Skip to content

npm: bump mongodb from 6.20.0 to 7.1.1#46

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/mongodb-7.1.1
Open

npm: bump mongodb from 6.20.0 to 7.1.1#46
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/mongodb-7.1.1

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 24, 2026

Bumps mongodb from 6.20.0 to 7.1.1.

Release notes

Sourced from mongodb's releases.

v7.1.1

7.1.1 (2026-03-23)

The MongoDB Node.js team is pleased to announce version 7.1.1 of the mongodb package!

Release Notes

Tighten OIDC ALLOWED_HOSTS wildcard matching

The OIDC ALLOWED_HOSTS wildcard handling has been fixed to require full subdomain/path matches for *. and */ entries, preventing partial suffix matches from being incorrectly accepted.

Fixed TCP keep-alive and no-delay settings not being applied on TLS connections

Due to a Node.js bug, tls.connect() silently ignores keepAlive, keepAliveInitialDelay, and noDelay options passed through its constructor. This could cause idle connections - particularly through cloud load balancers like Azure (240s idle timeout) or AWS PrivateLink/NLB - to be dropped unexpectedly due to missing TCP keep-alive probes.

The driver now explicitly calls setKeepAlive() and setNoDelay() on the socket after creation, ensuring these settings are always applied regardless of whether TLS is used.

Bug Fixes

  • NODE-7477: OIDC host allowlist fix (#4896) (237c9ab)
  • NODE-7482: explicitly call setKeepAlive and setNoDelay on socket (#4900) (b14ba21)

Documentation

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

v7.1.0

7.1.0 (2026-02-02)

The MongoDB Node.js team is pleased to announce version 7.1.0 of the mongodb package!

Release Notes

🧩 Runtime and platform compatibility improvements

aws4 package no longer required for AWS authentication

The aws4 package is no longer required to use AWS authentication, reducing the dependency footprint.

Usages of util.promisify have been removed

The driver no longer relies on Node.js’s util.promisify() API, which improves compatibility with alternate runtimes.

Explicit node:process import instead of global.process

... (truncated)

Changelog

Sourced from mongodb's changelog.

7.1.1 (2026-03-23)

Bug Fixes

  • NODE-7477: OIDC host allowlist fix (#4896) (237c9ab)
  • NODE-7482: explicitly call setKeepAlive and setNoDelay on socket (#4900) (b14ba21)

7.1.0 (2026-02-02)

Features

  • NODE-5393: aws4 no longer required for AWS authentication (#4824) (0f46db8)
  • NODE-7121: prevent connection churn on backpressure errors when establishing connections (#4800) (4cb2b87)
  • NODE-7122: exponential backoff between retries in convenient transaction API (#4765) (e70fdc9)
  • NODE-7304: remove usages in src of promisify (#4799) (761b9bf)
  • NODE-7306: Replace global process with import node:process (#4820) (cc503cb)
  • NODE-7310: Replace process.arch with os.arch() (#4823) (f0af829)
  • NODE-7311: Replace process.platform with os.platform() (#4822) (c58ca1f)
  • NODE-7317: use BSON.NumberUtils to determine endianness (#4808) (4e9467e)
  • NODE-7319: update allowed hosts list with *.mongo.com (#4802) (bfb7160)
  • NODE-7330: deprecate RenameCollectionOptions.new_collection (#4815) (a96fa26)
  • NODE-7333: add support for deprioritized servers to all topologies (#4821) (a4211e7)

Bug Fixes

  • NODE-7290: use valueof for error code check (#4791) (1cc3d1c)
  • NODE-7298: ensure commonWireVersion is computed from server maxWireVersion (#4805) (2b2366d)
  • NODE-7307: Replace node:process.hrtime() with performance.now() (#4816) (ae2e037)
  • NODE-7308: replace process.nextTick with queueMicrotask (#4817) (b1b6e81)

7.0.0 (2025-11-06)

⚠ BREAKING CHANGES

  • NODE-7259: use alphas of all supporting packages (#4746)
  • NODE-5510: dont filter change stream options (#4723)
  • NODE-6296: remove cursor default batch size of 1000 (#4729)
  • NODE-7150: update peer dependency matrix for 3rd party peer deps (#4720)
  • NODE-7046: remove AWS uri/options support (#4689)
  • NODE-4808: remove support for stream() transform on cursors and change streams (#4728)
  • NODE-6377: remove noResponse option (#4724)
  • NODE-6473: remove MONGODB-CR auth (#4717)
  • NODE-5994: Remove metadata-related properties from public driver API (#4716)
  • NODE-7016: remove beta namespace and move resource management into driver (#4719)
  • NODE-4184: don't throw on aggregate with write concern and explain (#4718)
  • NODE-7043, NODE-7217: adopt mongodb-client-encryption v7 (#4705)

... (truncated)

Commits
  • 5e4341e chore(v7.1.x): release 7.1.1 (#4895)
  • b14ba21 fix(NODE-7482): explicitly call setKeepAlive and setNoDelay on socket (#4900)
  • 237c9ab fix(NODE-7477): OIDC host allowlist fix (#4896)
  • fa11559 ci(NODE-7489): pin npm to 11.11.1 for BSON compat tasks (#4901)
  • 66e5cd6 chore(NODE-7480): fix ci issues on release branch (#4899)
  • 639e17c chore(NODE-7476): added release-7.1 config
  • b7cd1ef chore(main): release 7.1.0 (#4795)
  • 9151d48 test(NODE-7400): Test Node Driver 7.0.0 against latest version of BSON librar...
  • 59c2557 test(NODE-7415): sync spec test for server deprioritization with changed Serv...
  • ea31dcd ci(NODE-7025): New SBOM generation workflow on dependencies change (#4807)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
npm: bump mongodb from 6.20.0 to 7.1.1
97ee501 
Bumps [mongodb](https://github.com/mongodb/node-mongodb-native) from 6.20.0 to 7.1.1.
- [Release notes](https://github.com/mongodb/node-mongodb-native/releases)
- [Changelog](https://github.com/mongodb/node-mongodb-native/blob/v7.1.1/HISTORY.md)
- [Commits](mongodb/node-mongodb-native@v6.20.0...v7.1.1)

---
updated-dependencies:
- dependency-name: mongodb
  dependency-version: 7.1.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from damger9 as a code owner March 24, 2026 09:44
@dependabot dependabot bot added the npm dependencies Dependabot pull requests label Mar 24, 2026
@dependabot dependabot bot mentioned this pull request Mar 24, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@damger9 damger9 Awaiting requested review from damger9 damger9 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@damger9 damger9

Labels

npm dependencies Dependabot pull requests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@damger9