WireMock.Net icon indicating copy to clipboard operation
WireMock.Net copied to clipboard
Published 1 month ago verified publisher icon wiremock

Version 2.x (WIP...)

Open StefH opened this issue 4 months ago • 6 comments

Version 2.x only supports:

  • .NET Framework 4.8
  • .NET 8.0

StefH avatar Aug 31 '25 09:08 StefH

Codecov Report

:x: Patch coverage is 73.80282% with 93 lines in your changes missing coverage. Please review. :white_check_mark: Project coverage is 35.22%. Comparing base (b57d5e7) to head (7d6fd35). :warning: Report is 1 commits behind head on master.

Files with missing lines Patch % Lines
...rc/WireMock.Net.Minimal/Owin/WireMockMiddleware.cs 84.25% 37 Missing :warning:
...Mock.Net.Minimal/Owin/GlobalExceptionMiddleware.cs 55.55% 12 Missing :warning:
...ock.Net.Minimal/Owin/Mappers/OwinResponseMapper.cs 50.00% 8 Missing :warning:
...Mock.Net.Minimal/Owin/Mappers/OwinRequestMapper.cs 50.00% 7 Missing :warning:
...Mock.Net.Minimal/Owin/WireMockMiddlewareOptions.cs 45.45% 6 Missing :warning:
...Net.Minimal/Owin/AspNetCoreSelfHost.NETStandard.cs 50.00% 5 Missing :warning:
...rc/WireMock.Net.Minimal/Owin/AspNetCoreSelfHost.cs 78.94% 4 Missing :warning:
...Net.Minimal/Server/WireMockServer.OpenApiParser.cs 55.55% 4 Missing :warning:
src/WireMock.Net.Minimal/Http/HttpClientBuilder.cs 0.00% 3 Missing :warning:
src/WireMock.Net.Minimal/Owin/HostUrlOptions.cs 0.00% 3 Missing :warning:
... and 4 more
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #1359      +/-   ##
==========================================
- Coverage   36.09%   35.22%   -0.88%     
==========================================
  Files         153      166      +13     
  Lines       36931    41599    +4668     
==========================================
+ Hits        13332    14652    +1320     
- Misses      23105    26437    +3332     
- Partials      494      510      +16

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

codecov[bot] avatar Aug 31 '25 09:08 codecov[bot]

@StefH, some feedback:

  1. It will be great to still have support for .NET Framework 4.6.2. It has normal support until Jan 12, 2027. The downside - there is no possibility to update to XUnit.v3. This package is used under OpenTelemetry Contrib repository. And various vendors still needs to offer support for ancient frameworks.
  2. I have executed build locally, there is a lot of NU1902, NU1903, NU1904 warnings. All of them are related to different levels o security vulnerabilities. Part of them affects production dependencies.

Kielek avatar Oct 17 '25 08:10 Kielek

Thanks for your response.

About 1: WireMock.Net is mostly used in unit tests. So how many % of those unit tests project are going to use an older framework like the one you mentioned? I think that supporting older frameworks in a main project and testing this in a unit test project is related but not always 1 to 1....

I will think on this and maybe support that one instead of 4.8

About 2: the question is how critical any security issue is because WireMock is used for testing, not for production code.

StefH avatar Oct 17 '25 14:10 StefH

Thanks for your response.

About 1: WireMock.Net is mostly used in unit tests. So how many % of those unit tests project are going to use an older framework like the one you mentioned? I think that supporting older frameworks in a main project and testing this in a unit test project is related but not always 1 to 1....

I will think on this and maybe support that one instead of 4.8

It will be great. I have had similar discussions about other, testing only library - Verify. After 1,5 year author bringed back support for this old framework. I think that the requestor was .NET team.

About 2: the question is how critical any security issue is because WireMock is used for testing, not for production code.

I think that here are 2 aspects to consider:

.NET SDK 9 for first release switchted settings to (then it was rollbacked, but some project kept it in place). I am not sure what is the current state:

  <PropertyGroup>
    <NuGetAudit>true</NuGetAudit>
    <NuGetAuditMode>all</NuGetAuditMode>
    <NuGetAuditLevel>low</NuGetAuditLevel>
  </PropertyGroup>

With this + treat warnings as errors, which is pretty common, at least in my buble, it leads to the breaking compilation. Usually, there is a possibility to fix such changes basicaly by bumping transitive packages, but it is just inconvinient. IMO it is better to fix such cases centrally,

The second aspect are security scans. I will consider OpenTelemetry as an example. Some end-users/companies making additional source code scans, not only shipped libraries. If we have any known vulnerable dependencies, there are at least yellow flags and we need to explain that the production code is not affected. With this, this project has strict rules to fix all such warnings.

Thanks for maintaining this library, I know that it takes more time than people usually thinks.

Kielek avatar Oct 17 '25 19:10 Kielek

@Kielek I checked your idead about 4.6.2, however that brings back again some if-defs and other classes which I would like to get rid of. So I'll stick with Framework 4.8 and .NET 8

StefH avatar Oct 22 '25 10:10 StefH

That's fine, I think that I will need to create some simplified version of this package tailored to our usecase.

Kielek avatar Oct 22 '25 14:10 Kielek