     7805              
==========================================
- Hits        43474    43392      -82     
- Misses      12786    12863      +77     
  Partials      254      254              

Flag	Coverage Δ
hive	?
mysql	81.99% <ø> (ø)
postgres	82.00% <ø> (ø)
python	82.09% <ø> (-0.27%)	⬇️
sqlite	81.68% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...rontend/src/components/Select/DeprecatedSelect.tsx	63.63% <ø> (-1.07%)	⬇️
...end/src/components/Select/WindowedSelect/index.tsx	100.00% <ø> (ø)
superset/config.py	91.53% <ø> (ø)
superset/db_engines/hive.py	0.00% <0.00%> (-85.19%)	⬇️
superset/db_engine_specs/hive.py	70.27% <0.00%> (-16.99%)	⬇️
superset/views/database/mixins.py	81.03% <0.00%> (-1.73%)	⬇️
superset/db_engine_specs/presto.py	83.50% <0.00%> (-0.84%)	⬇️
superset/db_engine_specs/base.py	88.20% <0.00%> (-0.39%)	⬇️
superset/connectors/sqla/models.py	86.79% <0.00%> (-0.23%)	⬇️
superset/utils/core.py	89.64% <0.00%> (-0.12%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update bc855f4...721948e. Read the comment docs.

[villebro]

LGTM with a non-blocking consideration

[villebro]

It appears we're already pinning to >=8.3.1 in the development deps - perhaps we could use the same version here and potentially consider bumping to 8.3.2 which addresses CVE-2021-23437?

superset/requirements/development.in

Line 21 in 0f3b630

pillow>=8.3.1,<9

[dpgaspar]

good point, made the change

[villebro]

LGTM