Bump the runtime group with 3 updates

[dependabot]

Bumps the runtime group with 3 updates: @defra/hapi-tracing, dotenv and mongodb.

Updates @defra/hapi-tracing from 1.26.0 to 1.30.0

Commits

• f634c6f Version package [skip ci]
• a174804 Merge pull request #137 from DEFRA/CORE-1894-provide-trace-id-in-on-pre-respo...
• 9c91cc7 CORE-1894: Release _postCycle changes
• 870c08a Merge pull request #136 from DEFRA/CORE-1894-provide-trace-id-in-on-pre-response
• c3adf17 CORE-1894: Add dependabot release instructions
• cb445b8 CORE-1894: Also wrap _postCycle Hapi request
• f125105 Version package [skip ci]
• 5e824b7 Merge pull request #135 from DEFRA/release-dependabot-changes
• 6eb6057 Releasing dependabot updates
• ef52037 Merge pull request #131 from DEFRA/dependabot/npm_and_yarn/joi-18.0.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​defra/hapi-tracing since your current version.

Updates dotenv from 16.6.1 to 17.3.1

Changelog

Sourced from dotenv's changelog.

17.3.1 (2026-02-12)

Changed

• Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

• Add a new README section on dotenv’s approach to the agentic future.

Changed

• Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

• Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)

• Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

17.2.3 (2025-09-29)

Changed

• Fixed typescript error definition (#912)

17.2.2 (2025-09-02)

Added

• 🙏 A big thank you to new sponsor Tuple.app - the premier screen sharing app for developers on macOS and Windows. Go check them out. It's wonderful and generous of them to give back to open source by sponsoring dotenv. Give them some love back.

17.2.1 (2025-07-24)

Changed

• Fix clickable tip links by removing parentheses (#897)

17.2.0 (2025-07-09)

Added

• Optionally specify DOTENV_CONFIG_QUIET=true in your environment or .env file to quiet the runtime log (#889)
• Just like dotenv any DOTENV_CONFIG_ environment variables take precedence over any code set options like ({quiet: false})

# .env
</tr></table> 

... (truncated)

Commits

• 7bc16a4 17.3.1
• 27303fd update README-es
• 6379eb2 update README
• b6d7339 fix spelling
• 5febe35 17.3.0
• f61f383 changelog 🪵
• dec94ad update README
• 4856950 update README
• 6351887 update README
• 23bd017 update README
• Additional commits viewable in compare view

Updates mongodb from 6.17.0 to 7.1.0

Release notes

Sourced from mongodb's releases.

v7.1.0

7.1.0 (2026-02-02)

The MongoDB Node.js team is pleased to announce version 7.1.0 of the mongodb package!

Release Notes

🧩 Runtime and platform compatibility improvements

aws4 package no longer required for AWS authentication

The aws4 package is no longer required to use AWS authentication, reducing the dependency footprint.

Usages of util.promisify have been removed

The driver no longer relies on Node.js’s util.promisify() API, which improves compatibility with alternate runtimes.

Explicit node:process import instead of global.process

The driver now explicitly imports node:process instead of relying on global.process, allowing bundlers and alternate runtimes to supply and optimize the process implementation more consistently.

Node-specific platform APIs replaced with standards-based equivalents

The driver replaces several Node-specific APIs with standards-based equivalents:

• process.arch → os.arch()
• process.platform → os.platform()
• os.endianness() → BSON.NumberUtils
• process.hrtime() → performance.now()
• process.nextTick() → queueMicrotask()

These changes reduce the number of patches required to run the driver outside of Node.js and improve compatibility with non-Node.js runtimes.

🔁 Connection resilience and retry behavior improvements

Connection churn avoidance in server overload scenarios

When server-side connection rate limiting is enabled and the rate limiter kicks in under periods of high connection establishment,the driver will additionally churn connections by clearing the pool every time the rate limiter rejects an incoming connection request.

In this new driver release, connection establishment failures no longer clear the pool, preventing unnecessary connection churn in these scenarios.

withTransaction now applies exponential backoff during transaction retries

The convenient transaction API, withTransaction, now uses exponential backoff between retries when a transaction must be retried. Under high server load, this can help prevent transaction retry storms.

