pillow - Buffer Overflow

chore: Fixes [CVE-2024-28219](https://www.cve.org/CVERecord?id=CVE-2024-28219)

Signed-off-by: Spolti <fspolti@redhat.com>

docs/samples/explanation/alibi/alibiexplainer/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "alibiexplainer"
-version = "0.12.1"
+version = "0.13.0rc0"
 description = "Model Explanation Server. Not intended for use outside KServe Frameworks Images."
 authors = ["cliveseldon <cc@seldon.io>"]
 license = "https://github.com/kserve/kserve/blob/master/LICENSE"
@@ -11,7 +11,7 @@ packages = [
 
 [tool.poetry.dependencies]
 python = ">=3.8,<3.12"
-kserve = { path = "../kserve", extras = ["storage"], develop = true }
+kserve = { path = "../../../../../python/kserve", extras = ["storage"], develop = true }
 alibi = { version = "^0.9.4", extras = ["shap", "tensorflow"] } # From 0.9.5 alibi uses BSL license
 tensorflow = ">=2.12.0,<2.14"  # the range that supports python 3.8 -- 3.11
 dill = "^0.3.6"
@@ -26,7 +26,7 @@ optional = true
 pytest = "^7.2.0"
 pytest-cov = "^4.0.0"
 mypy = "^0.991"
-sklearnserver = { path = "../sklearnserver", develop = true }
+sklearnserver = { path = "../../../../../python/sklearnserver", develop = true }
 
 [tool.poetry.group.dev]
 optional = true
@@ -36,7 +36,7 @@ black = { version = "~24.3.0", extras = ["colorama"] }
 
 [tool.poetry-version-plugin]
 source = "file"
-file_path = "../VERSION"
+file_path = "../../../../../python/VERSION"
 
 [build-system]
 requires = ["poetry-core>=1.0.0"]

hack/generate-licenses.sh

@@ -12,7 +12,7 @@ mv license.txt third_party/library/license_go.txt
 
 ## Generate a Python License
 # See https://github.com/kubeflow/testing/blob/master/py/kubeflow/testing/python-license-tools/README.md
-pipenv install -e python/alibiexplainer python/kfserving python/sklearnserver python/xgbserver
+pipenv install -e python/kfserving python/sklearnserver python/xgbserver
 python ../testing/py/kubeflow/testing/python-license-tools/pipfile_to_github_repo.py
 # See https://github.com/kubeflow/testing/blob/master/py/kubeflow/testing/go-license-tools/README.md
 python ../testing/py/kubeflow/testing/go-license-tools/get_github_license_info.py --github-api-token-file ~/.github_api_token

python/artexplainer/pyproject.toml

@@ -14,7 +14,9 @@ python = ">=3.9,<3.12"
 kserve = {path = "../kserve", develop = true}
 adversarial-robustness-toolbox = {version = "^1.10.3", extras = ["keras"]}
 nest-asyncio = "^1.4.0"
-pillow = "^10.2.0"
+pillow = "^10.3.0"
+# pin to avoid https://github.com/kserve/kserve/actions/runs/8990775750/job/24696874468?pr=3598
+h5py = "3.10.0"
 
 [tool.poetry.group.test]
 optional = true

python/custom_model/pyproject.toml

@@ -13,7 +13,7 @@ python = ">=3.9,<3.12"
 kserve = {path = "../kserve", develop = true}
 torchvision = {version = "0.15.1+cpu", source = "pytorch"}
 torch = {version = "2.0.0", source = "pytorch"}
-pillow = "^10.2.0"
+pillow = "^10.3.0"
 
 
 [[tool.poetry.source]]

python/custom_transformer/pyproject.toml

@@ -13,7 +13,7 @@ python = ">=3.9,<3.12"
 kserve = {path = "../kserve", develop = true}
 torchvision = {version = "0.15.1+cpu", source = "pytorch"}
 torch = {version = "2.0.0+cpu", source = "pytorch"}
-pillow = "^10.2.0"
+pillow = "^10.3.0"
 
 
 [[tool.poetry.source]]