chore(deps): Bump io.modelcontextprotocol.sdk:mcp from 0.17.2 to 1.0.0

[dependabot]

Bumps io.modelcontextprotocol.sdk:mcp from 0.17.2 to 1.0.0.

Release notes

Sourced from io.modelcontextprotocol.sdk:mcp's releases.

v1.0.0

MCP Java SDK 1.0.0

We are pleased to announce the 1.0.0 GA release of the MCP Java SDK — the official Java SDK for Model Context Protocol servers and clients, maintained in collaboration with Spring AI.

---

Major Features

• MCP Protocol Implementation — Spec-compliant implementation of the Model Context Protocol, including tools, resources, prompts, sampling, elicitation, and progress tracking.
• Synchronous and Asynchronous APIs — First-class support for both blocking (McpSyncClient / McpSyncServer) and reactive (McpAsyncClient / McpAsyncServer) programming models.
• Official Transport Options — STDIO, Servlet-based (Streamable HTTP and HTTP/SSE) transports out of the box.
• Pluggable JSON Serialization — Supports both Jackson 2 and Jackson 3, with Jackson 3 as the default. Integration is decoupled so projects can supply their own binding.
• MCP Protocol Version Negotiation — Clients and servers automatically negotiate the highest mutually supported protocol version at connection time.
• Authorization & Security — DNS rebinding protection, Origin header validation, and conformance-tested OAuth/auth flows via relevant hooks.
• OSGi Support — All modules ship with correct OSGi bundle manifests for use in Eclipse/OSGi runtimes.
• BOM for Dependency Management — mcp-bom keeps all SDK module versions aligned with a single import.
• MCP Test Module — Reusable test utilities and a conformance test suite for validating server and client implementations.

---

Spec Compliance

The SDK is compliant with the 2025-06-18 MCP specification and supports protocol version negotiation across 2024-11-05, 2025-03-26, and 2025-06-18.

Work towards 2025-11-25 spec compliance is actively in progress. Key features in that revision include tasks (durable request tracking), tool calling in sampling, URL elicitation, icon metadata, enhanced JSON Schema support, and updated OAuth/security flows. See the Roadmap for details.

---

Stability in the 1.x Line

With 1.0.0, the SDK transitions to a stable, semantically versioned release line. The project follows Semantic Versioning 2.0.0:

• Patch releases (1.0.x) deliver backward-compatible bug fixes.
• Minor releases (1.x.0) deliver new, backward-compatible features — including new MCP spec support.
• Major releases (2.x) are reserved for breaking API changes or MCP spec revisions that require code changes on the caller side.

Breaking changes are always documented with migration instructions, APIs are deprecated before removal, and pull requests containing breaking changes are labeled accordingly. See https://github.com/modelcontextprotocol/java-sdk/blob/HEAD/VERSIONING.md for the full policy.

---

What's Changed in 1.0.0

Spring Transports Move to Spring AI 2.0

• Moved mcp-spring-webflux and mcp-spring-webmvc to Spring AI 2.0 (#805)

API Cleanup

• Removed all APIs deprecated during the RC cycle to establish a clean stable baseline (#807)

Security & Conformance

... (truncated)

Commits

• 3c87155 Release version 1.0.0
• 27c859c Update the quickstart bom versionto 1.0.0
• 29dc250 Excplude the conformance projects from maven deploy
• 7e08a8e Next development version
• 479e52e Release version 1.0.0-RC3
• bdb373c Change StackOverflow link and tag for support (#824)
• acb7e4d Next development version
• 11b597c Release version 1.0.0-RC2
• 6b2b31c chore: exclude internal modules from Maven Central publishing
• 72f9da9 Add governance documentation for SEP-1730 (#808)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)