Skip to content

build(deps): bump the production-dependencies group with 2 updates#1

Merged
dustintownsend merged 1 commit intomainfrom
dependabot/npm_and_yarn/production-dependencies-4ac4586cb9
Nov 21, 2025
Merged

build(deps): bump the production-dependencies group with 2 updates#1
dustintownsend merged 1 commit intomainfrom
dependabot/npm_and_yarn/production-dependencies-4ac4586cb9

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Nov 20, 2025
edited
Loading

Bumps the production-dependencies group with 2 updates: mongodb and zod.

Updates mongodb from 6.21.0 to 7.0.0

Release notes

Sourced from mongodb's releases.

v7.0.0

7.0.0 (2025-11-06)

The MongoDB Node.js team is pleased to announce version 7.0.0 of the mongodb package!

Release Notes

The following is a detailed collection of the changes in the major v7 release of the mongodb package for Node.js. The main focus of this release was usability improvements and a streamlined API. Read on for details!

[!IMPORTANT] This is a list of changes relative to v6.21.0 of the driver. ALL changes listed below are BREAKING unless indicated otherwise. Users migrating from an older version of the driver are advised to upgrade to at least v6.21.0 before adopting v7.

🛠️ Runtime and dependency updates

Minimum Node.js version is now v20.19.0

The minimum supported Node.js version is now v20.19.0 and our TypeScript target has been updated to ES2023. We strive to keep our minimum supported Node.js version in sync with the runtime's release cadence to keep up with the latest security updates and modern language features.

Notably, the driver now offers native support for explicit resource management. Symbol.asyncDispose implementations are available on the MongoClient, ClientSession, ChangeStream and on cursors.

[!Note] Explicit resource management is considered experimental in the driver and will be until the TC39 explicit resource management proposal is completed.

bson and mongodb-connection-string-url versions 7.0.0

This driver version has been updated to use bson@7.0.0 and mongodb-connection-string-url@7.0.0, which match the driver's Node.js runtime version support. BSON functionality re-exported from the driver is furthermore subject to the changes outlined in the BSON V7 release notes.

Optional peer dependency releases and version bumps

  • @mongodb-js/zstd optional peer dependency minimum version raised to 7.0.0, dropped support for 1.x and 2.x (note that @mongodb-js/zstd does not have 3.x-6.x version releases)
  • kerberos optional peer dependency minimum version raised to 7.0.0, dropped support for 2.x (note that kerberos does not have 3.x-6.x version releases)
  • mongodb-client-encryption optional peer dependency minimum version raised to 7.0.0, dropped support for 6.x

Additionally, the driver is now compatible with the following packages:

Dependency Previous Range New Allowed Range
@​aws-sdk/credential-providers ^3.188.0 ^3.806.0
gcp-metadata ^5.2.0 ^7.0.1
socks ^2.7.1 ^2.8.6

🔐 AWS authentication

To improve long-term maintainability and ensure compatibility with AWS updates, we’ve standardized AWS auth to use the official SDK in all cases and made a number of supporting changes outlined below.

@aws-sdk/credential-providers is now required for MONGODB-AWS authentication

Previous versions of the driver contained two implementations for AWS authentication and could run the risk of the custom driver implementation not supporting all AWS authentication features as well as not being correct when AWS makes changes. Using the official AWS SDK in all cases alleviates these issues.

... (truncated)

Changelog

Sourced from mongodb's changelog.

7.0.0 (2025-11-06)

⚠ BREAKING CHANGES

  • NODE-7259: use alphas of all supporting packages (#4746)
  • NODE-5510: dont filter change stream options (#4723)
  • NODE-6296: remove cursor default batch size of 1000 (#4729)
  • NODE-7150: update peer dependency matrix for 3rd party peer deps (#4720)
  • NODE-7046: remove AWS uri/options support (#4689)
  • NODE-4808: remove support for stream() transform on cursors and change streams (#4728)
  • NODE-6377: remove noResponse option (#4724)
  • NODE-6473: remove MONGODB-CR auth (#4717)
  • NODE-5994: Remove metadata-related properties from public driver API (#4716)
  • NODE-7016: remove beta namespace and move resource management into driver (#4719)
  • NODE-4184: don't throw on aggregate with write concern and explain (#4718)
  • NODE-7043, NODE-7217: adopt mongodb-client-encryption v7 (#4705)
  • NODE-6065: throw MongoRuntimeError instead of MissingDependencyError in crypto connection (#4711)
  • NODE-6584: improve typing for filepaths in AutoEncryptionOptions (#4341)
  • NODE-6334: rename PoolRequstedRetry to PoolRequestedRetry (#4696)
  • NODE-7174: drop support for Node16 and Node18 (#4668)
  • NODE-7047: use custom credential provider first after URI (#4656)
  • NODE-6988: require aws sdk for aws auth (#4659)

Features

  • bump bson to 7.0.0-alpha.2 (#4756) (9b34953)
  • NODE-4184: don't throw on aggregate with write concern and explain (#4718) (88e02a4)
  • NODE-4243: drop collection checks ns not found (#4742) (a8d7c5f)
  • NODE-4808: remove support for stream() transform on cursors and change streams (#4728) (1702987)
  • NODE-5510: dont filter change stream options (#4723) (a2daf76)
  • NODE-5545: remove deprecated objects (#4704) (cfbada6)
  • NODE-5994: Remove metadata-related properties from public driver API (#4716) (b59c5ce)
  • NODE-6065: throw MongoRuntimeError instead of MissingDependencyError in crypto connection (#4711) (ff229fa)
  • NODE-6296: remove cursor default batch size of 1000 (#4729) (f8a855f)
  • NODE-6334: rename PoolRequstedRetry to PoolRequestedRetry (#4696) (84db848)
  • NODE-6377: remove noResponse option (#4724) (9e9059a)
  • NODE-6473: remove MONGODB-CR auth (#4717) (9a1bc65)
  • NODE-6584: improve typing for filepaths in AutoEncryptionOptions (#4341) (dab4c7c)
  • NODE-6988: require aws sdk for aws auth (#4659) (b7c6750)
  • NODE-7016: remove beta namespace and move resource management into driver (#4719) (fb2824f)
  • NODE-7043, NODE-7217: adopt mongodb-client-encryption v7 (#4705) (3f7196e)
  • NODE-7046: remove AWS uri/options support (#4689) (d14ac3f)
  • NODE-7047: use custom credential provider first after URI (#4656) (2a47bbb)
  • NODE-7150: update peer dependency matrix for 3rd party peer deps (#4720) (0451dae)
  • NODE-7174: drop support for Node16 and Node18 (#4668) (a576b7d)
  • NODE-7223: run checkout on connect regardless of credentials (#4715) (c5f74ab)
  • NODE-7259: use alphas of all supporting packages (#4746) (e1ea14c)
  • NODE-7260: update bson alpha to latest (#4748) (4e88559)

... (truncated)

Commits
  • 2512137 chore(main): release 7.0.0 (#4667)
  • e4881f5 docs(NODE-7172): create v7 migration guide (#4751)
  • 53a4fb1 docs: 6.21 docs (#4782)
  • 696664c feat!(NODE-7286): update peer dependencies (#4780)
  • 517da84 docs: add info about testing with different versions and the rosetta setup fo...
  • 252dab8 test(NODE-7219): remove unused tests (#4767)
  • 76c98bb test(NODE-5206): fix flaky sdam prose test (#4752)
  • cb522bf fix(NODE-7247): clarify #rewrapManyDataKey() parameter types (#4760)
  • ec996e6 chore(NODE-6945): remove dependency on v8-heapsnapshot (#4763)
  • 7d879fd test(NODE-7280): remove test/mongodb.ts and its usage (#4766)
  • Additional commits viewable in compare view

Updates zod from 3.25.76 to 4.1.12

Release notes

Sourced from zod's releases.

v4.1.12

Commits:

  • 0b109c37c6b0b10e3901b56bcccb72e29a0b846f docs(ecosystem): add bupkis to the ecosystem section (#5237)
  • d22ec0d26fab27151b0f1d1f98bffeaf8b011f57 docs(ecosystem): add upfetch (#5238)
  • c56a4f6fab42c542b191228af61974b2328dc52f docs(ecosystem): add eslint-plugin-zod-x (#5261)
  • a0abcc02900a4293dd4f30cd81580efcdd5230bb docs(metadata.mdx): fix a mistake in an example output (#5248)
  • 62bf4e439e287e55c843245b49f8d34b1ad024ee fix(ZodError): prevent flatten() from crashing on 'toString' key (#5266)
  • 02a584010ac92ac8a351632ae5aea3983a6f17d8 refac(errors): Unify code structure and improve types (#5278)
  • 4b1922ad714e12dafaa83a40ec03275a39ac980c docs(content/v4/index): fix zod version (#5289)
  • 3fcb20ff348e49aec70f45e0dca3de8a61450e77 Add frrm to ecosystem (#5292)
  • fda4c7c2afbd7649261be1e7954f8c4d4de24a07 Make docs work without token
  • af447384379faef28aa857fb53ef1da702c6d408 Fix lint
  • 77c3c9f069a4cf168c0cbc58432803de887a6b1b Export bg.ts
  • 3b946107b6c94b2ac8ff9fb451160c34dc4dd794 v4.1.12

v4.1.11

Commits:

  • 2bed4b39760d8e4d678203b5c8fcaf24c182fc9f 4.1.11

v4.1.10

Commits:

  • 7ffedd00169d8dc2e7cb7c6d878f29b03e05b3a3 Fix shape caching (#5263)
  • 82cd717a0e7ee4e1737a783c7be278fa93fd8104 v4.1.10

v4.1.9

Commits:

  • a78716d91da7649a61016b81c27f49fd9e79a81e Update zshy (#5249)
  • 923af801fde9f033cfd7e0e753b421a554fe3be8 Publish zod@4.1.9

v4.1.8

Commits:

  • 36c4ee354d0c1f47b7311e49f6dd4b7a11de04f5 Switch back to weakmap
  • a1726d53172ba52ecf90999df73778cf416264fd 4.1.8

v4.1.7

Commits:

  • 0cca351c8b152d7c4113ab7c2a44675efb060677 Fix variable name inconsistency in coercion documentation (#5188)
  • aa78c270f1b43f4665339f4b61e7cb88037b8c84 Add copy/edit buttons
  • 76452d4119d800a722b692755c1168627bc95f0f Update button txt
  • 937f73c90cac90bd3b99b12c792c289b50416510 Fix tsconfig issue in bench
  • 976b43657d4aff6d47c73c1c86125623ea08752d v4.1.6 (#5222)
  • 4309c61304daf40aab2124b5f513abe2b4df8637 Fix cidrv6 validation - cidrv6 should reject invalid strings with multiple slashes (#5196)
  • ef95a73b6d33299743e5ff4f0645b98c1b0d6f72 feat(locales): Add Lithuanian (lt) locale (#5210)
  • 3803f3f37168212f2178e8b8deceb7bad78ed904 docs: update wrong contents in codeblocks in api.mdx (#5209)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Nov 20, 2025
@dependabot
build(deps): bump the production-dependencies group with 2 updates
409ed64 
Bumps the production-dependencies group with 2 updates: [mongodb](https://github.com/mongodb/node-mongodb-native) and [zod](https://github.com/colinhacks/zod).


Updates `mongodb` from 6.21.0 to 7.0.0
- [Release notes](https://github.com/mongodb/node-mongodb-native/releases)
- [Changelog](https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md)
- [Commits](mongodb/node-mongodb-native@v6.21.0...v7.0.0)

Updates `zod` from 3.25.76 to 4.1.12
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Commits](colinhacks/zod@v3.25.76...v4.1.12)

---
updated-dependencies:
- dependency-name: mongodb
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: zod
  dependency-version: 4.1.12
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/production-dependencies-4ac4586cb9 branch from 97b15ea to 409ed64 Compare November 20, 2025 14:10
@dustintownsend dustintownsend merged commit 38f5ec0 into main Nov 21, 2025
0 of 2 checks passed
@dustintownsend dustintownsend deleted the dependabot/npm_and_yarn/production-dependencies-4ac4586cb9 branch November 21, 2025 14:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dustintownsend