To avoid the HtmlUnit vulnerability, we currently exclude the entire Selenium and Fluentlenium artifacts using excludeDependencies in sbt. We don’t actively use them anyway. However, play.api.test.Helpers depends on them indirectly via its mixin of PlayRunners.
As a result, even if we only want to use lightweight utilities like call() or status() from play.api.test.Helpers, just importing Helpers leads to a runtime exception because Selenium is missing from the classpath.
This exception is expected given our excludeDependencies configuration, but it highlights a usability problem: developers who don’t use Selenium in their tests still end up tied to it.
It is possible to use each mixin trait separately, but importing them via Helpers is often much more convenient — which is presumably why the Helpers object exists in the first place.
Even aside from the vulnerability, including Selenium and Fluentlenium brings in around 40 additional dependencies, which is unnecessary for projects that only need the basic testing utilities.
I think it is the best to separate the Selenium dependency into its own artifact, such as play-test-selenium, but just separating them from play.api.test.Helpers would be great.
To avoid the HtmlUnit vulnerability, we currently exclude the entire Selenium and Fluentlenium artifacts using excludeDependencies in sbt. We don’t actively use them anyway. However, play.api.test.Helpers depends on them indirectly via its mixin of PlayRunners.
As a result, even if we only want to use lightweight utilities like call() or status() from play.api.test.Helpers, just importing Helpers leads to a runtime exception because Selenium is missing from the classpath.
This exception is expected given our excludeDependencies configuration, but it highlights a usability problem: developers who don’t use Selenium in their tests still end up tied to it.
It is possible to use each mixin trait separately, but importing them via Helpers is often much more convenient — which is presumably why the Helpers object exists in the first place.
Even aside from the vulnerability, including Selenium and Fluentlenium brings in around 40 additional dependencies, which is unnecessary for projects that only need the basic testing utilities.
I think it is the best to separate the Selenium dependency into its own artifact, such as play-test-selenium, but just separating them from play.api.test.Helpers would be great.