Bump mongodb from 7.1.0 to 7.1.1

[dependabot]

Bumps mongodb from 7.1.0 to 7.1.1.

Release notes

Sourced from mongodb's releases.

v7.1.1

7.1.1 (2026-03-24)

The MongoDB Node.js team is pleased to announce version 7.1.1 of the mongodb package!

Release Notes

Tighten OIDC ALLOWED_HOSTS wildcard matching

The OIDC ALLOWED_HOSTS wildcard handling has been fixed to require full subdomain/path matches for *. and */ entries, preventing partial suffix matches from being incorrectly accepted.

Fixed TCP keep-alive and no-delay settings not being applied on TLS connections

Due to a Node.js bug, tls.connect() silently ignores keepAlive, keepAliveInitialDelay, and noDelay options passed through its constructor. This could cause idle connections - particularly through cloud load balancers like Azure (240s idle timeout) or AWS PrivateLink/NLB - to be dropped unexpectedly due to missing TCP keep-alive probes.

The driver now explicitly calls setKeepAlive() and setNoDelay() on the socket after creation, ensuring these settings are always applied regardless of whether TLS is used.

Bug Fixes

• NODE-7477: OIDC host allowlist fix (#4896) (237c9ab)
• NODE-7482: explicitly call setKeepAlive and setNoDelay on socket (#4900) (b14ba21)

Documentation

• Reference
• API
• Changelog

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

Changelog

Sourced from mongodb's changelog.

7.1.1 (2026-03-23)

Bug Fixes

• NODE-7477: OIDC host allowlist fix (#4896) (237c9ab)
• NODE-7482: explicitly call setKeepAlive and setNoDelay on socket (#4900) (b14ba21)

Commits

• 5e4341e chore(v7.1.x): release 7.1.1 (#4895)
• b14ba21 fix(NODE-7482): explicitly call setKeepAlive and setNoDelay on socket (#4900)
• 237c9ab fix(NODE-7477): OIDC host allowlist fix (#4896)
• fa11559 ci(NODE-7489): pin npm to 11.11.1 for BSON compat tasks (#4901)
• 66e5cd6 chore(NODE-7480): fix ci issues on release branch (#4899)
• 639e17c chore(NODE-7476): added release-7.1 config
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)