-
Notifications
You must be signed in to change notification settings - Fork 102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature Request] Long-term Moq strategy #1683
Comments
This issue has been marked as ready for team triage; we will triage it in our weekly review and update the issue. Thank you for contributing to Accessibility Insights! |
We want to wait and see what happens with the broader community on this |
I have worked with Moq, NSubstitute and FakeItEasy over the years and I have to say that I prefer FakeItEasy by far. Also, not only was the Moq fiasco legally dubious, but they even used their versions for memeing (v4.20 instead of v4.19, v4.20.69). |
This applies to both Accessibility Insights for Windows and Axe.Windows, filing here for tracking of both.
Is your feature request related to a problem? Please describe.
Since 4.20.x, Moq has introduced a privacy vulnerability that improperly handles user data, see moq/moq#1372. In #1677 and microsoft/axe-windows#963, @madalynrose pinned our Moq version to 4.18.4.
Describe the solution you'd like
We should consider switching to an alternative unit testing library such as NSubstitute or a community backed Moq fork when or if one emerges. If we choose NSubstitute, we might be able to automate part of the migration. It might make sense to do such a migration in stages, similar to microsoft/accessibility-insights-web#2869.
Describe alternatives you've considered
Continue to use Moq 4.18 indefinitely, with an understanding that we will likely be unable to take any updates to the library going forward.
The text was updated successfully, but these errors were encountered: