Play Framework core dependency management/exclusion

Question

We are using play 2.1.1 (scala) and in some efforts to tie down our dependencies, have found there are several older deps being loaded in directly by the play framework.

specifically, the oauth.signpost brings in http-components 4.0 ( and in turn commons-codec 1.3 ) whereas we have other dependencies on http-componts 4.1 and commons-codec 1.6

the documentation seems pretty sparse in this area - at least in the older play 1.2.x the dependencies.yml was somewhat more explicit, but i cant find any references for the current 2.1.x release.

i'd hate to have to futz with the framework's Build.scala in ${PLAY2_HOME}/framework/project to remove the dependency ( we will never need oauth.signpost in this particular app ), but so far this seems like the only way.

any pointers?

(edit: i also came across this: Play Framework 2.1 Remove a core dependency which is related to a specific transitive dependency, what i'd prefer to be able to do is remove the whole explicit dependency from the core framework )

Answer 1

thanks @nico_ekito!

you've set me in the right direction, by declaring explicit excludes for the play version itself, i've been able to remove the core framework dependency:

val appDependencies = Seq(
  // play framework drags in quite a few deps we dont need. this is how we pare it back.
  ("play" %    "play_2.10" %   "2.1.1")
     .exclude("oauth.signpost", "signpost-core")
     .exclude("oauth.signpost","signpost-commonshttp4"),

  "com.github.tototoshi" %% "scala-csv" % "0.7.0",
  "se.radley" %% "play-plugins-salat" % "1.2",
  "org.specs2" %% "specs2" % "1.14" % "test"
)