Bump Hangfire from 1.6.21 to 1.7.4

[dependabot-preview]

Bumps Hangfire from 1.6.21 to 1.7.4.

Release notes

Sourced from Hangfire's releases.

1.7.4

Release Notes

Hangfire.Core

• Added – BackgroundJobClient.RetryAttempts property to make job creation resilient to transient exceptions.
• Added – Dashboard localization support in pt-BR (by @​candidodmv).
• Changed – Protect background dispatchers from moving from stopped state to non-stopped one.
• Changed – Unify WaitOne and WaitOneAsync methods with timeout and cancellation token for WaitHandle class.
• Fixed – Don't hide an original fatal exception occurred in dispatchers in some cases.
• Fixed – Dashboard UI to display "await" keyword on all task-like methods.
• Fixed – Display links properly in an informational message on the Servers page in Dashboard UI.
• Fixed – Wait for the heartbeat process before shutting down a server.

Hangfire.SqlServer

• Fixed – Potential deadlocks cause by suboptimal queries when using SlidingInvisibilityTimeout fetching.
• Fixed – Prevent zero delays between fetch retry attempts when lock acquisition failed without blocking.
• Fixed – Specify float precision explicitly for the Score column in the AddToSet method.

1.7.3

Release Notes

This version contains security fixes to prevent possible XSS attacks as described in #1441. They don't relate to user data submitted to Hangfire directly via method arguments, but it's recommended to upgrade anyway. If you are using Hangfire 1.6, please upgrade to version 1.6.26 instead.

Affected Packages

Hangfire.Core ≤ 1.6.25, 1.7.0, 1.7.1, 1.7.2

Affected Platforms

All, including .NET Core, .NET Framework, Mono of any version

Steps to reproduce

public static void Xss()
{
    BackgroundJob.Enqueue(() => Xss2());
}

public static void Xss2()
{
    throw new Exception("<script>alert(1);</script>");
}

Hangfire.Core

• SECURITY – Use HtmlEncode in all remaining places in Dashboard UI to prevent XSS attacks.
• Added – Added Dutch language, and updated missing translation on "Servers" page (by @​r-win).
• Added – Cron.Never method for adding manual recurring jobs that never fire (by @​michaltalaga).
• Fixed – Add missing AddOrUpdate extension methods for the IRecurringJobManager interface.

... (truncated)

Commits

• 9cd09f3 Bump version to 1.7.4 and add release notes
• f734d3f Specify float precision explicitly in the AddToSet method
• c55e0c7 Display links properly in a callout on the Servers page
• 591e8ab Prevent zero delays between fetch retry attempts when lock acquisition failed...
• 5c08eb4 Make background job creation resilient to transient exceptions
• dfee307 Fix Dashboard UI to display "await" keyword on all task-like methods
• b53d30c Unify WaitOne and WaitOneAsync with timeout and cancellation token for WaitHa...
• 1f0a7bc Remove the unnecessary CancellationToken.AsTask extension method
• ac4f579 Remove the unnecessary WaitHandle.AsTask extension method overload
• c586b5c Wait for the heartbeat process before shutting down a server
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[dependabot-preview]

Superseded by #47.