[BUG] [SECURITY] [CRITICAL] Moq should be replaced with something less parasitic #2923
Comments
|
We use v4.18.4 so we are good. This change has been reverted with this PR: https://github.com/moq/moq/pull/1375 The project maintainer has started a discussion around his intent and possible other ways to accomplish his goals: https://github.com/moq/moq/issues/1374 However, this does point to some potential loss of trust. The Prism team will discuss and decide on what action we should take if any. Also, I don't use my real email with Git 😄 Thank you for raising this important issue. |
|
Thanks, just trying to keep you guys safe. I've been using this library for a while now and try to contribute where I can. |
|
Let's be clear the dependency on Moq even if we used the now unlisted 4.20.0 would not affect Prism users as the dependency is a testing dependency not a dependency which you get because you have a dependency on Prism. |
|
Thanks @dansiegel for clarifying this for users. Perhaps it's something that isn't sufficiently clearly documented in https://github.com/devlooped/SponsorLink? |
Description
You're using a library that spawns git processes and forwards the email addresses it finds in the repositories to the repo owner. Please have a look at the following issue:
https://github.com/moq/moq/issues/1372
Steps to Reproduce
Platform with bug
Prism Core
Affected platforms
iOS, Android, Windows, macOS
Did you find any workaround?
Downloading the project stripping it from All Moq and just skipping the testing until there is a decent replacement.
Relevant log output
No response
The text was updated successfully, but these errors were encountered: