Bump io.modelcontextprotocol.sdk:mcp-bom from 1.1.3 to 2.0.0

[dependabot]

Bumps io.modelcontextprotocol.sdk:mcp-bom from 1.1.3 to 2.0.0.

Release notes

Sourced from io.modelcontextprotocol.sdk:mcp-bom's releases.

v2.0.0

MCP Java SDK 2.0.0 🎉

We're thrilled to announce the General Availability of the MCP Java SDK 2.0.0 — the first major release since 1.x and the culmination of three milestones (M1, M2, M3) and a release candidate (RC1). It tracks the latest 2025-11-25 MCP specification and lays the groundwork for everything that comes next. Huge thanks to everyone who contributed, tested the milestones, and filed feedback along the way! ❤️

Upgrading from 1.x? See the v2 migration guide and the updated documentation (#1024) for a step-by-step walkthrough of the breaking changes below.

Highlights

• A new JSON compatibility foundation for consistent forward/backward wire compatibility as the protocol evolves.
• Spec-accurate schema with enforced required fields and lenient wire deserialization.
• End-to-end validation of tool inputs and embedded JSON Schema documents (2020-12).
• Richer elicitation: client-side schema defaults, URL elicitation, and form-based elicitation schemas.
• Icons & metadata support (SEP-973) across the API.
• Streamable HTTP first: SSE transports are now deprecated in favor of Streamable HTTP.
• Cleaner, quieter logging with unified configuration and saner default levels.

⚠️ Breaking Changes

• feat!: consistent JSON forward/backward compatibility — the 2.0 foundation by @​chemicL in modelcontextprotocol/java-sdk#927
• feat!: enforce required MCP spec fields in McpSchema; lenient wire deserialization by @​chemicL in modelcontextprotocol/java-sdk#928
• feat!: add tool input arguments validation (#697) by @​ashakirin in modelcontextprotocol/java-sdk#873
• fix: Remove JsonSchema and use a Map for inputSchema to support JSON Schema dialects by @​bilaloumehdi in modelcontextprotocol/java-sdk#749

✨ New Features

• feat: validate embedded JSON Schema documents against the 2020-12 meta-schema (SEP-1613) by @​chemicL in modelcontextprotocol/java-sdk#949
• feat: Add SEP-973 icons and metadata support by @​sainathreddyb in modelcontextprotocol/java-sdk#912
• feat: client-side application of elicitation schema defaults (SEP-1034) by @​chemicL in modelcontextprotocol/java-sdk#976
• Add URL elicitation support (SEP-1036) by @​Kehrlann in modelcontextprotocol/java-sdk#993
• Add schemas for form-based elicitation by @​Kehrlann in modelcontextprotocol/java-sdk#1020
• feat: add support for meta parameter in client paginated list queries by @​smohite04 in modelcontextprotocol/java-sdk#906
• Add 2025-11-25 spec version to all transports by @​chemicL in modelcontextprotocol/java-sdk#1025

🔌 Transports & Networking

• Deprecate SSE transports (in favor of Streamable HTTP) by @​Kehrlann in modelcontextprotocol/java-sdk#950
• Client transports: remove deprecated methods from builder by @​Kehrlann in modelcontextprotocol/java-sdk#899
• Server transports: remove deprecated methods from builder by @​Kehrlann
• HttpClientStreamableHttpTransport: handle HTTP 405 by @​Kehrlann
• Validate message endpoint in SSE client transport by @​Kehrlann in modelcontextprotocol/java-sdk#943
• DefaultSseMessageEndpointValidator allows same-origin message endpoints by @​Kehrlann in modelcontextprotocol/java-sdk#946
• Deprecate Builder.customizeRequest() in favor of httpRequestCustomizer() by @​gyeo009 in modelcontextprotocol/java-sdk#791
• Expose request URI in McpHttpClientAuthorizationErrorHandler by @​Kehrlann in modelcontextprotocol/java-sdk#980
• Fix UTF-8 encoding for non-ASCII tool names in HTTP client transports by @​rameshreddy-adutla in modelcontextprotocol/java-sdk#850

🪵 Logging

• Unify logging config by @​chemicL in modelcontextprotocol/java-sdk#984
• Reduce logging levels by @​chemicL in modelcontextprotocol/java-sdk#985

... (truncated)

Commits

• f56d038 Release version 2.0.0
• d20af91 Add 2025-11-25 spec version to all transports (#1025)
• c42d313 Return void from McpStatelessSyncServer#closeGracefully instead of Mono (#1019)
• 2756337 Update documentation and migration notes for v2 (#1024)
• fe82ad5 Add schemas for form-based elicitation (#1020)
• 99faac6 Clarify tool validation error messages (#1023)
• df75857 fix: avoid dropped errors when transport is closed or uninitialized (#995)
• dbb9bda Add URL elicitation support (SEP-1036) (#993)
• c49a994 Add missing Export-Package to mcp-json-jackson2 and mcp-json-jackson3
• c8ab341 feat: Refine logging levels (#985)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[bernd]

@monrax @dennisoelkers The build works but this is a major release. Can you check if everything still works as expected? Thanks!