Merge pull request #1543 from guardian/snyk-vulnerabilities

Resolve Snyk vulnerabilities

app/Components.scala

@@ -84,7 +84,7 @@ class AppComponents(context: Context, val config: ApplicationConfiguration)
   val cloudwatch = new CloudWatch(config, awsEndpoints)
   val press = new Press(faciaPress)
   val assetsManager = new AssetsManager(config, isDev)
-  override lazy val httpErrorHandler = new LoggingHttpErrorHandler(environment, configuration, sourceMapper, Some(router))
+  override lazy val httpErrorHandler = new LoggingHttpErrorHandler(environment, configuration, devContext.map(_.sourceMapper), Some(router))
 
 //  Controllers
   val editions = new EditionsController(editionsDb, templating, editionsPublishing, capi, this)

app/Loader.scala

@@ -19,12 +19,12 @@ class Loader extends ApplicationLoader {
 
     val playConfig = context.initialConfiguration
     // Override the initial configuration from play to allow play evoltions to work with RDS IAM
-    val configWithPassword = playConfig ++ Configuration.from(
+    val configWithPassword = Configuration.from(
       Map(
         "db.default.url" ->   config.postgres.url,
         "db.default.password" ->  config.postgres.password
       )
-    )
+    ).withFallback(playConfig)
 
     val components = new AppComponents(context.copy(initialConfiguration = configWithPassword), config)
 
@@ -37,7 +37,7 @@ class Loader extends ApplicationLoader {
       region = components.config.aws.region
     ), components.actorSystem.scheduler)
 
-    components.actorSystem.scheduler.schedule(initialDelay = 1.seconds, interval = 1.minute) { components.configAgent.refresh() }
+    components.actorSystem.scheduler.scheduleWithFixedDelay(initialDelay = 1.seconds, delay = 1.minute) { () => components.configAgent.refresh() }
 
     new CloudWatchApplicationMetrics(
       components.config.environment.applicationName,

app/metrics/FrontendMetrics.scala

@@ -2,12 +2,9 @@ package metrics
 
 import java.util.concurrent.atomic.AtomicLong
 
-import akka.agent.Agent
 import com.amazonaws.services.cloudwatch.model.StandardUnit
 import org.joda.time.DateTime
 
-import scala.concurrent.ExecutionContext.Implicits.global
-import scala.concurrent.Future
 import scala.util.Try
 
 sealed trait DataPoint {
@@ -64,25 +61,3 @@ case class CountMetric(name: String, description: String) extends FrontendMetric
   def increment(): Unit = record()
   def isEmpty: Boolean = count.get() == 0L
 }
-
-case class DurationMetric(name: String, metricUnit: StandardUnit) extends FrontendMetric {
-
-  private val dataPoints: Agent[List[DataPoint]] = Agent(List[DurationDataPoint]())
-
-  def getDataPoints: List[DataPoint] = dataPoints.get()
-
-  def getDataFuture: Future[List[DataPoint]] = dataPoints.future()
-
-  def getAndResetDataPoints: List[DataPoint] = {
-    val points = dataPoints.get()
-    dataPoints.alter(_.diff(points))
-    points
-  }
-
-  def putDataPoints(points: List[DataPoint]): Unit = dataPoints.alter(points ::: _)
-
-  def record(dataPoint: DurationDataPoint): Unit = dataPoints.alter(dataPoint :: _)
-
-  def recordDuration(timeInMillis: Long): Unit = record(DurationDataPoint(timeInMillis, Option(DateTime.now)))
-  def isEmpty: Boolean = dataPoints.get().isEmpty
-}

app/metrics/metrics.scala

@@ -165,5 +165,5 @@ class CloudWatchApplicationMetrics(appName: String, stage: String, cloudWatch: C
   }
 
   logger.info("Starting cloudwatch metrics")
-  scheduler.schedule(initialDelay = 1.seconds, interval = 1.minute) { report() }
+  scheduler.scheduleWithFixedDelay(initialDelay = 1.seconds, delay = 1.minute) { () => report() }
 }

app/services/AssetsManager.scala

@@ -25,7 +25,7 @@ class AssetsManager(config: ApplicationConfiguration, isDev: Boolean) {
 
   private def readFromPath(path: String): Bundles = {
     val assetsMapSource = Source.fromResource(path)
-    val maybeJson = try { Json.parse(assetsMapSource.mkString) }
+    val maybeJson = Json.parse(assetsMapSource.mkString)
     maybeJson.validate[Bundles] match {
       case e: JsError => throw new InvalidAssetsException(s"JSON in $path does not match a valid Bundles")
       case json: JsSuccess[Bundles] => json.getOrElse(throw new InvalidAssetsException(s"Invalid JSON Bundle in $path"))

app/services/ConfigAgent.scala

@@ -1,11 +1,10 @@
 package services
 
-import akka.agent.Agent
+import java.util.concurrent.atomic.AtomicReference
 import com.gu.facia.api.models.CollectionConfig
-import com.gu.facia.client.models.{FrontJson, ConfigJson => Config}
+import com.gu.facia.client.models.{ConfigJson => Config}
 import conf.ApplicationConfiguration
 import logging.Logging
-import permissions.{EditionsPermission, PermissionsPriority}
 
 import scala.concurrent.ExecutionContext.Implicits.global
 import scala.concurrent.Future
@@ -14,8 +13,8 @@ import scala.util.{Failure, Success}
 case class CollectionConfigWithId(id: String, config: CollectionConfig)
 
 class ConfigAgent(val config: ApplicationConfiguration, val frontsApi: FrontsApi) extends Logging {
-  private lazy val configAgent = Agent[Option[Config]](None)
 
+  private val configAgent: AtomicReference[Option[Config]] = new AtomicReference(None)
   def get = configAgent.get()
 
   def refresh() = {
@@ -24,16 +23,16 @@ class ConfigAgent(val config: ApplicationConfiguration, val frontsApi: FrontsApi
       case Success(config) => logger.info(s"Successfully got config")
       case Failure(t) => logger.error(s"Getting config failed with $t", t)
     }
-    futureConfig.map(Option.apply).map(configAgent.send)
+    futureConfig.map(Option.apply).map(configAgent.set)
   }
 
   def refreshWith(config: Config): Unit = {
-    configAgent.send(Option(config))
+    configAgent.set(Option(config))
   }
 
   def refreshAndReturn(): Future[Option[Config]] =
     frontsApi.amazonClient.config
-      .flatMap(config => configAgent.alter{_ => Option(config)})
+      .map { config => configAgent.set(Option(config)); Option(config) }
       .recover{case err =>
         logger.warn("Falling back to current ConfigAgent contents on refreshAndReturn", err)
         configAgent.get()}

app/switchboard/Switchboard.scala

@@ -19,8 +19,8 @@ class Lifecycle(conf: SwitchboardConfiguration, scheduler: Scheduler) extends Lo
   lazy val client: S3client = new S3client(conf, conf.endpoint)
 
   logger.info("Starting switchboard cache")
-  scheduler.schedule(0.seconds, 1.minute) { refreshSwitches() }
-  scheduler.scheduleOnce(1.seconds) { refreshSwitches() }
+  scheduler.scheduleWithFixedDelay(0.seconds, 1.minute) { () => refreshSwitches() }
+  scheduler.scheduleWithFixedDelay(0.seconds, 1.seconds) { () => refreshSwitches() }
 
   def refreshSwitches(): Unit = {
     logger.info("Refreshing switches from switchboard")

build.sbt

@@ -12,7 +12,6 @@ ThisBuild / scalaVersion := "2.13.5"
 
 import com.gu.riffraff.artifact.BuildInfo
 import sbt.Resolver
-import sbt.io.Path._
 
 debianPackageDependencies := Seq("openjdk-8-jre-headless")
 
@@ -78,7 +77,6 @@ libraryDependencies ++= Seq(
     filters,
     evolutions,
     jdbc,
-    "com.typesafe.akka" %% "akka-agent" % "2.5.23",
     "com.amazonaws" % "aws-java-sdk-rds" % awsVersion,
     "com.amazonaws" % "aws-java-sdk-core" % awsVersion,
     "com.amazonaws" % "aws-java-sdk-cloudwatch" % awsVersion,
@@ -108,7 +106,7 @@ libraryDependencies ++= Seq(
     "com.typesafe.play" %% "play-json-joda" % "2.9.2",
     "ai.x" %% "play-json-extensions" % "0.40.2",
 
-    "org.postgresql"           %  "postgresql"                   % "42.2.5",
+    "org.postgresql"           %  "postgresql"                   % "42.3.7",
     "org.scalikejdbc"          %% "scalikejdbc"                  % "3.3.5",
     "org.scalikejdbc"          %% "scalikejdbc-config"           % "3.3.5",
     "org.scalikejdbc"          %% "scalikejdbc-play-initializer" % "2.8.0-scalikejdbc-3.5",
@@ -121,7 +119,7 @@ libraryDependencies ++= Seq(
     "com.beachape" %% "enumeratum-play" % enumeratumPlayVersion,
     "com.typesafe.play" %% "play" % "2.8.2",
 
-    "org.apache.commons" % "commons-text" % "1.9",
+    "org.apache.commons" % "commons-text" % "1.10.0",
     "com.beust" % "jcommander" % "1.75",
 
     "org.scalatest" %% "scalatest" % "3.0.8" % "test",