[
https://issues.apache.org/jira/browse/TINKERPOP-2984?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17781738#comment-17781738
]
ASF GitHub Bot commented on TINKERPOP-2984:
-------------------------------------------
codecov-commenter commented on PR #2319:
URL: https://github.com/apache/tinkerpop/pull/2319#issuecomment-1788986149
##
[Codecov](https://app.codecov.io/gh/apache/tinkerpop/pull/2319?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache)
Report
> Merging
[#2319](https://app.codecov.io/gh/apache/tinkerpop/pull/2319?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache)
(e668790) into
[3.5-dev](https://app.codecov.io/gh/apache/tinkerpop/commit/861455d0ca9a0cda57c60f3dc6947fb42d551bf8?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache)
(861455d) will **not change** coverage.
> The diff coverage is `n/a`.
```diff
@@ Coverage Diff @@
## 3.5-dev #2319 +/- ##
========================================
Coverage 69.93% 69.93%
========================================
Files 24 24
Lines 3449 3449
========================================
Hits 2412 2412
Misses 860 860
Partials 177 177
```
:mega: We’re building smart automated test selection to slash your CI/CD
build times. [Learn
more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache)
> Replace Moq mocking library in .NET tests
> -----------------------------------------
>
> Key: TINKERPOP-2984
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2984
> Project: TinkerPop
> Issue Type: Improvement
> Components: dotnet
> Affects Versions: 3.7.0, 3.5.7, 3.6.5
> Reporter: Florian Hockmann
> Assignee: Florian Hockmann
> Priority: Major
>
> There has been some controversy around the .NET mocking library that we are
> also using in some of our .NET unit tests: Moq.
> In short, a project called "SponsorLink" has been added as a DLL to the NuGet
> package which sends a hash of the email address of the developer building the
> project (meaning our unit test projects) to their server. The email address
> is obtained from the git config. This was done to check whether the developer
> is already sponsoring the Moq project and nag them otherwise to become a
> sponsor.
> This is of course a privacy issue and probably in violation of the GDPR.
> [This
> article|https://www.bleepingcomputer.com/news/security/popular-open-source-project-moq-criticized-for-quietly-collecting-data/]
> contains a longer explanation.
> While SponsorLink has already been removed again, the main author stated the
> intent to bring it back at a later point after finding another way without
> needing to send hashed email addresses. So, I think we should better switch
> to a different mocking library, especially since the introduction of
> SponsorLink was done without much (/any?) advance notification or warning.
> We have by the way not been affected by this as we haven't updated Moq in our
> repository to a version that included SponsorLink.
> I suggest that we migrate to [NSubstitute|https://nsubstitute.github.io/]
> which is another big mocking library with an even easier to use API (at least
> in my opinion) and very similar capabilities.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
