Skip to content

chore(deps-dev): bump mongodb from 6.21.0 to 7.1.1#80

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/mongodb-7.1.1
Closed

chore(deps-dev): bump mongodb from 6.21.0 to 7.1.1#80
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/mongodb-7.1.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 30, 2026
edited
Loading

Bumps mongodb from 6.21.0 to 7.1.1.

Release notes

Sourced from mongodb's releases.

v7.1.1

7.1.1 (2026-03-24)

The MongoDB Node.js team is pleased to announce version 7.1.1 of the mongodb package!

Release Notes

Tighten OIDC ALLOWED_HOSTS wildcard matching

The OIDC ALLOWED_HOSTS wildcard handling has been fixed to require full subdomain/path matches for *. and */ entries, preventing partial suffix matches from being incorrectly accepted.

Fixed TCP keep-alive and no-delay settings not being applied on TLS connections

Due to a Node.js bug, tls.connect() silently ignores keepAlive, keepAliveInitialDelay, and noDelay options passed through its constructor. This could cause idle connections - particularly through cloud load balancers like Azure (240s idle timeout) or AWS PrivateLink/NLB - to be dropped unexpectedly due to missing TCP keep-alive probes.

The driver now explicitly calls setKeepAlive() and setNoDelay() on the socket after creation, ensuring these settings are always applied regardless of whether TLS is used.

Bug Fixes

  • NODE-7477: OIDC host allowlist fix (#4896) (237c9ab)
  • NODE-7482: explicitly call setKeepAlive and setNoDelay on socket (#4900) (b14ba21)

Documentation

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

v7.1.0

7.1.0 (2026-02-02)

The MongoDB Node.js team is pleased to announce version 7.1.0 of the mongodb package!

Release Notes

🧩 Runtime and platform compatibility improvements

aws4 package no longer required for AWS authentication

The aws4 package is no longer required to use AWS authentication, reducing the dependency footprint.

Usages of util.promisify have been removed

The driver no longer relies on Node.js’s util.promisify() API, which improves compatibility with alternate runtimes.

Explicit node:process import instead of global.process

... (truncated)

Changelog

Sourced from mongodb's changelog.

7.1.1 (2026-03-23)

Bug Fixes

  • NODE-7477: OIDC host allowlist fix (#4896) (237c9ab)
  • NODE-7482: explicitly call setKeepAlive and setNoDelay on socket (#4900) (b14ba21)

7.1.0 (2026-02-02)

Features

  • NODE-5393: aws4 no longer required for AWS authentication (#4824) (0f46db8)
  • NODE-7121: prevent connection churn on backpressure errors when establishing connections (#4800) (4cb2b87)
  • NODE-7122: exponential backoff between retries in convenient transaction API (#4765) (e70fdc9)
  • NODE-7304: remove usages in src of promisify (#4799) (761b9bf)
  • NODE-7306: Replace global process with import node:process (#4820) (cc503cb)
  • NODE-7310: Replace process.arch with os.arch() (#4823) (f0af829)
  • NODE-7311: Replace process.platform with os.platform() (#4822) (c58ca1f)
  • NODE-7317: use BSON.NumberUtils to determine endianness (#4808) (4e9467e)
  • NODE-7319: update allowed hosts list with *.mongo.com (#4802) (bfb7160)
  • NODE-7330: deprecate RenameCollectionOptions.new_collection (#4815) (a96fa26)
  • NODE-7333: add support for deprioritized servers to all topologies (#4821) (a4211e7)

Bug Fixes

  • NODE-7290: use valueof for error code check (#4791) (1cc3d1c)
  • NODE-7298: ensure commonWireVersion is computed from server maxWireVersion (#4805) (2b2366d)
  • NODE-7307: Replace node:process.hrtime() with performance.now() (#4816) (ae2e037)
  • NODE-7308: replace process.nextTick with queueMicrotask (#4817) (b1b6e81)

7.0.0 (2025-11-06)

⚠ BREAKING CHANGES

  • NODE-7259: use alphas of all supporting packages (#4746)
  • NODE-5510: dont filter change stream options (#4723)
  • NODE-6296: remove cursor default batch size of 1000 (#4729)
  • NODE-7150: update peer dependency matrix for 3rd party peer deps (#4720)
  • NODE-7046: remove AWS uri/options support (#4689)
  • NODE-4808: remove support for stream() transform on cursors and change streams (#4728)
  • NODE-6377: remove noResponse option (#4724)
  • NODE-6473: remove MONGODB-CR auth (#4717)
  • NODE-5994: Remove metadata-related properties from public driver API (#4716)
  • NODE-7016: remove beta namespace and move resource management into driver (#4719)
  • NODE-4184: don't throw on aggregate with write concern and explain (#4718)
  • NODE-7043, NODE-7217: adopt mongodb-client-encryption v7 (#4705)

... (truncated)

Commits
  • 5e4341e chore(v7.1.x): release 7.1.1 (#4895)
  • b14ba21 fix(NODE-7482): explicitly call setKeepAlive and setNoDelay on socket (#4900)
  • 237c9ab fix(NODE-7477): OIDC host allowlist fix (#4896)
  • fa11559 ci(NODE-7489): pin npm to 11.11.1 for BSON compat tasks (#4901)
  • 66e5cd6 chore(NODE-7480): fix ci issues on release branch (#4899)
  • 639e17c chore(NODE-7476): added release-7.1 config
  • b7cd1ef chore(main): release 7.1.0 (#4795)
  • 9151d48 test(NODE-7400): Test Node Driver 7.0.0 against latest version of BSON librar...
  • 59c2557 test(NODE-7415): sync spec test for server deprioritization with changed Serv...
  • ea31dcd ci(NODE-7025): New SBOM generation workflow on dependencies change (#4807)
  • Additional commits viewable in compare view

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Mar 30, 2026

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot mentioned this pull request Mar 30, 2026
Closed
@dependabot
chore(deps-dev): bump mongodb from 6.21.0 to 7.1.1
63ad1d5 
Bumps [mongodb](https://github.com/mongodb/node-mongodb-native) from 6.21.0 to 7.1.1.
- [Release notes](https://github.com/mongodb/node-mongodb-native/releases)
- [Changelog](https://github.com/mongodb/node-mongodb-native/blob/v7.1.1/HISTORY.md)
- [Commits](mongodb/node-mongodb-native@v6.21.0...v7.1.1)

---
updated-dependencies:
- dependency-name: mongodb
  dependency-version: 7.1.1
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/mongodb-7.1.1 branch from 7622297 to 63ad1d5 Compare April 11, 2026 12:16
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 27, 2026

Superseded by #84.

@dependabot dependabot Bot closed this Apr 27, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/mongodb-7.1.1 branch April 27, 2026 03:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants