chore(deps): bump com.azure:azure-cosmos from 4.78.0 to 4.79.1

[dependabot]

Bumps com.azure:azure-cosmos from 4.78.0 to 4.79.1.

Release notes

Sourced from com.azure:azure-cosmos's releases.

com.azure+azure-cosmos_4.79.1

4.79.1 (2026-04-06)

Bugs Fixed

• Fixing an NPE caused due to boxed Boolean conversion. - See PR 48656

com.azure+azure-cosmos_4.79.0

4.79.0 (2026-03-27)

Features Added

• Added support for N-Region synchronous commit feature - See PR 47757
• Added support for Query Advisor feature - See 48160
• Added CosmosFullTextScoreScope enum and setFullTextScoreScope() on CosmosQueryRequestOptions for controlling BM25 statistics scope in hybrid search queries. Supports LOCAL (scoped to target partitions) and GLOBAL (default, all partitions) scopes. See PR 48431

Bugs Fixed

• Fixed Remote Code Execution (RCE) vulnerability (CWE-502) by replacing Java deserialization with JSON-based serialization in CosmosClientMetadataCachesSnapshot, AsyncCache, and DocumentCollection. The metadata cache snapshot now uses Jackson for serialization/deserialization, eliminating the entire class of Java deserialization attacks. - PR 47971
• Fixed NullPointerException in DocumentQueryExecutionContextFactory.tryCacheQueryPlan when executing hybrid search queries with a partition key filter. See PR 48431
• Fixed ConcurrentModificationException in hybrid search component query execution caused by concurrent access to shared mutable state. See PR 48431
• Fixed availability strategy for Gateway V2 (thin client) by ensuring RegionalRoutingContext identity is based only on the immutable gateway endpoint. - See PR 48432
• Fixed an issue where replaceItem bypassed the customItemSerializer, serialising POJOs with the SDK's internal ObjectMapper instead of the user-configured one. - See PR 48529
• Fixed ClassCastException (ArrayNode cannot be cast to ObjectNode) when executing SELECT VALUE ... GROUP BY queries. See - PR 48507

Other Changes

• Promoted the following @Beta APIs to GA: CosmosContainerProperties.getFullTextPolicy()/setFullTextPolicy(), IndexingPolicy.getCosmosFullTextIndexes()/setCosmosFullTextIndexes(). - See PR 48538
• Added appendUserAgentSuffix method to AsyncDocumentClient to allow downstream libraries to append to the user agent after client construction. - See PR 48505
• Added aggressive HTTP timeout policies for document operations routed to Gateway V2. - PR 47879
• Added a default connect timeout of 5s for Gateway V2 (thin client) data-plane endpoints. - See PR 48174
• Added system property COSMOS.CONNECTION_ACQUIRE_TIMEOUT_IN_MS and environment variable COSMOS_CONNECTION_ACQUIRE_TIMEOUT_IN_MS to allow overriding the gateway connection acquire timeout in milliseconds (default 45000ms). Minimum accepted value is 500ms. Replaces the previous _IN_SECONDS variants. - See PR 48580
• Changed system property for thin client connection timeout from COSMOS.THINCLIENT_CONNECTION_TIMEOUT_IN_SECONDS to COSMOS.THINCLIENT_CONNECTION_TIMEOUT_IN_MS (default 5000ms, minimum 500ms). - See PR 48580

Commits

• a8a49e9 Release azure-cosmos 4.79.1 (#48700)
• 0be98b6 Temporarily Disabling Immutable Storage with Versioning Tests During Diagnost...
• beeb599 fix: reset metrics registry per benchmark cycle (#48695)
• 966398c Set default service version to 2025-07-01 for keyvault secrets (#48690)
• 0ce561c [Key Vault Certificates] Remove preview service version from GA library (#48678)
• 56dab13 Sync eng/common directory with azure-sdk-tools for PR 14922 (#48696)
• 26c01ac March 2026 Patches Merge-back (#48665)
• dec14b8 Sync eng/common directory with azure-sdk-tools for PR 14890 (#48686)
• 432a587 Clean up azure-identity README (#48685)
• 9336a4b [EventHubs] Migrate to TypeSpec (#48673)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

🧪 Java Unit Tests

	Tests	Passed ☑️	Skipped ⚠️	Failed ❌️	Time ⏱
Java Tests Report	71 ran	16 ✅	23 ⚠️	32 ❌	12s 623ms

Test	Result	Time ⏱
Java Tests Report
AzCLITest.run()	❌ failure	15ms
ConsumeTest.initializationError	❌ failure
PublishTest.initializationError	❌ failure
RealTimeTriggerTest.initializationError	❌ failure
TriggerTest.initializationError	❌ failure	1ms
AllTest.run()	❌ failure	366ms
AllTest.maxFiles()	❌ failure	460ms
DeleteFilesTest.run()	❌ failure	317ms
ReadsTest.run()	❌ failure	350ms
SharedAccessTest.run()	❌ failure	363ms
AppendTest.run()	❌ failure	293ms
LeaseTest.run()	❌ failure	365ms
SetAccessControlTest.run()	❌ failure	308ms
AllTest.run()	❌ failure	387ms
AllTest.maxFiles()	❌ failure	307ms
CopyTest.delete()	❌ failure	302ms
CopyTest.run()	❌ failure	318ms
DeleteListTest.run()	❌ failure	358ms
DownloadsTest.delete()	❌ failure	333ms
DownloadsTest.move()	❌ failure	293ms
SharedAccessTest.run()	❌ failure	279ms
TriggerTest.shouldExecuteOnCreate()	❌ failure	322ms
TriggerTest.deleteAction()	❌ failure	355ms
TriggerTest.shouldExecuteOnUpdate()	❌ failure	301ms
TriggerTest.shouldExecuteOnCreateOrUpdate()	❌ failure	201ms
TriggerTest.noneAction()	❌ failure	278ms
BatchTest.initializationError	❌ failure
CreateItemTest.initializationError	❌ failure
DeleteTest.initializationError	❌ failure
QueriesTest.initializationError	❌ failure
QueryTest.initializationError	❌ failure
SuiteTest.run()	❌ failure	20ms