build(deps): bump mongodb from 7.1.0 to 7.1.1

[dependabot]

Bumps mongodb from 7.1.0 to 7.1.1.

Release notes

Sourced from mongodb's releases.

v7.1.1

7.1.1 (2026-03-24)

The MongoDB Node.js team is pleased to announce version 7.1.1 of the mongodb package!

Release Notes

Tighten OIDC ALLOWED_HOSTS wildcard matching

The OIDC ALLOWED_HOSTS wildcard handling has been fixed to require full subdomain/path matches for *. and */ entries, preventing partial suffix matches from being incorrectly accepted.

Fixed TCP keep-alive and no-delay settings not being applied on TLS connections

Due to a Node.js bug, tls.connect() silently ignores keepAlive, keepAliveInitialDelay, and noDelay options passed through its constructor. This could cause idle connections - particularly through cloud load balancers like Azure (240s idle timeout) or AWS PrivateLink/NLB - to be dropped unexpectedly due to missing TCP keep-alive probes.

The driver now explicitly calls setKeepAlive() and setNoDelay() on the socket after creation, ensuring these settings are always applied regardless of whether TLS is used.

Bug Fixes

• NODE-7477: OIDC host allowlist fix (#4896) (237c9ab)
• NODE-7482: explicitly call setKeepAlive and setNoDelay on socket (#4900) (b14ba21)

Documentation

• Reference
• API
• Changelog

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

Changelog

Sourced from mongodb's changelog.

7.1.1 (2026-03-23)

Bug Fixes

• NODE-7477: OIDC host allowlist fix (#4896) (237c9ab)
• NODE-7482: explicitly call setKeepAlive and setNoDelay on socket (#4900) (b14ba21)

Commits

• 5e4341e chore(v7.1.x): release 7.1.1 (#4895)
• b14ba21 fix(NODE-7482): explicitly call setKeepAlive and setNoDelay on socket (#4900)
• 237c9ab fix(NODE-7477): OIDC host allowlist fix (#4896)
• fa11559 ci(NODE-7489): pin npm to 11.11.1 for BSON compat tasks (#4901)
• 66e5cd6 chore(NODE-7480): fix ci issues on release branch (#4899)
• 639e17c chore(NODE-7476): added release-7.1 config
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.98%. Comparing base (3131d50) to head (be40a7a).

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #417   +/-   ##
=======================================
  Coverage   80.98%   80.98%           
=======================================
  Files          60       60           
  Lines        2235     2235           
  Branches      265      265           
=======================================
  Hits         1810     1810           
  Misses        392      392           
  Partials       33       33           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.