Details
Description
There has been some controversy around the .NET mocking library that we are also using in some of our .NET unit tests: Moq.
In short, a project called "SponsorLink" has been added as a DLL to the NuGet package which sends a hash of the email address of the developer building the project (meaning our unit test projects) to their server. The email address is obtained from the git config. This was done to check whether the developer is already sponsoring the Moq project and nag them otherwise to become a sponsor.
This is of course a privacy issue and probably in violation of the GDPR.
This article contains a longer explanation.
While SponsorLink has already been removed again, the main author stated the intent to bring it back at a later point after finding another way without needing to send hashed email addresses. So, I think we should better switch to a different mocking library, especially since the introduction of SponsorLink was done without much (/any?) advance notification or warning.
We have by the way not been affected by this as we haven't updated Moq in our repository to a version that included SponsorLink.
I suggest that we migrate to NSubstitute which is another big mocking library with an even easier to use API (at least in my opinion) and very similar capabilities.