chore: address python security vulnerabilities

[duartemendes]

Issue #, if available: N.A.

Description of changes: Address urllib3 security vulnerabilities:

1. CVE-2023-43804
2. CVE-2023-45803
3. CVE-2024-37891

By upgrading to Python 3.10, boto3 install urllib3 v2.3.0, which no longer contains vulnerabilities - https://github.com/boto/boto3/blob/99b65dbcbba372f72b9a6b0ac94f5775d40b30b8/requirements-docs.txt#L6.

In addition, Lambda will soon be deprecating Python 3.9 runtime. This PR upgrades Python runtime to 3.10.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[jplock]

Why not go to python3.13 since that's the latest?

[tawoyinfa]

@duartemendes please update to 3.13 and I'd merge the PR once tested. Thanks

[duartemendes]

@jplock, my priority was to address the security vulnerabilities, 3.10 was enough and I was also concerned about breaking changes to 3.13.

Either way, I gave it a go. The problem is that Amazon Linux 2023 doesn't yet have Python 3.13, or even 3.12, so the build fails. I was only able to use up to 3.11:

AL2023 comes pre-installed with Python versions 3.8, 3.9, 3.10, and 3.11.
Source.

Even the pyenv version that comes pre-installed into Amazon Linux 2023 doesn't contain Python 3.13, only up to 3.12.

We can try installing Python 3.13 during the build, but is the added complexity worth it? It seems like one of those situations where we should wait for it to come pre-installed.

You can check the commit I did to test the upgrade, it sits on a separate branch as I wanted to test it first - duartemendes@cd769fa.

Let me know your thoughts @jplock @tawoyinfa

[tawoyinfa]

@duartemendes good shout. lets change it to 3.11 and we can update when build env supports 3.13. Thanks for putting in the work.

[duartemendes]

@tawoyinfa what do we gain by updating to 3.11? Please note that Lambda will be deprecating 3.10 and 3.11 runtimes at the same time - https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtimes-supported

[duartemendes]

@tawoyinfa are we ready to merge this please?

[tawoyinfa]

@duartemendes I am trying to test and merge this but there seem to be an issue with python version and the build environment

[duartemendes]

@tawoyinfa ah right!

The Amplify branch environment variables need to be updated in order to use Amazon Linux 2023 and the commands also need to be adjusted. I added this change on #370 - deployment/template.yml.

I added those changes to #370 rather than #371 because Amazon Linux 2023 is needed in order to use node.js v18 during the build.

If you consider testing #370 first and only then this one, it should work.

[duartemendes]

@tawoyinfa I have updated this branch.

You should no longer have issues with the build environment now that you have already updated the template file (8c40957).