Skip to content

chore(deps): bump spring-ai.version from 1.1.4 to 1.1.5#90

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/maven/spring-ai.version-1.1.5
Open

chore(deps): bump spring-ai.version from 1.1.4 to 1.1.5#90
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/maven/spring-ai.version-1.1.5

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 4, 2026

Bumps spring-ai.version from 1.1.4 to 1.1.5.
Updates org.springframework.ai:spring-ai-model from 1.1.4 to 1.1.5

Release notes

Sourced from org.springframework.ai:spring-ai-model's releases.

Spring AI 1.1.5 Release Notes

🎯 Highlights

This release includes 9 bug fixes, 3 documentation improvements, 11 other improvements.

⚠️ Upgrading Notes

  • The Pixtral 12B model has been removed and Pixtral Large is deprecated. Update your model configuration to use the currently recommended Pixtral models to avoid issues in future releases. 447d2a4

📢 Noteworthy

  • The Pixtral 12B model has been removed and the Pixtral Large model is now deprecated. Integration tests have been updated to use the recommended replacement models. Users relying on these models should migrate to the recommended alternatives. 447d2a4

🪲 Bug Fixes

  • Fixed the CosmosDB vector store's doDelete method to properly parameterize queries, preventing potential SQL injection vulnerabilities and improving correctness. 6039e57
  • Fixed an issue where conversationId was not correctly applied in the VectorStoreChatMemoryAdvisor filter, which could cause incorrect memory retrieval across conversations. 3cccfdf
  • Corrected key handling in the vector store filter expression converter to ensure filter expressions are properly evaluated. 01386e2
  • Resolved test non-determinism in the BedrockConverse streaming token usage tests, improving test reliability. 4747a3c
  • Corrected the test class naming to properly apply the integration test suffix, ensuring proper test categorization and execution. #5853
  • Corrected string parsing logic for the toolChoice field in OpenAiSdkChatModel to ensure proper handling of tool choice configurations. aeb33b0 via #5735
  • Fixed an issue where the extra_body parameter was incorrectly included in outgoing OpenAI API requests, which could cause unexpected behavior. 4c0120c
  • Resolved issues with Javadoc generation and configuration to ensure API documentation is correctly produced. 0a71804
  • Corrected the test bypass condition so integration tests are properly skipped when required API keys are not configured in the environment. bc26dc1

📓 Documentation

  • Updated the README to include a note about CPU architecture requirements or compatibility information. a21e988
  • Added documentation explaining how MCP servers can re-publish tools from MCP clients, clarifying the tool propagation model in multi-server setups. #5778
  • Improved documentation to clarify the intended usage and behavior of the extra_body parameter in OpenAI API requests. 3d4d75b

🔨 Dependency Upgrades

  • Updated the Spring Boot dependency to version 3.5.14, incorporating the latest bug fixes and improvements from the Spring Boot team. eb4c9a5
  • Updated the Spring Boot dependency to version 3.5.13 as an intermediate upgrade. 9b902f8
  • Updated document parsing dependencies: Apache Tika upgraded to 3.3.0, jsoup to 1.22.1, and Apache PDFBox to 3.0.7 for improved document processing capabilities and bug fixes. f25fc52

🔩 Build Updates

  • Updated GitHub Actions workflow dependencies to their latest versions to improve CI/CD reliability and security. 9b70b38
  • Changed the PR check workflow to use mvn package instead of mvn test for more efficient pull request validation. 7d2e455
  • Integration tests are now skipped in the CI pipeline to improve build performance, and the release notes generation workflow has been removed. #5688
  • The project has been bumped to the next development version 1.1.5-SNAPSHOT following the release. 400dc42

🔐 Security

  • Hardened the default cache directory used for transformer models to prevent unauthorized access or tampering with cached model files. aac6b80
  • Fixed a potential denial-of-service vulnerability where a malformed PDF could cause excessive memory allocation during document parsing. b61ac6a

🙏 Contributors

Thanks to all contributors who made this release possible:

... (truncated)

Commits
  • 3d66270 Release version 1.1.5
  • eb4c9a5 Upgrade to latest Spring Boot to 3.5.14
  • aac6b80 Secure the default cache dir for transformer models
  • 6039e57 Fix Cosmosdb doDelete method to parameterize the query
  • b61ac6a Prevent excessive char allocation via malformed pdf
  • 3cccfdf Properly handle conversationId in VectorStoreChatMemoryAdvisor filter
  • 01386e2 fix: vector store filter expression converter key handling
  • 455f97a Apply integration test suffix to JdbcChatMemoryRepositorySchemaInitializerPos...
  • 4747a3c Fix non-determinism in streamingWithTokenUsage in BedrockConverse tests
  • a21e988 Updated README for CPU arch note
  • Additional commits viewable in compare view

Updates org.springframework.ai:spring-ai-client-chat from 1.1.4 to 1.1.5

Release notes

Sourced from org.springframework.ai:spring-ai-client-chat's releases.

