[rhoai-2.25] [RHAIENG-2893] CVE-2026-0897: Update keras to 3.13.2 for CVE mitigation

[mtchoum1]

Description

• Bump keras override to 3.13.2 in TensorFlow runtime and workbench configs to address the CVE
• Regenerate lockfiles

How Has This Been Tested?

• The image was built for the ARM64 architecture using: gmake BUILD_ARCH=linux/arm64 cuda-jupyter-tensorflow-ubi9-python-3.12 -e IMAGE_REGISTRY="quay.io/mtchoumi-aaet/workbench-images"
• Security Verification: Confirmed via Quay Security Scan that the vulnerabilities related to Keras is no longer present
  Self checklist (all need to be checked):
• Ensure that you have run make test (gmake on macOS) before asking for review
• Changes to everything except Dockerfile.konflux files should be done in odh/notebooks and automatically synced to rhds/notebooks. For Konflux-specific changes, modify Dockerfile.konflux files directly in rhds/notebooks as these require special attention in the downstream repository and flow to the upcoming RHOAI release.

Merge criteria:

• The commits are squashed in a cohesive manner and have meaningful messages.
• Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
• The developer has manually tested the changes and verified that the changes work

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign daniellutz for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment