Skip to content

build(deps): Bump mongodb from 6.20.0 to 7.4.0#7776

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/mongodb-7.4.0
Closed

build(deps): Bump mongodb from 6.20.0 to 7.4.0#7776
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/mongodb-7.4.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 26, 2026

Copy link
Copy Markdown
Contributor

Bumps mongodb from 6.20.0 to 7.4.0.

Release notes

Sourced from mongodb's releases.

v7.4.0

7.4.0 (2026-06-25)

The MongoDB Node.js team is pleased to announce version 7.4.0 of the mongodb package!

Release Notes

Explicit resource management is now stable

The Symbol.asyncDispose methods on MongoClient, ClientSession, ChangeStream, and cursors enable await using for automatic cleanup. These methods were introduced as experimental in v6.9.0. Since then, TC39 Explicit Resource Management proposal reached Stage 4 in 2025, and Node.js enabled explicit resource management as a stable feature in Node.js 24, so the experimental flags have been removed from our APIs and the APIs are now officially supported.

afterClusterTime now sent on writes in causally-consistent sessions

When a session has causal consistency enabled, write operations now include readConcern.afterClusterTime, matching the existing read behavior. This maintains the "read your own writes" guarantee across primary failovers in shareded clusters. There are no API changes.

Features

  • NODE-7634: remove experimental tag from async dispose methods (#4976) (43ce3eb)
  • NODE-7549: send afterClusterTime on writes in causally-consistent sessions (#4963) (3abfd26)

Documentation

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

v7.3.0

[!IMPORTANT] A future minor release will raise the minimum supported MongoDB Server version from 4.2 to 4.4. This is in accordance with MongoDB Software Lifecycle Schedules. Support for MongoDB Server 4.2 will be dropped in a future release!

7.3.0 (2026-06-04)

The MongoDB Node.js team is pleased to announce version 7.3.0 of the mongodb package!

Release Notes

maxWireVersion is bumped to 29

Max wire version & max server version bumped in preparation for MongoDB LTS (v9.0).

Fixed SCRAM authentication for non-Node.js runtimes (e.g., Deno)

SCRAM-based authentication (the default mechanism for username/password connections) was broken when using the driver in non-Node.js environments such as Deno. The root cause was an implicit toString() call on byte arrays that produced incorrect output outside of Node.js. This fix ensures explicit UTF-8 string conversion is used throughout the SCRAM implementation, restoring authentication in Deno and other web-compatible runtimes.

... (truncated)

Changelog

Sourced from mongodb's changelog.

7.4.0 (2026-06-25)

Features

  • NODE-7634: remove experimental tag from async dispose methods (#4976) (43ce3eb)
  • NODE-7549: send afterClusterTime on writes in causally-consistent sessions (#4963) (3abfd26)

7.3.0 (2026-06-04)

Features

Bug Fixes

  • NODE-7548: SCRAM authentication fails on non-Node runtimes (#4932) (a10d2c9)

7.2.0 (2026-04-17)

Features

  • NODE-7142: Exponential backoff and jitter in retry loops (#4871) (22c6031)
  • NODE-7315: Use BSON ByteUtils instead of Nodejs Buffer (#4840) (1add538)
  • NODE-7335: Create dedicated mocha runner with isolated vm context (#4876) (a4cba4c)
  • NODE-7379: Refactor Crypto to Web Crypto API (#4862) (ac98f4a)
  • NODE-7385: add experimental os runtime adapter (#4851) (d2ad07f)
  • NODE-7441: add ChangeStream.bufferedCount (#4870) (f7ea421)
  • NODE-7452: restrict server deprioritization on replica sets to overload errors (#4875) (87a3465)
  • NODE-7467: make token bucket optional in client backpressure (#4878) (4fb0a0a)
  • NODE-7491: finalize client backpressure implementation for phase 1 rollout (#4920) (2cc7983)

Bug Fixes

  • NODE-7430: throw timeout error when withTransaction retries exceed deadline (#4897) (16a899d)
  • NODE-7459: explicitly call setKeepAlive and setNoDelay on socket (#4879) (778a2a1)
  • NODE-7469: overload retry when retryReads/Writes=false (#4888) (4157b26)
  • NODE-7478: OIDC host allowlist fix (#4905) (f36b754)

7.1.0 (2026-02-02)

Features

  • NODE-5393: aws4 no longer required for AWS authentication (#4824) (0f46db8)
  • NODE-7121: prevent connection churn on backpressure errors when establishing connections (#4800) (4cb2b87)

... (truncated)

Commits
  • 1c4333e chore(main): release 7.4.0 (#4974)
  • 43ce3eb feat(NODE-7634): remove experimental tag from async dispose methods (#4976)
  • 3abfd26 fix(NODE-7549): send afterClusterTime on writes in causally-consistent sessio...
  • 88ec159 chore(NODE-7418): skip csot tests on latest (#4969)
  • 1f5ac37 chore(NODE-7473): upgrade to chai 5 (#4958)
  • b17288c chore: skip csfle tests and fix related broken tests (#4965)
  • 5b401aa test(NODE-7493): enable source maps and add nyc-free debug scripts (#4947)
  • 3ba2dd2 docs: clarify release notes verification steps (#4960)
  • 0a434d3 docs: add 7.3 docs (#4959)
  • 99106de chore(main): release 7.3.0 (#4944)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for mongodb since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): Bump mongodb from 6.20.0 to 7.4.0
87655d5 
Bumps [mongodb](https://github.com/mongodb/node-mongodb-native) from 6.20.0 to 7.4.0.
- [Release notes](https://github.com/mongodb/node-mongodb-native/releases)
- [Changelog](https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md)
- [Commits](mongodb/node-mongodb-native@v6.20.0...v7.4.0)

---
updated-dependencies:
- dependency-name: mongodb
  dependency-version: 7.4.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 26, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 26, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/mongodb-7.4.0 branch June 26, 2026 11:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@ar2rsawseen ar2rsawseen

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ar2rsawseen