build: bump mongodb from 6.18.0 to 6.19.0

[dependabot]

Bumps mongodb from 6.18.0 to 6.19.0.

Release notes

Sourced from mongodb's releases.

v6.19.0

6.19.0 (2025-08-26)

The MongoDB Node.js team is pleased to announce version 6.19.0 of the mongodb package!

Release Notes

Experimental Support for Queryable Encryption Text Field Prefix, Suffix and Substring Queries

[!IMPORTANT] Substring, prefix and suffix search are in preview and should be used for experimental workloads only. These features are unstable and their security is not guaranteed until released as Generally Available (GA). The GA version of these features may not be backwards compatible with the preview version.

When using Queryable Encryption with both automatic encryption and explicit encryption, text fields can now be queried using prefix, suffix and substring queries. This feature requires mongodb-client-encryption@>=6.5.0.

Allow a secureContext for Auto Encryption and Client Encryption TLS options

This can be provided in the tlsOptions option both both objects.

import * as tls from 'tls';
import { ClientEncryption, MongoClient } from 'mongodb';
const caFile = await fs.readFile(process.env.CSFLE_TLS_CA_FILE);
const certFile = await fs.readFile(process.env.CSFLE_TLS_CLIENT_CERT_FILE);
const secureContextOptions = {
ca: caFile,
key: certFile,
cert: certFile
};
const options = {
keyVaultNamespace: 'db.coll',
kmsProviders: {
aws: {}
}
},
tlsOptions: {
aws: {
secureContext: tls.createSecureContext(secureContextOptions),
}
}
};
const client = this.configuration.newClient({}, { autoEncryption: { ...options, schemaMap } });
const clientEncryption = new ClientEncryption(client, options);

collection.findOne() and collection.find() will no longer potentially leave open cursors on the server

The findOne command will now always set the limit option to 1 and singleBatch to true. The limit, noCursorResponse and batchSize options have also been deprecated, and the command will guarantee no more cursors can be orphaned and no killCursors command will be potentially executed.

... (truncated)

Changelog

Sourced from mongodb's changelog.

6.19.0 (2025-08-26)

Features

• NODE-4179: allow secureContext in KMS TLS options (#4578) (0ea6eaa)
• NODE-6472: findOne and find no longer keep open cursors (#4580) (be7f808)
• NODE-7020: remove ping on connect (#4607) (3d296b7)
• NODE-7059, NODE-7008: add support for text queries for QE string fields (#4597) (e4492f3)

Commits

• 56b70f8 chore(main): release 6.19.0 (#4593)
• 9832b5e chore: Update dependabot.yml to allow prod dependencies (#4628)
• 46ea299 test(NODE-7118): fix CSOT socket read failure test on latest servers (#4627)
• 66706f8 chore(deps-dev): bump the development-dependencies group across 1 directory w...
• 9261717 refactor(NODE-7087): remove ModernizedOperation and ModernizedCommandOperatio...
• 0aac1fb refactor(NODE-7086): refactor misc operations (#4613)
• 48c3376 chore(deps): bump drivers-evergreen-tools from 61eacf1 to 9da8ebc (#4625)
• c2166a5 chore(deps): bump drivers-evergreen-tools from a332144 to 61eacf1 (#4620)
• b717a5d test: skip breaking csot test on latest (#4624)
• 1ea3a41 test(NODE-7110): update csot tests for drop index (#4621)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)