chore(deps): bump org.springframework.ai:spring-ai-model from 2.0.0-M4 to 2.0.0-M5 in /meta-bom/bom-deamon

[dependabot]

Bumps org.springframework.ai:spring-ai-model from 2.0.0-M4 to 2.0.0-M5.

Release notes

Sourced from org.springframework.ai:spring-ai-model's releases.

Spring AI 2.0.0-M5 Release Notes

🎯 Highlights

This release includes 13 new features, 36 bug fixes, 14 documentation improvements, 41 other improvements.

⏪ Breaking Changes

• The MCP Java SDK has been upgraded to version 2.0.0-M2. This upgrade includes breaking API changes that require migration. Review the documented breaking changes before upgrading. #5879
• The spring-ai-azure-openai module has been removed from Spring AI. Azure OpenAI functionality is now available through the standard spring-ai-openai module, which provides full Azure OpenAI deployment support. Users must migrate their dependencies from spring-ai-azure-openai to spring-ai-openai and update their configuration accordingly. 3f5255f
• The ModelOptionsUtils.merge() method has been removed from non-chat model implementations. Applications relying on this utility method for options merging in non-chat models (e.g., audio, embedding, image models) will need to update their code to handle options merging directly. #5789
• Several ModelOptionsUtils.merge() calls have been removed from chat model implementations as part of the options management refactoring. This may affect custom integrations that depend on the previous options merging behavior. #5766
• The MCP JSON dependency has been removed from the spring-ai-client-chat module. Projects that relied on this transitive dependency will need to add it explicitly if still required. #5773 via #5760
• The ChatClient options merging behavior has been redesigned and moved to the ChatClient level via a new builder combineWith() method. This changes how model options are combined and may require updates to existing code that relies on the previous merging behavior. #5725
• The Vertex AI model and autoconfiguration modules for non-embedding use cases have been removed from Spring AI. Only the spring-ai-vertex-ai-embedding module remains. Users relying on Vertex AI chat or other non-embedding functionality must migrate to alternative model providers. Documentation has also been updated to reflect these removals. #5714
• The ZhipuAI model has been removed from the main Spring AI repository. Users currently using the ZhipuAI integration should check for alternative community-maintained modules or migrate to other supported model providers. #5700
• Oracle Cloud Infrastructure (OCI) GenAI support has been removed from the main Spring AI repository. Users relying on OCI GenAI will be able to migrate to a separate integration that will be released and documented shortly. #5695
• The SpringAiTestAutoConfigurations class has been removed. Projects that depend on this auto-configuration for testing will need to update their test setup accordingly. #5684

⚠️ Upgrading Notes

• Users integrating with the Model Context Protocol (MCP) must review the breaking changes introduced in the 2.0.0-M2 SDK upgrade. Update your MCP-related code and configuration according to the migration documentation added in this release. #5879
• Users of the Anthropic module should review the newly added migration documentation to ensure their configurations and code are compatible with the latest module changes. #5881
• If you were using the spring-ai-azure-openai dependency, you must remove it and replace it with spring-ai-openai. Update your Spring configuration to use the OpenAI auto-configuration with Azure-specific properties (endpoint, API key, deployment name). The spring-ai-openai module now fully supports Azure OpenAI deployments. Refer to the updated documentation and release notes for the OpenAI Java SDK transition for detailed migration instructions. 3f5255f
• The Pixtral 12B model has been removed and Pixtral Large is now deprecated. Update your configuration to use the currently recommended Mistral/Pixtral models to avoid disruptions. d479ced
• The spring-ai-openai-sdk module has been merged into spring-ai-openai and no longer exists as a separate artifact. If your project had a direct dependency on spring-ai-openai-sdk, remove it — all functionality is now provided by spring-ai-openai via the official openai-java SDK. No changes to existing spring.ai.openai.* configuration properties are required. #5779
• If your application or custom model integration calls ModelOptionsUtils.merge(), you will need to refactor to handle options merging without this utility. Review PRs #5789 and #5766 for guidance on the new options management approach. #5789
• If your project depends on MCP JSON functionality through the spring-ai-client-chat module, you must now declare this dependency explicitly in your build configuration following its removal as a transitive dependency. #5773 via #5760
• If your application relied on the previous options merging behavior at the model level, you should migrate to using the new combineWith() builder method on ChatClient. Review the updated documentation for the new merging semantics. #5725
• If you are using Vertex AI for chat, text generation, or other non-embedding use cases, you must migrate to an alternative model provider. The spring-ai-vertex-ai-embedding module for embeddings is still available. Remove any dependencies on spring-ai-vertex-ai-gemini or related non-embedding autoconfiguration modules from your project. #5714
• If your project uses the ZhipuAI model or its auto-configuration from Spring AI, you must migrate to an alternative. The integration has been removed from the main repository as of this release. #5700
• If your project uses OCI GenAI support from Spring AI, you must migrate to an alternative. The integration has been removed from the main repository. Users relying on OCI GenAI will be able to migrate to a separate integration that will be released and documented shortly. #5695
• Projects using SpringAiTestAutoConfigurations for test setup must update their test configuration. Review your test context setup and replace any usage of this removed class with appropriate alternatives. #5684

