Flow-Launcher / Flow.Launcher

:mag: Quick file search & app launcher for Windows with community-made plugins
https://flowlauncher.com
MIT License
8.32k stars 318 forks source link

Proposal for an Alternative to Moq Library #2277

Open KrystianLesniak opened 1 year ago

KrystianLesniak commented 1 year ago

Dear Flow Launcher Team,

I hope this message finds you well. I am writing to discuss a concern regarding the recent behavior of the Moq library, specifically starting from version 4.20. It has come to our attention that this library has exhibited behavior resembling that of malware, sending unauthorized emails from Git to cloud services. As Flow Launcher project currently utilizes version 4.18.4, which is considered safe, I recommend refraining from updating to the problematic versions.

In light of this situation, I would like to propose the exploration of alternative mocking libraries for Flow Launcher project. Given the critical role of mocking in testing and development processes, it is imperative to maintain a high level of security and reliability.

More information: https://github.com/moq/moq/issues/1370 https://github.com/moq/moq/issues/1372 https://www.reddit.com/r/dotnet/comments/15ljdcc/does_moq_in_its_latest_version_extract_and_send/

jjw24 commented 1 year ago

Thank you for bringing this to our attention. We will look to remove Moq from flow.

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 5 days.

GabrielRavier commented 1 year ago

So what has happened w.r.t. Moq since then ?

jjw24 commented 1 year ago

Current version we are using is safe, we disabled auto-update on this dependency and will remove/replace it in the future.

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 5 days.