chore: [DevOps] Update to Spring AI 1.1.0

[dependabot]

Bumps the production-minor-patch group with 8 updates in the / directory:

Package	From	To
org.springframework.ai:spring-ai-bom	1.0.3	1.1.2
io.micrometer:micrometer-core	1.16.0	1.16.1
io.micrometer:micrometer-observation	1.16.0	1.16.1
org.wiremock:wiremock	3.13.1	3.13.2
com.puppycrawl.tools:checkstyle	12.1.1	12.2.0
org.apache.tomcat.embed:tomcat-embed-core	11.0.13	11.0.15
org.apache.tomcat.embed:tomcat-embed-websocket	11.0.13	11.0.15
com.sap.hcp.cf.logging:cf-java-logging-support-logback	4.0.0	4.0.1

Updates org.springframework.ai:spring-ai-bom from 1.0.3 to 1.1.2

Release notes

Sourced from org.springframework.ai:spring-ai-bom's releases.

Spring AI 1.1.1 Release Notes

🎯 Highlights

This release includes 13 new features, 16 bug fixes, 3 documentation improvements, 11 other improvements.

⭐ New Features

• Added native integration with the official OpenAI Java SDK, providing improved type safety and API coverage for OpenAI model interactions. e56b344
• ChatClient now supports native structured output, enabling more reliable and type-safe extraction of structured data from model responses. 3c3c3eb
• Integrated Claude Skills API with support for the Files API, enabling file-based interactions and enhanced Claude model capabilities. b7a36bb
• Backported Skills API support fixes to the 1.1.x maintenance branch for improved stability and consistency across versions. a1f32d1
• Added support for ISNULL and ISNOTNULL filter expressions in vector store queries, enabling null value checks in filter operations. 8e9ad36
• Introduced ThinkingLevel configuration support in ThinkingConfig to provide more control over reasoning and thinking processes. 7e6da6e
• Enhanced Vertex Gemini integration to include safety ratings in response metadata, providing visibility into content safety assessments. f4eb375
• The ToolCallAdvisor now supports extensibility through hook methods, allowing developers to customize tool call behavior in their applications 2c8c4e7
• GemFire Vector Store now supports username and password authentication for secure connections 21db782
• Added support for thought signatures in Google GenAI's Gemini 3 Pro model when using function calling capabilities 9bdf182
• Added support for the latest Claude 4.5 models including Opus and Haiku variants with updated documentation 2c7b10e
• Added prompt_tokens_details support and updated default chat options for ZhipuAI integration tests a66e243
• Introduces a new Spring Boot starter that provides auto-configuration for using Azure Cosmos DB as a chat memory repository, simplifying the setup for persisting conversation history in Spring AI applications. ef8f413

🪲 Bug Fixes

• Enhanced error handling for JSON parsing failures in MethodToolCallback, providing better diagnostics and recovery. d4f22ce
• Fixed tool execution exception handling in MethodToolCallback for improved error reporting and stability. b0a97c7
• Changed toolCallingManager visibility to protected, enabling proper extensibility for custom implementations. 4585acd
• Corrected TokenTextSplitter behavior when handling punctuation marks to ensure proper text segmentation. 8cc4ea4
• Resolved issue where the extraBody parameter was not being properly included in OpenAI API requests, ensuring custom request bodies are sent correctly. 0646d1e
• Fixed MariaDBSchemaValidator to correctly handle escaped spaces and eliminate misleading error messages during schema validation. f0268c0
• Resolved GraalVM native image compilation issues when using Java 22, improving compatibility and build success. 2cb1daa
• Fixed missing auto-configuration for OCI GenAI Inference client to ensure proper initialization 808dd7e
• Resolved missing auto-configuration classes to ensure all components are properly registered 3cc3a79
• Corrected issue where OpenAI gpt-oss models running on Amazon Bedrock returned null responses 88e03cd
• OpenSearch vector store now omits explicit IDs when manageDocumentIds=false, improving AWS Serverless compatibility with additional unit and integration tests 3618524
• Resolved issues in OpenSearch vector store integration tests 0f0f33e
• MCP client auto-configuration now supports optional handlers registry configuration #4920
• ClientMcp handlers registry now properly handles beans with unresolvable types #4918
• Fixed MongoDB vector store index creation to work across different Spring Data MongoDB versions 0821f48
• Enhanced retry logic for Oracle Vector Store integration test container startup 9950cf7

📓 Documentation

• Updated broken documentation link for Redis search queries to point to current documentation 1fa0e07
• Corrected typo in code comments for DefaultChatClientUtils a56380b
• Corrected documentation typo for HNSW (Hierarchical Navigable Small World) algorithm f476626

🔨 Dependency Upgrades

• Updated Apache Commons Lang to 3.18.0 to address CVE (Uncontrolled Recursion vulnerability). af6496a
• Updated Apache Commons Compress to 1.28.0 to fix CVEs (Infinite Loop and Resource Allocation vulnerabilities). 82424f8
• Updated Spring Boot dependency to version 3.5.8, bringing latest bug fixes and improvements from the Spring Boot framework. 2c854d3
• Updated io.swagger.core.v3:swagger-annotations from 2.2.30 to 2.2.38 1119293
• Updated MCP library dependencies to latest versions 5fcc557

... (truncated)

Commits

• 74c0d05 Release version 1.1.2
• 05254e7 Add doFinalizeLoop() hook to ToolCallAdvisor (#5064)
• 4cfe9fa Switch back stable releases for MCP JDK and MCP annotation
• d563007 Use Java 21(exact) for 1.1.x branch.
• 65b6c7d Override protobuf-java version in milvus-store to fix CVE-2024-7254
• db7d44d Remove duplicate entry for Azure Identity
• e3fd662 Update MCP JDK and MCP annotations to latest snapshots
• 5d266f9 Next development version 1.1.2-SNAPSHOT
• 2add90c Upgrade MCP support
• e08a614 Remove obsolete CI workflow
• Additional commits viewable in compare view

Updates io.micrometer:micrometer-core from 1.16.0 to 1.16.1

Release notes

Sourced from io.micrometer:micrometer-core's releases.

1.16.1

🐞 Bug Fixes

• Don't filter log events in LogbackMetricsBenchmark #6891
• Return value nullability is incorrect on function wrapper methods #6869

📔 Documentation

• Add link to the latest Micrometer Team talk #6881
• Document JSpecify dependency #6886
• Make cross-references more consistent in the docs #6915

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.20 to 1.5.21 #6877
• Bump com.netflix.spectator:spectator-reg-atlas from 1.9.1 to 1.9.2 #6904
• Bump com.uber.nullaway:nullaway from 0.12.12 to 0.12.14 #6937
• Bump grpc from 1.76.0 to 1.76.1 #6902
• Bump io.freefair.aspectj.post-compile-weaving from 8.14.2 to 8.14.3 #6876
• Bump io.prometheus:prometheus-metrics-bom from 1.4.2 to 1.4.3 #6868
• Bump spring6 from 6.2.12 to 6.2.14 #6890

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​MiLabuda, @​izeye, and @​ngocnhan-tran1996

Commits

• 0550e76 Merge branch '1.15.x' into 1.16.x
• e8dd176 Merge branch '1.14.x' into 1.15.x
• d8a46b5 Fixed flaky test for mongo client (#6924)
• 0bbe73b Bump com.uber.nullaway:nullaway from 0.12.13 to 0.12.14 (#6937)
• d0b368d Polish gh-6612 (#6932)
• aa9eac0 Bump com.uber.nullaway:nullaway from 0.12.12 to 0.12.13 (#6930)
• 57bd4ff Merge branch '1.15.x' into 1.16.x
• 11d8fb1 Merge branch '1.14.x' into 1.15.x
• 5779b09 Backport fixing typos in docs
• 8b88e43 Merge branch '1.15.x' into 1.16.x
• Additional commits viewable in compare view

Updates io.micrometer:micrometer-observation from 1.16.0 to 1.16.1

Release notes

Sourced from io.micrometer:micrometer-observation's releases.

1.16.1

🐞 Bug Fixes

• Don't filter log events in LogbackMetricsBenchmark #6891
• Return value nullability is incorrect on function wrapper methods #6869

📔 Documentation

• Add link to the latest Micrometer Team talk #6881
• Document JSpecify dependency #6886
• Make cross-references more consistent in the docs #6915

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.20 to 1.5.21 #6877
• Bump com.netflix.spectator:spectator-reg-atlas from 1.9.1 to 1.9.2 #6904
• Bump com.uber.nullaway:nullaway from 0.12.12 to 0.12.14 #6937
• Bump grpc from 1.76.0 to 1.76.1 #6902
• Bump io.freefair.aspectj.post-compile-weaving from 8.14.2 to 8.14.3 #6876
• Bump io.prometheus:prometheus-metrics-bom from 1.4.2 to 1.4.3 #6868
• Bump spring6 from 6.2.12 to 6.2.14 #6890

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​MiLabuda, @​izeye, and @​ngocnhan-tran1996

Commits

• 0550e76 Merge branch '1.15.x' into 1.16.x
• e8dd176 Merge branch '1.14.x' into 1.15.x
• d8a46b5 Fixed flaky test for mongo client (#6924)
• 0bbe73b Bump com.uber.nullaway:nullaway from 0.12.13 to 0.12.14 (#6937)
• d0b368d Polish gh-6612 (#6932)
• aa9eac0 Bump com.uber.nullaway:nullaway from 0.12.12 to 0.12.13 (#6930)
• 57bd4ff Merge branch '1.15.x' into 1.16.x
• 11d8fb1 Merge branch '1.14.x' into 1.15.x
• 5779b09 Backport fixing typos in docs
• 8b88e43 Merge branch '1.15.x' into 1.16.x
• Additional commits viewable in compare view

Updates io.micrometer:micrometer-observation from 1.16.0 to 1.16.1

Release notes

Sourced from io.micrometer:micrometer-observation's releases.

1.16.1

🐞 Bug Fixes

• Don't filter log events in LogbackMetricsBenchmark #6891
• Return value nullability is incorrect on function wrapper methods #6869

📔 Documentation

• Add link to the latest Micrometer Team talk #6881
• Document JSpecify dependency #6886
• Make cross-references more consistent in the docs #6915

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.20 to 1.5.21 #6877
• Bump com.netflix.spectator:spectator-reg-atlas from 1.9.1 to 1.9.2 #6904
• Bump com.uber.nullaway:nullaway from 0.12.12 to 0.12.14 #6937
• Bump grpc from 1.76.0 to 1.76.1 #6902
• Bump io.freefair.aspectj.post-compile-weaving from 8.14.2 to 8.14.3 #6876
• Bump io.prometheus:prometheus-metrics-bom from 1.4.2 to 1.4.3 #6868
• Bump spring6 from 6.2.12 to 6.2.14 #6890

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​MiLabuda, @​izeye, and @​ngocnhan-tran1996

Commits

• 0550e76 Merge branch '1.15.x' into 1.16.x
• e8dd176 Merge branch '1.14.x' into 1.15.x
• d8a46b5 Fixed flaky test for mongo client (#6924)
• 0bbe73b Bump com.uber.nullaway:nullaway from 0.12.13 to 0.12.14 (#6937)
• d0b368d Polish gh-6612 (#6932)
• aa9eac0 Bump com.uber.nullaway:nullaway from 0.12.12 to 0.12.13 (#6930)
• 57bd4ff Merge branch '1.15.x' into 1.16.x
• 11d8fb1 Merge branch '1.14.x' into 1.15.x
• 5779b09 Backport fixing typos in docs
• 8b88e43 Merge branch '1.15.x' into 1.16.x
• Additional commits viewable in compare view

Updates org.wiremock:wiremock from 3.13.1 to 3.13.2

Release notes

Sourced from org.wiremock:wiremock's releases.

3.13.2

What's Changed

• Bump minor / bugfix versions of dependencies to latest by @​Mahoney in wiremock/wiremock#3222
• Bump ui versions by @​Mahoney in wiremock/wiremock#3224
• Remove unnecessary file by @​Mahoney in wiremock/wiremock#3227
• Remove standalone only by @​Mahoney in wiremock/wiremock#3225

Full Changelog: wiremock/wiremock@3.13.1...3.13.2

Commits

• 88587aa Use the new Maven Central publish mechanism
• 31c2745 Merge pull request #3225 from wiremock/3.x-remove-standalone-only
• fe27d5e Merge pull request #3227 from wiremock/fix-ui
• 33f95c0 Remove unnecessary file
• 2b6c07b Merge pull request #3224 from wiremock/upgrade-ui
• 27feb5b Remove standaloneOnly
• 581c243 Bump ui versions
• 084d434 Bump version to 3.13.2 in prep for release
• 9e4ce88 Bump version to 3.13.2 in prep for release
• 2b296d6 Merge pull request #3222 from wiremock/3.x-versions
• Additional commits viewable in compare view

Updates com.puppycrawl.tools:checkstyle from 12.1.1 to 12.2.0

Release notes

Sourced from com.puppycrawl.tools:checkstyle's releases.

checkstyle-12.2.0

Checkstyle 12.2.0 - https://checkstyle.org/releasenotes.html#Release_12.2.0

New:

#18088 - Include full check name alongside ID in XML violation reports #17919 - Java25's import-module support

Bug fixes:

#18074 - JAR for 12.1.1 is missing org.slf4j package #18171 - RedundantImport does not work with module imports #18132 - PatternVariableAssignment gives error when assigning to field (using this.) with the same name as pattern variable #18104 - Drop support in checks for no-longer-compilable preview feature - Pattern matching for swtich

checkstyle-12.1.2

Checkstyle 12.1.2 - https://checkstyle.org/releasenotes.html#Release_12.1.2

Bug fixes:

... (truncated)

Commits

• 5e6ff5f [maven-release-plugin] prepare release checkstyle-12.2.0
• 56cd358 doc: release notes for 12.2.0
• ffbeec6 Issue #18074: Update slf4j to 2.0.17 and suppress convergence check
• 8369167 doc: clarify behavior of NewlineAtEndOfFileCheck regarding extra blank lines
• 4e43ff0 dependency: bump pmd.version from 7.18.0 to 7.19.0
• 07108ee Issue #18026: Resolve Pitest suppression for getExclusions
• 31c29dd dependency: bump com.google.errorprone:error_prone_core
• e38a3e7 dependency: bump com.mebigfatguy.sb-contrib:sb-contrib
• b9eb903 Issue #18110: Improve wrapping in web site for Command mentioneds in command ...
• 12f171a Issue #18070: resolve PMD warning during execution
• Additional commits viewable in compare view

Updates org.apache.tomcat.embed:tomcat-embed-core from 11.0.13 to 11.0.15

Updates org.apache.tomcat.embed:tomcat-embed-websocket from 11.0.13 to 11.0.15

Updates org.apache.tomcat.embed:tomcat-embed-websocket from 11.0.13 to 11.0.15

Updates com.sap.hcp.cf.logging:cf-java-logging-support-logback from 4.0.0 to 4.0.1

Commits

• a6c0d03 Create Final Release 4.0.1
• d4794b8 Add sanitization for span attributes (#314)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions