Bump Hangfire from 1.6.21 to 1.7.5

[dependabot-preview]

Bumps Hangfire from 1.6.21 to 1.7.5.

Release notes

Sourced from Hangfire's releases.

1.7.5

Release Notes

Hangfire.Core

• Fixed – Show error message when there's an error loading the statistics in Dashboard UI (PR #1242 by @​prochnowc).
• Fixed – Properly handle recurring jobs with null or empty 'Job' field.
• Fixed – Disable recurring job when we can't schedule it due to an error.
• Fixed – Use LazyThreadSafetyMode.PublicationOnly to avoid caching "JobStorage.Current is null" exceptions.

Hangfire.AspNetCore & Hangfire.NetCore

• Fixed – Add missing overload for the AddHangfireServer method with "options" action.

1.7.4

Release Notes

Hangfire.Core

• Added – BackgroundJobClient.RetryAttempts property to make job creation resilient to transient exceptions.
• Added – Dashboard localization support in pt-BR (by @​candidodmv).
• Changed – Protect background dispatchers from moving from stopped state to non-stopped one.
• Changed – Unify WaitOne and WaitOneAsync methods with timeout and cancellation token for WaitHandle class.
• Fixed – Don't hide an original fatal exception occurred in dispatchers in some cases.
• Fixed – Dashboard UI to display "await" keyword on all task-like methods.
• Fixed – Display links properly in an informational message on the Servers page in Dashboard UI.
• Fixed – Wait for the heartbeat process before shutting down a server.

Hangfire.SqlServer

• Fixed – Potential deadlocks cause by suboptimal queries when using SlidingInvisibilityTimeout fetching.
• Fixed – Prevent zero delays between fetch retry attempts when lock acquisition failed without blocking.
• Fixed – Specify float precision explicitly for the Score column in the AddToSet method.

1.7.3

Release Notes

This version contains security fixes to prevent possible XSS attacks as described in #1441. They don't relate to user data submitted to Hangfire directly via method arguments, but it's recommended to upgrade anyway. If you are using Hangfire 1.6, please upgrade to version 1.6.26 instead.

Affected Packages

Hangfire.Core ≤ 1.6.25, 1.7.0, 1.7.1, 1.7.2

Affected Platforms

All, including .NET Core, .NET Framework, Mono of any version

Steps to reproduce

public static void Xss()
{
    BackgroundJob.Enqueue(() => Xss2());
</tr></table> ... (truncated)

Commits

• a07ad0b Bump version to 1.7.5 and add release notes
• 499f096 Show error message when there's an error loading the statistics
• 8168da5 Move CreateBackgroundJobServerHostedService method to netstandard2.0 region
• c511557 Add an overload for AddHangfireServer with options action
• 4fd4e72 Properly handle recurring jobs with null or empty 'Job' field
• 714f0e7 Add more diagnostics to the WaitOneAsync_WaitsAndReturnsFalse_WhenNotSignaled...
• 71b166c Disable recurring job when we can't schedule it due to an error
• 9669164 Use LazyThreadSafetyMode.PublicationOnly to avoid caching JobStorage.Current ...
• 6767c6a Revert "Don't cache BackgroundJobClient instance in a static field of the Bac...
• 5cb5320 Don't cache BackgroundJobClient instance in a static field of the BackgroundJ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it). To ignore the version in this PR you can just close it
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[dependabot-preview]

Superseded by #48.