Spring AI 1.1.5 Release Notes

🎯 Highlights

This release includes 9 bug fixes, 3 documentation improvements, 11 other improvements.

⚠️ Upgrading Notes

  • The Pixtral 12B model has been removed and Pixtral Large is deprecated. Update your model configuration to use the currently recommended Pixtral models to avoid issues in future releases. 447d2a4

📢 Noteworthy

  • The Pixtral 12B model has been removed and the Pixtral Large model is now deprecated. Integration tests have been updated to use the recommended replacement models. Users relying on these models should migrate to the recommended alternatives. 447d2a4

🪲 Bug Fixes

  • Fixed the CosmosDB vector store's doDelete method to properly parameterize queries, preventing potential SQL injection vulnerabilities and improving correctness. 6039e57
  • Fixed an issue where conversationId was not correctly applied in the VectorStoreChatMemoryAdvisor filter, which could cause incorrect memory retrieval across conversations. 3cccfdf
  • Corrected key handling in the vector store filter expression converter to ensure filter expressions are properly evaluated. 01386e2
  • Resolved test non-determinism in the BedrockConverse streaming token usage tests, improving test reliability. 4747a3c
  • Corrected the test class naming to properly apply the integration test suffix, ensuring proper test categorization and execution. #5853
  • Corrected string parsing logic for the toolChoice field in OpenAiSdkChatModel to ensure proper handling of tool choice configurations. aeb33b0 via #5735
  • Fixed an issue where the extra_body parameter was incorrectly included in outgoing OpenAI API requests, which could cause unexpected behavior. 4c0120c
  • Resolved issues with Javadoc generation and configuration to ensure API documentation is correctly produced. 0a71804
  • Corrected the test bypass condition so integration tests are properly skipped when required API keys are not configured in the environment. bc26dc1

📓 Documentation

  • Updated the README to include a note about CPU architecture requirements or compatibility information. a21e988
  • Added documentation explaining how MCP servers can re-publish tools from MCP clients, clarifying the tool propagation model in multi-server setups. #5778
  • Improved documentation to clarify the intended usage and behavior of the extra_body parameter in OpenAI API requests. 3d4d75b

🔨 Dependency Upgrades

  • Updated the Spring Boot dependency to version 3.5.14, incorporating the latest bug fixes and improvements from the Spring Boot team. eb4c9a5
  • Updated the Spring Boot dependency to version 3.5.13 as an intermediate upgrade. 9b902f8
  • Updated document parsing dependencies: Apache Tika upgraded to 3.3.0, jsoup to 1.22.1, and Apache PDFBox to 3.0.7 for improved document processing capabilities and bug fixes. f25fc52

🔩 Build Updates

  • Updated GitHub Actions workflow dependencies to their latest versions to improve CI/CD reliability and security. 9b70b38
  • Changed the PR check workflow to use mvn package instead of mvn test for more efficient pull request validation. 7d2e455
  • Integration tests are now skipped in the CI pipeline to improve build performance, and the release notes generation workflow has been removed. #5688
  • The project has been bumped to the next development version 1.1.5-SNAPSHOT following the release. 400dc42

🔐 Security

  • Hardened the default cache directory used for transformer models to prevent unauthorized access or tampering with cached model files. aac6b80
  • Fixed a potential denial-of-service vulnerability where a malformed PDF could cause excessive memory allocation during document parsing. b61ac6a

🙏 Contributors

Thanks to all contributors who made this release possible:

... (truncated)

Commits
  • 3d66270 Release version 1.1.5
  • eb4c9a5 Upgrade to latest Spring Boot to 3.5.14
  • aac6b80 Secure the default cache dir for transformer models
  • 6039e57 Fix Cosmosdb doDelete method to parameterize the query
  • b61ac6a Prevent excessive char allocation via malformed pdf
  • 3cccfdf Properly handle conversationId in VectorStoreChatMemoryAdvisor filter
  • 01386e2 fix: vector store filter expression converter key handling
  • 455f97a Apply integration test suffix to JdbcChatMemoryRepositorySchemaInitializerPos...
  • 4747a3c Fix non-determinism in streamingWithTokenUsage in BedrockConverse tests
  • a21e988 Updated README for CPU arch note
  • Additional commits viewable in compare view

Updates org.springframework.ai:spring-ai-commons from 1.1.4 to 1.1.5

Release notes

Sourced from org.springframework.ai:spring-ai-commons's releases.

Spring AI 1.1.5 Release Notes

🎯 Highlights

This release includes 9 bug fixes, 3 documentation improvements, 11 other improvements.

⚠️ Upgrading Notes

  • The Pixtral 12B model has been removed and Pixtral Large is deprecated. Update your model configuration to use the currently recommended Pixtral models to avoid issues in future releases. 447d2a4

📢 Noteworthy

  • The Pixtral 12B model has been removed and the Pixtral Large model is now deprecated. Integration tests have been updated to use the recommended replacement models. Users relying on these models should migrate to the recommended alternatives. 447d2a4

🪲 Bug Fixes

  • Fixed the CosmosDB vector store's doDelete method to properly parameterize queries, preventing potential SQL injection vulnerabilities and improving correctness. 6039e57
  • Fixed an issue where conversationId was not correctly applied in the VectorStoreChatMemoryAdvisor filter, which could cause incorrect memory retrieval across conversations. 3cccfdf
  • Corrected key handling in the vector store filter expression converter to ensure filter expressions are properly evaluated. 01386e2
  • Resolved test non-determinism in the BedrockConverse streaming token usage tests, improving test reliability. 4747a3c
  • Corrected the test class naming to properly apply the integration test suffix, ensuring proper test categorization and execution. #5853
  • Corrected string parsing logic for the toolChoice field in OpenAiSdkChatModel to ensure proper handling of tool choice configurations. aeb33b0 via #5735
  • Fixed an issue where the extra_body parameter was incorrectly included in outgoing OpenAI API requests, which could cause unexpected behavior. 4c0120c
  • Resolved issues with Javadoc generation and configuration to ensure API documentation is correctly produced. 0a71804
  • Corrected the test bypass condition so integration tests are properly skipped when required API keys are not configured in the environment. bc26dc1

📓 Documentation

  • Updated the README to include a note about CPU architecture requirements or compatibility information. a21e988
  • Added documentation explaining how MCP servers can re-publish tools from MCP clients, clarifying the tool propagation model in multi-server setups. #5778
  • Improved documentation to clarify the intended usage and behavior of the extra_body parameter in OpenAI API requests. 3d4d75b

🔨 Dependency Upgrades

  • Updated the Spring Boot dependency to version 3.5.14, incorporating the latest bug fixes and improvements from the Spring Boot team. eb4c9a5
  • Updated the Spring Boot dependency to version 3.5.13 as an intermediate upgrade. 9b902f8
  • Updated document parsing dependencies: Apache Tika upgraded to 3.3.0, jsoup to 1.22.1, and Apache PDFBox to 3.0.7 for improved document processing capabilities and bug fixes. f25fc52

🔩 Build Updates

  • Updated GitHub Actions workflow dependencies to their latest versions to improve CI/CD reliability and security. 9b70b38
  • Changed the PR check workflow to use mvn package instead of mvn test for more efficient pull request validation. 7d2e455
  • Integration tests are now skipped in the CI pipeline to improve build performance, and the release notes generation workflow has been removed. #5688
  • The project has been bumped to the next development version 1.1.5-SNAPSHOT following the release. 400dc42

🔐 Security

  • Hardened the default cache directory used for transformer models to prevent unauthorized access or tampering with cached model files. aac6b80
  • Fixed a potential denial-of-service vulnerability where a malformed PDF could cause excessive memory allocation during document parsing. b61ac6a

🙏 Contributors

Thanks to all contributors who made this release possible:

... (truncated)

Commits
  • 3d66270 Release version 1.1.5
  • eb4c9a5 Upgrade to latest Spring Boot to 3.5.14
  • aac6b80 Secure the default cache dir for transformer models
  • 6039e57 Fix Cosmosdb doDelete method to parameterize the query
  • b61ac6a Prevent excessive char allocation via malformed pdf
  • 3cccfdf Properly handle conversationId in VectorStoreChatMemoryAdvisor filter
  • 01386e2 fix: vector store filter expression converter key handling
  • 455f97a Apply integration test suffix to JdbcChatMemoryRepositorySchemaInitializerPos...
  • 4747a3c Fix non-determinism in streamingWithTokenUsage in BedrockConverse tests
  • a21e988 Updated README for CPU arch note
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump spring-ai.version from 1.1.4 to 1.1.5
5ca3b64 
Bumps `spring-ai.version` from 1.1.4 to 1.1.5.

Updates `org.springframework.ai:spring-ai-model` from 1.1.4 to 1.1.5
- [Release notes](https://github.com/spring-projects/spring-ai/releases)
- [Commits](spring-projects/spring-ai@v1.1.4...v1.1.5)

Updates `org.springframework.ai:spring-ai-client-chat` from 1.1.4 to 1.1.5
- [Release notes](https://github.com/spring-projects/spring-ai/releases)
- [Commits](spring-projects/spring-ai@v1.1.4...v1.1.5)

Updates `org.springframework.ai:spring-ai-commons` from 1.1.4 to 1.1.5
- [Release notes](https://github.com/spring-projects/spring-ai/releases)
- [Commits](spring-projects/spring-ai@v1.1.4...v1.1.5)

---
updated-dependencies:
- dependency-name: org.springframework.ai:spring-ai-model
  dependency-version: 1.1.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.springframework.ai:spring-ai-client-chat
  dependency-version: 1.1.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.springframework.ai:spring-ai-commons
  dependency-version: 1.1.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels May 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants