Skip to content

Bump Quartz and 2 others#37

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/nuget/quartz-0f9936aa24
Closed

Bump Quartz and 2 others#37
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/nuget/quartz-0f9936aa24

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026

Copy link
Copy Markdown
Contributor

Pinned Quartz at 3.18.1.

Release notes

Sourced from Quartz's releases.

3.18.1

Quartz.NET 3.18.1 is a maintenance release that addresses a timezone-related bug, security advisories on transitive dependencies, and an issue that prevented the new Redis distributed-lock package from publishing to nuget.org.

Highlights

  • Fix GetTimeBefore for positive-offset timezonesCronExpression.GetTimeBefore could throw ArgumentOutOfRangeException for cron expressions evaluated against timezones with positive UTC offsets (e.g. Europe/Helsinki, Asia/Tokyo). Backported from main.
  • Redis package renamed to Quartz.Extensions.Redis — the original Quartz.Redis package id from 3.18.0 collided with an unrelated v1.0.0 already on nuget.org and could not be published. The 3.18.0 release was shipped with IsPackable=false as a workaround; 3.18.1 picks the umbrella id Quartz.Extensions.Redis (matching Quartz.Extensions.DependencyInjection / Quartz.Extensions.Hosting) and re-enables publication. There are no consumers to migrate — the original id was never on nuget.org.
  • Vulnerable transitive dependency bumps — addresses moderate advisories that were blocking restore on the 3.x CI pipeline.

What's Changed

Full Changelog: quartznet/quartznet@v3.18.0...v3.18.1

Commits viewable in compare view.

Pinned Quartz.Extensions.DependencyInjection at 3.18.1.

Release notes

Sourced from Quartz.Extensions.DependencyInjection's releases.

3.18.1

Quartz.NET 3.18.1 is a maintenance release that addresses a timezone-related bug, security advisories on transitive dependencies, and an issue that prevented the new Redis distributed-lock package from publishing to nuget.org.

Highlights

  • Fix GetTimeBefore for positive-offset timezonesCronExpression.GetTimeBefore could throw ArgumentOutOfRangeException for cron expressions evaluated against timezones with positive UTC offsets (e.g. Europe/Helsinki, Asia/Tokyo). Backported from main.
  • Redis package renamed to Quartz.Extensions.Redis — the original Quartz.Redis package id from 3.18.0 collided with an unrelated v1.0.0 already on nuget.org and could not be published. The 3.18.0 release was shipped with IsPackable=false as a workaround; 3.18.1 picks the umbrella id Quartz.Extensions.Redis (matching Quartz.Extensions.DependencyInjection / Quartz.Extensions.Hosting) and re-enables publication. There are no consumers to migrate — the original id was never on nuget.org.
  • Vulnerable transitive dependency bumps — addresses moderate advisories that were blocking restore on the 3.x CI pipeline.

What's Changed

Full Changelog: quartznet/quartznet@v3.18.0...v3.18.1

Commits viewable in compare view.

Pinned Quartz.Extensions.Hosting at 3.18.1.

Release notes

Sourced from Quartz.Extensions.Hosting's releases.

3.18.1

Quartz.NET 3.18.1 is a maintenance release that addresses a timezone-related bug, security advisories on transitive dependencies, and an issue that prevented the new Redis distributed-lock package from publishing to nuget.org.

Highlights

  • Fix GetTimeBefore for positive-offset timezonesCronExpression.GetTimeBefore could throw ArgumentOutOfRangeException for cron expressions evaluated against timezones with positive UTC offsets (e.g. Europe/Helsinki, Asia/Tokyo). Backported from main.
  • Redis package renamed to Quartz.Extensions.Redis — the original Quartz.Redis package id from 3.18.0 collided with an unrelated v1.0.0 already on nuget.org and could not be published. The 3.18.0 release was shipped with IsPackable=false as a workaround; 3.18.1 picks the umbrella id Quartz.Extensions.Redis (matching Quartz.Extensions.DependencyInjection / Quartz.Extensions.Hosting) and re-enables publication. There are no consumers to migrate — the original id was never on nuget.org.
  • Vulnerable transitive dependency bumps — addresses moderate advisories that were blocking restore on the 3.x CI pipeline.

What's Changed

Full Changelog: quartznet/quartznet@v3.18.0...v3.18.1

Commits viewable in compare view.

@dependabot dependabot Bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels Apr 27, 2026
@dependabot dependabot Bot changed the title Bump the quartz group with 3 updates Bump Quartz and 2 others May 4, 2026
@dependabot dependabot Bot force-pushed the dependabot/nuget/quartz-0f9936aa24 branch from 5108105 to 7b0a69c Compare May 4, 2026 15:02
@dependabot dependabot Bot force-pushed the dependabot/nuget/quartz-0f9936aa24 branch from 7b0a69c to 52d0daf Compare May 11, 2026 18:55
@dependabot dependabot Bot force-pushed the dependabot/nuget/quartz-0f9936aa24 branch from 52d0daf to 442074b Compare May 18, 2026 21:37
Bumps Quartz from 3.18.0 to 3.18.1
Bumps Quartz.Extensions.DependencyInjection from 3.18.0 to 3.18.1
Bumps Quartz.Extensions.Hosting from 3.18.0 to 3.18.1

---
updated-dependencies:
- dependency-name: Quartz
  dependency-version: 3.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: quartz
- dependency-name: Quartz.Extensions.DependencyInjection
  dependency-version: 3.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: quartz
- dependency-name: Quartz.Extensions.Hosting
  dependency-version: 3.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: quartz
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/nuget/quartz-0f9936aa24 branch from 442074b to 3b9922b Compare June 2, 2026 10:58
@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 29, 2026
@dependabot dependabot Bot deleted the dependabot/nuget/quartz-0f9936aa24 branch June 29, 2026 12:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants