Bump org.springframework.ai:spring-ai-bom from 1.0.0 to 1.1.2

[dependabot]

Bumps org.springframework.ai:spring-ai-bom from 1.0.0 to 1.1.2.

Release notes

Sourced from org.springframework.ai:spring-ai-bom's releases.

Spring AI 1.1.2 - Bug Fixes

Spring AI 1.1.2 Release Notes

🎯 Highlights

This patch release focuses on bug fixes, security improvements and dependency management. It includes a bug fix to make Spring AI 1.1.x still compatible with Kotlin 1.9.x, a security fix for the Milvus vector store addressing CVE-2024-7254, updates to MCP (Model Context Protocol) dependencies, and a new hook in the ToolCallAdvisor for enhanced tool calling workflows.

⭐ New Features

• Introduces a new hook method in ToolCallAdvisor that allows customization of the finalization loop in tool call workflows, providing better extensibility for advanced tool calling scenarios 05254e7

🪲 Bug Fixes

• Cleaned up duplicate dependency declaration for Azure Identity library, improving build consistency db7d44d

🔨 Dependency Upgrades

• Upgraded Model Context Protocol (MCP) JDK and MCP annotations from snapshot versions to stable releases, improving stability and compatibility 4cfe9fa

🔩 Build Updates

• Updated build configuration to require exact Java 21 version for the 1.1.x release branch, ensuring consistent build environment d563007

🔐 Security

• Overrode protobuf-java version in milvus-store dependency to address security vulnerability CVE-2024-7254 65b6c7d

🙏 Contributors

Thanks to all contributors who made this release possible:

• Christian Tzolov (@​tzolov)
• Eric Bottard (@​ericbottard)
• Ilayaperumal Gopinathan (@​ilayaperumalg)
• Julien Dubois (@​jdubois)
• Rory Preddy (@​roryp)

Spring AI 1.1.1 Release Notes

🎯 Highlights

This release includes 13 new features, 16 bug fixes, 3 documentation improvements, 11 other improvements.

⭐ New Features

• Added native integration with the official OpenAI Java SDK, providing improved type safety and API coverage for OpenAI model interactions. e56b344
• ChatClient now supports native structured output, enabling more reliable and type-safe extraction of structured data from model responses. 3c3c3eb
• Integrated Claude Skills API with support for the Files API, enabling file-based interactions and enhanced Claude model capabilities. b7a36bb
• Backported Skills API support fixes to the 1.1.x maintenance branch for improved stability and consistency across versions. a1f32d1
• Added support for ISNULL and ISNOTNULL filter expressions in vector store queries, enabling null value checks in filter operations. 8e9ad36
• Introduced ThinkingLevel configuration support in ThinkingConfig to provide more control over reasoning and thinking processes. 7e6da6e
• Enhanced Vertex Gemini integration to include safety ratings in response metadata, providing visibility into content safety assessments. f4eb375
• The ToolCallAdvisor now supports extensibility through hook methods, allowing developers to customize tool call behavior in their applications 2c8c4e7
• GemFire Vector Store now supports username and password authentication for secure connections 21db782
• Added support for thought signatures in Google GenAI's Gemini 3 Pro model when using function calling capabilities 9bdf182
• Added support for the latest Claude 4.5 models including Opus and Haiku variants with updated documentation 2c7b10e
• Added prompt_tokens_details support and updated default chat options for ZhipuAI integration tests a66e243
• Introduces a new Spring Boot starter that provides auto-configuration for using Azure Cosmos DB as a chat memory repository, simplifying the setup for persisting conversation history in Spring AI applications. ef8f413

... (truncated)

Commits

• 74c0d05 Release version 1.1.2
• 05254e7 Add doFinalizeLoop() hook to ToolCallAdvisor (#5064)
• 4cfe9fa Switch back stable releases for MCP JDK and MCP annotation
• d563007 Use Java 21(exact) for 1.1.x branch.
• 65b6c7d Override protobuf-java version in milvus-store to fix CVE-2024-7254
• db7d44d Remove duplicate entry for Azure Identity
• e3fd662 Update MCP JDK and MCP annotations to latest snapshots
• 5d266f9 Next development version 1.1.2-SNAPSHOT
• 2add90c Upgrade MCP support
• e08a614 Remove obsolete CI workflow
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)