Droping the use of Moq in the test cases of the project #1457
Comments
yang-xiaodong
added a commit
that referenced
this issue
Dec 14, 2023
|
Thank you for your feedback. In fact, there is no code using Moq in the project. It may have been introduced sometime in the past. |
|
There was Moq in the Tests. DotNetCore.Cap.Test for example has PackageReference Include="Moq" Version="4.20.69" . The vulnerability consists of posting the email of the person who builds the test project. The project is safe from that but contributors that build and run the test locally are not. Checked the test and is not used but still installed as a package. I don't know exactly what would happen in this case but better remove it entirely. |
|
Moq unused reference is removed from test projects in version 8.0.0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a suggestion regarding the use of Moq as a security and privacy issue.
Moq has lost its trust because of some "spyware" code introduced in version 4.20. Even if that code might be removed from moq it still lost its trust and better use alternatives like NSubstitute. Take a look at this issue in Moq devlooped/moq#1372
This is for the best of all and especially for contributors.
The text was updated successfully, but these errors were encountered: