chore(deps): bump mongodb from 6.17.0 to 6.18.0 in the driver group

[dependabot]

Bumps the driver group with 1 update: mongodb.

Updates mongodb from 6.17.0 to 6.18.0

Release notes

Sourced from mongodb's releases.

v6.18.0

6.18.0 (2025-07-22)

The MongoDB Node.js team is pleased to announce version 6.18.0 of the mongodb package!

Release Notes

New appendMetadata API allows clients to add handshake metadata post construction

Driver information such as name, version, and platform are allowed:

import { MongoClient } from 'mongodb';
const client = new MongoClient(process.env.MONGODB_URI);
client.appendMetadata({ name: 'my library', version: '1.0', platform: 'NodeJS' });

Cursors lazily instantiate sessions

In previous versions, sessions were eagerly allocated whenever a cursor was created, regardless of whether or not a cursor was actually iterated (and the session was actually needed). Some driver APIs (FindCursor.count(), AggregationCursor.explain() and FindCursor.explain()) don't actually iterate the cursor they are executed on. This can lead to client sessions being created and never being cleaned up.

With this update, sessions are not allocated until the cursor is iterated.

Idle connections are now pruned during periods of no activity even when minPoolSize=0

A MongoClient configured with a maxIdleTimeMS and minPoolSize of 0 is advantageous for workloads that have sustained periods of little or no activity because it allows the connection pool to close connections that are unused during these periods of inactivity. However, due to a bug in the ConnectionPool implementation, idle / perished connections were not cleaned up unless minPoolSize was non-zero.

With the changes in this PR, the ConnectionPool now always cleans up idle connections, regardless of minPoolSize.

ChangeStream event interfaces include a wallTime property

This property is available on all types with the exception of reshard collection and refine collection shard key events. Thanks to @​qhello for bringing this bug to our attention!

CommandSucceededEvent and CommandFailedEvent events now have a databaseName property

CommandSucceededEvent and CommandFailedEvent now include the name of the database against which the command was executed.

Deprecations

Transaction state getters are deprecated

These were for internal use only and include:

Transaction#options
Transaction#recoveryToken
Transaction#isPinned
Transaction#isStarting
Transaction#isActive
</tr></table> 

... (truncated)

Changelog

Sourced from mongodb's changelog.

6.18.0 (2025-07-22)

Features

• NODE-5055: Add databaseName property to command monitoring events (#4586) (3faf0c9)
• NODE-6865: deprecate transaction getters (#4567) (da46aea)
• NODE-6991: deprecate unintentionally public client metadata types (#4566) (ca6554b)
• NODE-7009: add client metadata on demand (#4574) (b9636ee)
• NODE-7053: deprecate noResponse option (#4589) (1115319)

Bug Fixes

• NODE-4845: allocate sessions lazily in cursors (#4575) (5761703)
• NODE-6589: background task does not prune idle connections when minPoolSize=0 (#4569) (7cbb641)
• NODE-6955: add missing wallTime property TS change stream event interfaces (#4541) (f153c6f)

Commits

• 1f358f3 chore(main): release 6.18.0 (#4554)
• 966a4e4 test(NODE-4663): add csfle prose test 20 (#4585)
• 1115319 feat(NODE-7053): deprecate noResponse option (#4589)
• 6e240d4 test(NODE-6775): support auto encryption in the unified test runner (#4584)
• af98d40 chore(deps): bump drivers-evergreen-tools from 1e3ddd0 to 3052fce (#4588)
• 3faf0c9 feat(NODE-5055): Add databaseName property to command monitoring events (#4586)
• ec82ae9 chore(deps): bump drivers-evergreen-tools from ee0b039 to 1e3ddd0 (#4583)
• b9636ee feat(NODE-7009): add client metadata on demand (#4574)
• af0bb5a docs(NODE-6589): update maxIdleTimeMS API docs (#4579)
• a09212a refactor(NODE-3922): remove behaviour around ocsp tls options (#4577)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions