chore(v7.1.x): release 7.1.1

.github/workflows/release-7.1.yml

@@ -0,0 +1,105 @@
+on:
+  push:
+    branches: ['v7.1.x']
+  workflow_dispatch: {}
+
+permissions:
+  contents: write
+  pull-requests: write
+  id-token: write
+
+name: release-7.1
+
+jobs:
+  release_please:
+    runs-on: ubuntu-latest
+    outputs:
+      release_created: ${{ steps.release.outputs.release_created }}
+    steps:
+      - id: release
+        uses: googleapis/release-please-action@v4
+        with:
+          target-branch: 'v7.1.x'
+
+  build:
+    needs: [release_please]
+    name: "Perform any build or bundling steps, as necessary."
+    uses: ./.github/workflows/build.yml
+
+  ssdlc:
+    needs: [release_please, build]
+    permissions:
+      # required for all workflows
+      security-events: write
+      id-token: write
+      contents: write
+    environment: release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+
+      - name: Install Node and dependencies
+        uses: mongodb-labs/drivers-github-tools/node/setup@v3
+        with:
+          ignore_install_scripts: false
+
+      - name: Load version and package info
+        uses: mongodb-labs/drivers-github-tools/node/get_version_info@v3
+        with:
+          npm_package_name: mongodb
+
+      - name: actions/compress_sign_and_upload
+        uses: mongodb-labs/drivers-github-tools/node/sign_node_package@v3
+        with:
+          aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
+          aws_region_name: us-east-1
+          aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
+          npm_package_name: mongodb
+          dry_run: ${{ needs.release_please.outputs.release_created == '' }}
+
+      - name: Copy sbom file to release assets
+        shell: bash
+        if: ${{ '' == '' }}
+        run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json
+
+      # only used for mongodb-client-encryption
+      - name: Augment SBOM and copy to release assets
+        if: ${{ '' != '' }}
+        uses: mongodb-labs/drivers-github-tools/sbom@v3
+        with:
+          silk_asset_group: ''
+          sbom_file_name: sbom.json
+
+      - name: Generate authorized pub report
+        uses: mongodb-labs/drivers-github-tools/full-report@v3
+        with:
+          release_version: ${{ env.package_version }}
+          product_name: mongodb
+          sarif_report_target_ref: 'v7.1.x'
+          third_party_dependency_tool: n/a
+          dist_filenames: artifacts/*
+          token: ${{ github.token }}
+          sbom_file_name: sbom.json
+          evergreen_project: mongo-node-driver-next
+          evergreen_commit: ${{ env.commit }}
+
+      - uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v3
+        with:
+          version: ${{ env.package_version }}
+          product_name: mongodb
+          dry_run: ${{ needs.release_please.outputs.release_created == '' }}
+
+  publish:
+    needs: [release_please, ssdlc, build]
+    environment: release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+
+      - name: Install Node and dependencies
+        uses: mongodb-labs/drivers-github-tools/node/setup@v3
+
+      - run: npm publish --provenance --tag=latest
+        if: ${{ needs.release_please.outputs.release_created }}
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

.release-please-manifest.json

@@ -1,3 +1,3 @@
 {
-  ".": "7.1.0"
+  ".": "7.1.1"
 }

HISTORY.md

@@ -2,6 +2,13 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [7.1.1](https://github.com/mongodb/node-mongodb-native/compare/v7.1.0...v7.1.1) (2026-03-17)
+
+
+### Bug Fixes
+
+* **NODE-7477:** OIDC host allowlist fix ([96f36ff](https://github.com/mongodb/node-mongodb-native/commit/96f36ff55ee9eb77f9ced05aea31b3cb93199d60))
+
 ## [7.1.0](https://github.com/mongodb/node-mongodb-native/compare/v7.0.0...v7.1.0) (2026-02-02)
 
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "mongodb",
-  "version": "7.1.0",
+  "version": "7.1.1",
   "description": "The official MongoDB driver for Node.js",
   "main": "lib/index.js",
   "files": [

src/utils.ts

@@ -83,13 +83,27 @@ export function isUint8Array(value: unknown): value is Uint8Array {
  */
 export function hostMatchesWildcards(host: string, wildcards: string[]): boolean {
   for (const wildcard of wildcards) {
-    if (
-      host === wildcard ||
-      (wildcard.startsWith('*.') && host?.endsWith(wildcard.substring(2, wildcard.length))) ||
-      (wildcard.startsWith('*/') && host?.endsWith(wildcard.substring(2, wildcard.length)))
-    ) {
+    // Exact match always wins
+    if (host === wildcard) {
       return true;
     }
+
+    // Wildcard match with leading *.
+    if (wildcard.startsWith('*.')) {
+      const suffix = wildcard.substring(2);
+      // Exact match or strict subdomain match
+      if (host === suffix || host.endsWith(`.${suffix}`)) {
+        return true;
+      }
+    }
+    // Wildcard match with leading */
+    if (wildcard.startsWith('*/')) {
+      const suffix = wildcard.substring(2);
+      // Exact match or strict subpath match
+      if (host === suffix || host.endsWith(`/${suffix}`)) {
+        return true;
+      }
+    }
   }
   return false;
 }

test/unit/utils.test.ts

@@ -148,6 +148,13 @@ describe('driver utils', function () {
           });
         });
 
+        context('when the wildcard starts with *.', function () {
+          it('returns false', function () {
+            expect(hostMatchesWildcards('test-mongodb.com', ['*.mongodb.com', 'test2'])).to.be
+              .false;
+          });
+        });
+
         context('when the host matches a FQDN', function () {
           it('returns true', function () {
             expect(hostMatchesWildcards('mongodb.net', ['*.mongodb.net', 'other'])).to.be.true;
@@ -221,6 +228,14 @@ describe('driver utils', function () {
             .to.be.false;
         });
       });
+
+      context('when the host does not match partial matches', function () {
+        it('returns false', function () {
+          expect(
+            hostMatchesWildcards('/tmp/test-mongodb-27017.sock', ['*/mongodb-27017.sock', 'test2'])
+          ).to.be.false;
+        });
+      });
     });
   });