⭐ New Features

• Custom StructuredOutputConverter implementations can now participate in the native structured output pipeline, giving users greater flexibility to plug in their own output conversion logic alongside built-in converters. #5659
• The ToolCallAdvisor.Builder now exposes a getter for the conversationHistoryEnabled property, allowing users to inspect the current configuration state when building ToolCallAdvisor instances. #5869
• Added unified cache usage metrics to the Usage interface, providing consistent access to cache hit/miss statistics across all AI model providers. 7cfad45
• The spring-ai-openai module now uses the official openai-java SDK, replacing the previously internal implementation. All OpenAI models (Chat, Embedding, Image, Audio, Moderation) are migrated. The spring-ai-openai-sdk module has been merged and removed. Existing spring.ai.openai properties, builders, and chat options remain fully compatible — no migration required for most users. The extraBody configuration is transparently mapped to additionalBodyProperties. #5779
• Added AudioTranscription model support using the OpenAI SDK, enabling audio-to-text transcription capabilities through the standardized Spring AI model abstraction. 4aaca6d
• MCP Server now supports filtering which tools are exposed via the new spring.ai.mcp.server.expose-mcp-client-tools configuration property, providing fine-grained control over tool visibility in MCP client-server scenarios. #5755
• Added a new Moderation Model implementation using the OpenAI SDK, enabling content moderation capabilities through the standard Spring AI model abstraction. #5730
• OpenAI SDK-based models now support passing extra body parameters, providing more flexibility for advanced API usage and custom request configurations. #5734
• Options merging has been moved to the ChatClient level with a new combineWith() builder method, offering a more intuitive and composable API for combining chat options. #5725
• Added built-in web search tool support for the Anthropic integration, enabling models to search the web as part of their response generation. #5689
• Added support for configuring thinking display settings in the Anthropic module, allowing control over how extended thinking is surfaced in responses. bdcfd25
• Added service tier support to the Anthropic integration, enabling priority capacity selection for workloads that require dedicated throughput. b1c6375
• Added support for Anthropic inference geo configuration, enabling users to control geographic data residency when using Anthropic models. This is important for organizations with data sovereignty requirements. #5666

🪲 Bug Fixes

• The default cache directory for transformer models is now secured with proper permissions, preventing unauthorized access to cached model files. ce38bfe
• The CosmosDB vector store's delete method now properly parameterizes queries instead of using string interpolation, preventing potential injection vulnerabilities. 7b7a605
• Fixed a vulnerability where a specially crafted malformed PDF could cause excessive memory allocation. Processing of malformed PDFs is now handled defensively. 413a138

... (truncated)

Commits

• df0a3e8 Release version 2.0.0-M5
• fd90ad2 Fix a regression in the release process
• b9d1c53 Remove azure openai module entries from Spring AI BOM
• ce38bfe Secure the default cache dir for transformer models
• 7b7a605 Fix Cosmosdb doDelete method to parameterize the query
• 413a138 Prevent excessive char allocation via malformed pdf
• 12e1e3d Properly handle conversationId in VectorStoreChatMemoryAdvisor filter
• 029173f fix: vector store filter expression converter key handling
• 0f9340f Add Anthropic module migration docs (#5881)
• 5a9335b Upgrade MCP Java SDK to 2.0.0-M2 and document breaking changes (#5879)
• Additional commits viewable in compare view

[dependabot]

Assignees

The following users could not be added as assignees: dependabot[bot]. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Please fix the above issues or remove invalid values from dependabot.yml.