[PR #7820] Bump Moq from 4.17.2 to 4.18.1 #11540

Closed
opened 2026-02-07 06:40:17 +03:00 by OVERLORD · 0 comments
Owner

Original Pull Request: https://github.com/jellyfin/jellyfin/pull/7820

State: closed
Merged: Yes


Bumps Moq from 4.17.2 to 4.18.1.

Changelog

Sourced from Moq's changelog.

4.18.1 (2022-05-16)

Fixed

  • Regression with lazy evaluation of It.Is predicates in setup expressions after updating from 4.13.1 to 4.16.1 (@​b3go, #1217)
  • Regression with SetupProperty where Moq fails to match a property accessor implementation against its definition in an interface (@​Naxemar, #1248)
  • Difference in behavior when mocking async method using .Result vs without (@​cyungmann, #1253)

4.18.0 (2022-05-12)

New major version of DynamicProxy (you may get better performance!), so please update with care.

Changed

Fixed

  • Can't set up "private protected" properties (@​RobSiklos, #1170)
  • Using [...] an old version of System.Net.Http which is vulnerable to "DoS", "Spoofing", "Privilege Escalation", "Authentication Bypass" and "Information Exposure" (@​sidseter, #1219)
  • Failure when invoking a method with by-ref parameter & mockable return type on a mock with CallBase and DefaultValue.Mock configured (@​IanKemp, #1249)
Commits
  • ecd5404 Update version to 4.18.1
  • c969604 Merge pull request #1262 from stakx/bugfix/lazy-setup-expr-evaluation
  • dee0746 Update the changelog
  • 819f315 Optimize capture evaluation during expr comparison
  • 3535d7a Leave quoted exprs unchanged when evaluating captures
  • 37b24ad Add failing test re: lazy evaluation of It.Is predicates
  • 6c7e7a1 Update link to documentation website
  • 6e98431 Move changelog entry to correct release
  • a844d5e Merge pull request #1260 from stakx/bugfix/stubbedpropertysetup-ismatch
  • 7a7a76b Update the changelog
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
**Original Pull Request:** https://github.com/jellyfin/jellyfin/pull/7820 **State:** closed **Merged:** Yes --- Bumps [Moq](https://github.com/moq/moq4) from 4.17.2 to 4.18.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/moq/moq4/blob/main/CHANGELOG.md">Moq's changelog</a>.</em></p> <blockquote> <h2>4.18.1 (2022-05-16)</h2> <h4>Fixed</h4> <ul> <li>Regression with lazy evaluation of <code>It.Is</code> predicates in setup expressions after updating from 4.13.1 to 4.16.1 (<a href="https://github.com/b3go"><code>@​b3go</code></a>, <a href="https://github-redirect.dependabot.com/moq/moq4/issues/1217">#1217</a>)</li> <li>Regression with <code>SetupProperty</code> where Moq fails to match a property accessor implementation against its definition in an interface (<a href="https://github.com/Naxemar"><code>@​Naxemar</code></a>, <a href="https://github-redirect.dependabot.com/moq/moq4/issues/1248">#1248</a>)</li> <li>Difference in behavior when mocking async method using <code>.Result</code> vs without (<a href="https://github.com/cyungmann"><code>@​cyungmann</code></a>, <a href="https://github-redirect.dependabot.com/moq/moq4/issues/1253">#1253</a>)</li> </ul> <h2>4.18.0 (2022-05-12)</h2> <p>New major version of DynamicProxy (you may get better performance!), so please update with care.</p> <h4>Changed</h4> <ul> <li>Update package reference to <code>Castle.Core</code> (DynamicProxy) from version 4.4.1 to 5.0.0 (<a href="https://github.com/stakx"><code>@​stakx</code></a>, <a href="https://github-redirect.dependabot.com/moq/moq4/issues/1257">#1257</a>)</li> <li>Adjusted our target frameworks to match DynamicProxy's (see <a href="https://github-redirect.dependabot.com/castleproject/Core/issues/597">their discussion about which frameworks to target</a>): <ul> <li>minimum .NET Framework version raised from <code>net45</code> to <code>net462</code></li> <li>additional <code>net6.0</code> TFM</li> </ul> </li> </ul> <h4>Fixed</h4> <ul> <li>Can't set up &quot;private protected&quot; properties (<a href="https://github.com/RobSiklos"><code>@​RobSiklos</code></a>, <a href="https://github-redirect.dependabot.com/moq/moq4/issues/1170">#1170</a>)</li> <li>Using [...] an old version of <code>System.Net.Http</code> which is vulnerable to &quot;DoS&quot;, &quot;Spoofing&quot;, &quot;Privilege Escalation&quot;, &quot;Authentication Bypass&quot; and &quot;Information Exposure&quot; (<a href="https://github.com/sidseter"><code>@​sidseter</code></a>, <a href="https://github-redirect.dependabot.com/moq/moq4/issues/1219">#1219</a>)</li> <li>Failure when invoking a method with by-ref parameter &amp; mockable return type on a mock with <code>CallBase</code> and <code>DefaultValue.Mock</code> configured (<a href="https://github.com/IanKemp"><code>@​IanKemp</code></a>, <a href="https://github-redirect.dependabot.com/moq/moq4/issues/1249">#1249</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/moq/moq4/commit/ecd5404093803b5e37e01afd157cc344da49c8cf"><code>ecd5404</code></a> Update version to 4.18.1</li> <li><a href="https://github.com/moq/moq4/commit/c969604f590a2ec64158e0cda6acefc2cd8c6a83"><code>c969604</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/moq/moq4/issues/1262">#1262</a> from stakx/bugfix/lazy-setup-expr-evaluation</li> <li><a href="https://github.com/moq/moq4/commit/dee074665257a9847937581a11dd0ccca0f3eb68"><code>dee0746</code></a> Update the changelog</li> <li><a href="https://github.com/moq/moq4/commit/819f3153f1b7cfa8a5334e5e3199b336baac748d"><code>819f315</code></a> Optimize capture evaluation during expr comparison</li> <li><a href="https://github.com/moq/moq4/commit/3535d7ae08c096c3f50bdcc8b4be901856a2607f"><code>3535d7a</code></a> Leave quoted exprs unchanged when evaluating captures</li> <li><a href="https://github.com/moq/moq4/commit/37b24adba44ababa40102dd7ec687cea38b87ce4"><code>37b24ad</code></a> Add failing test re: lazy evaluation of <code>It.Is</code> predicates</li> <li><a href="https://github.com/moq/moq4/commit/6c7e7a103381b25324be1675a97a533082bce226"><code>6c7e7a1</code></a> Update link to documentation website</li> <li><a href="https://github.com/moq/moq4/commit/6e98431e3bfea43cc21af96afd79dcd9b7ec051b"><code>6e98431</code></a> Move changelog entry to correct release</li> <li><a href="https://github.com/moq/moq4/commit/a844d5ebb1e3c860715025adb5686feb3389e22f"><code>a844d5e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/moq/moq4/issues/1260">#1260</a> from stakx/bugfix/stubbedpropertysetup-ismatch</li> <li><a href="https://github.com/moq/moq4/commit/7a7a76b0a8245b67683873402ec78fe591a0dc75"><code>7a7a76b</code></a> Update the changelog</li> <li>Additional commits viewable in <a href="https://github.com/moq/moq4/compare/v4.17.2...v4.18.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Moq&package-manager=nuget&previous-version=4.17.2&new-version=4.18.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
OVERLORD added the pull-request label 2026-02-07 06:40:17 +03:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/jellyfin#11540