Server selection deprioritizes servers during retries

When retrying a command, the driver now deprioritizes servers during server selection, improving stability and reducing the likelihood of repeatedly targeting overloaded or previously failed servers.

... (truncated)

Changelog

Sourced from mongodb's changelog.

7.1.0 (2026-02-02)

Features

• NODE-5393: aws4 no longer required for AWS authentication (#4824) (0f46db8)
• NODE-7121: prevent connection churn on backpressure errors when establishing connections (#4800) (4cb2b87)
• NODE-7122: exponential backoff between retries in convenient transaction API (#4765) (e70fdc9)
• NODE-7304: remove usages in src of promisify (#4799) (761b9bf)
• NODE-7306: Replace global process with import node:process (#4820) (cc503cb)
• NODE-7310: Replace process.arch with os.arch() (#4823) (f0af829)
• NODE-7311: Replace process.platform with os.platform() (#4822) (c58ca1f)
• NODE-7317: use BSON.NumberUtils to determine endianness (#4808) (4e9467e)
• NODE-7319: update allowed hosts list with *.mongo.com (#4802) (bfb7160)
• NODE-7330: deprecate RenameCollectionOptions.new_collection (#4815) (a96fa26)
• NODE-7333: add support for deprioritized servers to all topologies (#4821) (a4211e7)

Bug Fixes

• NODE-7290: use valueof for error code check (#4791) (1cc3d1c)
• NODE-7298: ensure commonWireVersion is computed from server maxWireVersion (#4805) (2b2366d)
• NODE-7307: Replace node:process.hrtime() with performance.now() (#4816) (ae2e037)
• NODE-7308: replace process.nextTick with queueMicrotask (#4817) (b1b6e81)

7.0.0 (2025-11-06)

⚠ BREAKING CHANGES

• NODE-7259: use alphas of all supporting packages (#4746)
• NODE-5510: dont filter change stream options (#4723)
• NODE-6296: remove cursor default batch size of 1000 (#4729)
• NODE-7150: update peer dependency matrix for 3rd party peer deps (#4720)
• NODE-7046: remove AWS uri/options support (#4689)
• NODE-4808: remove support for stream() transform on cursors and change streams (#4728)
• NODE-6377: remove noResponse option (#4724)
• NODE-6473: remove MONGODB-CR auth (#4717)
• NODE-5994: Remove metadata-related properties from public driver API (#4716)
• NODE-7016: remove beta namespace and move resource management into driver (#4719)
• NODE-4184: don't throw on aggregate with write concern and explain (#4718)
• NODE-7043, NODE-7217: adopt mongodb-client-encryption v7 (#4705)
• NODE-6065: throw MongoRuntimeError instead of MissingDependencyError in crypto connection (#4711)
• NODE-6584: improve typing for filepaths in AutoEncryptionOptions (#4341)
• NODE-6334: rename PoolRequstedRetry to PoolRequestedRetry (#4696)
• NODE-7174: drop support for Node16 and Node18 (#4668)
• NODE-7047: use custom credential provider first after URI (#4656)
• NODE-6988: require aws sdk for aws auth (#4659)

Features

... (truncated)

Commits

• b7cd1ef chore(main): release 7.1.0 (#4795)
• 9151d48 test(NODE-7400): Test Node Driver 7.0.0 against latest version of BSON librar...
• 59c2557 test(NODE-7415): sync spec test for server deprioritization with changed Serv...
• ea31dcd ci(NODE-7025): New SBOM generation workflow on dependencies change (#4807)
• 8b900ee test(NODE-7402): sync spec tests for CSOT (#4852)
• d46b8d0 test(NODE-7393): sync spec tests for transaction logging (#4850)
• 000fa0f test(NODE-7420): skip large encryption tests on mongocryptd (#4854)
• 0358360 test(NODE-7394): add test suite that runs with TLS enabled (#4845)
• 840c77b chore(deps): bump drivers-evergreen-tools from 61cb4e9 to c7ec372 (#4848)
• 2b2366d fix(NODE-7298): ensure commonWireVersion is computed from server maxWireVersi...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions