chore: upgrade mongodb to 7.0.0 to fix AWS IAM credentials

[Faizan-902]

• Updated mongodb dependency from 6.10.0 to 7.0.0 in root package.json resolutions
• Updated mongodb dependency from 6.16.0 to 7.0.0 in apps/meteor/package.json
• MongoDB 7.x properly supports AWS IAM authentication via default credential provider chain
• Fixes issue with AWS_CONTAINER_CREDENTIALS_FULL_URI in containerized environments

Fixes #37456

Proposed changes (including videos or screenshots)

Issue(s)

Steps to test or reproduce

Further comments

Summary by CodeRabbit

• Chores

  • Upgraded MongoDB dependency to 7.0.0 across the project.

• Documentation

  • Added a changeset/release note for a patch release reflecting the upgrade.

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is missing the 'stat: QA assured' label
• This PR is missing the required milestone or project

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[changeset-bot]

🦋 Changeset detected

Latest commit: 7f7d9b9

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 41 packages

Name	Type
@rocket.chat/meteor	Patch
@rocket.chat/core-typings	Patch
@rocket.chat/rest-typings	Patch
@rocket.chat/uikit-playground	Patch
@rocket.chat/api-client	Patch
@rocket.chat/apps	Patch
@rocket.chat/core-services	Patch
@rocket.chat/cron	Patch
@rocket.chat/ddp-client	Patch
@rocket.chat/freeswitch	Patch
@rocket.chat/fuselage-ui-kit	Patch
@rocket.chat/gazzodown	Patch
@rocket.chat/http-router	Patch
@rocket.chat/livechat	Patch
@rocket.chat/model-typings	Patch
@rocket.chat/ui-avatar	Patch
@rocket.chat/ui-client	Patch
@rocket.chat/ui-contexts	Patch
@rocket.chat/web-ui-registration	Patch
@rocket.chat/account-service	Patch
@rocket.chat/authorization-service	Patch
@rocket.chat/ddp-streamer	Patch
@rocket.chat/omnichannel-transcript	Patch
@rocket.chat/presence-service	Patch
@rocket.chat/queue-worker	Patch
@rocket.chat/stream-hub-service	Patch
@rocket.chat/federation-matrix	Patch
@rocket.chat/license	Patch
@rocket.chat/media-calls	Patch
@rocket.chat/omnichannel-services	Patch
@rocket.chat/pdf-worker	Patch
@rocket.chat/presence	Patch
rocketchat-services	Patch
@rocket.chat/models	Patch
@rocket.chat/network-broker	Patch
@rocket.chat/omni-core-ee	Patch
@rocket.chat/mock-providers	Patch
@rocket.chat/ui-video-conf	Patch
@rocket.chat/ui-voip	Patch
@rocket.chat/instance-status	Patch
@rocket.chat/omni-core	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

Walkthrough

MongoDB dependency bumped to 7.0.0 in the repository root resolutions and in apps/meteor/package.json. A changeset file was added documenting the patch release and the upgrade. No source code logic changes are included in this diff.

Changes

Cohort / File(s)	Summary
Root package resolution package.json	Updated resolutions.mongodb from 6.10.0 to 7.0.0.
Meteor app package apps/meteor/package.json	Updated mongodb dependency from 6.16.0 to 7.0.0.
Release notes / changeset .changeset/good-emus-pay.md	Added changeset documenting a patch release for @rocket.chat/meteor and the chore to upgrade mongodb to 7.0.0.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant App as Rocket.Chat
  participant Driver as mongodb@7.0.0
  participant AWS as AWS Credential Provider (SDK)
  participant MongoDB as MongoDB Atlas

  Note over Driver,AWS: New flow (post-upgrade)
  App->>Driver: connect(MONGO_URL, options)
  Driver->>AWS: use default credential chain (env, container, IMDS, credproxy)
  AWS-->>Driver: credentials
  Driver->>MongoDB: authenticate with credentials
  MongoDB-->>Driver: connection established
  Driver-->>App: connected

Loading

sequenceDiagram
  autonumber
  participant App as Rocket.Chat
  participant DriverOld as mongodb@<=6.x
  participant LocalCred as aws_temporary_credentials.ts (custom)
  participant IMDS as IMDS / EC2 endpoint
  participant MongoDB as MongoDB Atlas

  Note over DriverOld,LocalCred: Prior flow (pre-upgrade)
  App->>DriverOld: connect(MONGO_URL, options)
  DriverOld->>LocalCred: fallback custom credential lookup
  LocalCred->>IMDS: direct IMDS requests (169.254.169.254)
  IMDS-->>LocalCred: credentials or timeouts
  LocalCred-->>DriverOld: credentials (limited sources)
  DriverOld->>MongoDB: authenticate with credentials (or fail/timeout)
  MongoDB-->>DriverOld: connection result
  DriverOld-->>App: connected / error

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Review areas requiring attention:
  • apps/meteor/package.json — confirm peer/node compatibility and any driver-specific options.
  • package.json resolutions — ensure no other packages rely on the older driver API.
  • CI/test jobs and Docker images — verify Node.js runtime compatibility with mongodb 7.x.
  • Audit any custom AWS credential fallback code (e.g., aws_temporary_credentials.ts) elsewhere in repo to avoid duplicate/conflicting behavior.

Possibly related PRs

• chore: bump meteor 3.3.2 #37336 — Prior mongodb dependency bump to 6.16.x; related as part of the mongodb upgrade path.

Suggested labels

stat: ready to merge, stat: QA assured

Suggested reviewers

• sampaiodiego
• ggazzo
• KevLehman

Poem

🐰 I hopped through the packages bright and keen,

Bumped MongoDB up to seven — what a scene!
AWS creds now follow the standard way,
Containers breathe easy, no timeouts today. ✨

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: upgrading MongoDB to 7.0.0 to fix AWS IAM credentials, which is the primary focus of all modifications.
Linked Issues check	✅ Passed	The PR updates MongoDB from 6.x to 7.0.0 in both package.json files and adds a changeset entry, directly addressing the core requirement [#37456] to upgrade the driver for proper AWS IAM credential handling.
Out of Scope Changes check	✅ Passed	All changes are directly in scope: updating MongoDB package versions and documenting the release via changeset, with no unrelated modifications present.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between cc5c87c and 08ce778.

📒 Files selected for processing (1)

• .changeset/good-emus-pay.md (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• .changeset/good-emus-pay.md

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}