chore(deps): bump com.azure:azure-cosmos from 4.78.0 to 4.79.0

[dependabot]

Bumps com.azure:azure-cosmos from 4.78.0 to 4.79.0.

Release notes

Sourced from com.azure:azure-cosmos's releases.

com.azure+azure-cosmos_4.79.0

4.79.0 (2026-03-27)

Features Added

• Added support for N-Region synchronous commit feature - See PR 47757
• Added support for Query Advisor feature - See 48160
• Added CosmosFullTextScoreScope enum and setFullTextScoreScope() on CosmosQueryRequestOptions for controlling BM25 statistics scope in hybrid search queries. Supports LOCAL (scoped to target partitions) and GLOBAL (default, all partitions) scopes. See PR 48431

Bugs Fixed

• Fixed Remote Code Execution (RCE) vulnerability (CWE-502) by replacing Java deserialization with JSON-based serialization in CosmosClientMetadataCachesSnapshot, AsyncCache, and DocumentCollection. The metadata cache snapshot now uses Jackson for serialization/deserialization, eliminating the entire class of Java deserialization attacks. - PR 47971
• Fixed NullPointerException in DocumentQueryExecutionContextFactory.tryCacheQueryPlan when executing hybrid search queries with a partition key filter. See PR 48431
• Fixed ConcurrentModificationException in hybrid search component query execution caused by concurrent access to shared mutable state. See PR 48431
• Fixed availability strategy for Gateway V2 (thin client) by ensuring RegionalRoutingContext identity is based only on the immutable gateway endpoint. - See PR 48432
• Fixed an issue where replaceItem bypassed the customItemSerializer, serialising POJOs with the SDK's internal ObjectMapper instead of the user-configured one. - See PR 48529
• Fixed ClassCastException (ArrayNode cannot be cast to ObjectNode) when executing SELECT VALUE ... GROUP BY queries. See - PR 48507

Other Changes

• Promoted the following @Beta APIs to GA: CosmosContainerProperties.getFullTextPolicy()/setFullTextPolicy(), IndexingPolicy.getCosmosFullTextIndexes()/setCosmosFullTextIndexes(). - See PR 48538
• Added appendUserAgentSuffix method to AsyncDocumentClient to allow downstream libraries to append to the user agent after client construction. - See PR 48505
• Added aggressive HTTP timeout policies for document operations routed to Gateway V2. - PR 47879
• Added a default connect timeout of 5s for Gateway V2 (thin client) data-plane endpoints. - See PR 48174
• Added system property COSMOS.CONNECTION_ACQUIRE_TIMEOUT_IN_MS and environment variable COSMOS_CONNECTION_ACQUIRE_TIMEOUT_IN_MS to allow overriding the gateway connection acquire timeout in milliseconds (default 45000ms). Minimum accepted value is 500ms. Replaces the previous _IN_SECONDS variants. - See PR 48580
• Changed system property for thin client connection timeout from COSMOS.THINCLIENT_CONNECTION_TIMEOUT_IN_SECONDS to COSMOS.THINCLIENT_CONNECTION_TIMEOUT_IN_MS (default 5000ms, minimum 500ms). - See PR 48580

Commits

• 896d7f9 Release azure-cosmos 4.79.0, encryption 2.28.0, spark 4.46.0, kafka-connect 2...
• e90a0ba Expose system property for connection timeout (#48580)
• 0d3f679 Truncate gen_ai attributes to 256KB instead of exempting from truncation (#48...
• 3acaa86 Increment package versions for storage releases (#48591)
• 90611a8 [AzureMonitorAutoConfigure] Add customer-facing SDKStats metrics (Item_Succes...
• 584a4c6 Change enums to expandable enums (#48575)
• 4d0348c Remove all DR drill images from dr-drill-2026-03-19 (#48594)
• c67ba7e Sync eng/common directory with azure-sdk-tools for PR 14737 (#48587)
• c64b094 Cosmos: Fix replaceItem bypassing customItemSerializer (#48529)
• ce7f890 Configurations: 'specification/applink/AppLink.Management/tspconfig.yaml', A...
• Additional commits viewable in compare view

[github-actions]

🧪 Java Unit Tests

	Tests	Passed ☑️	Skipped ⚠️	Failed ❌️	Time ⏱
Java Tests Report	71 ran	16 ✅	23 ⚠️	32 ❌	12s 402ms

Test	Result	Time ⏱
Java Tests Report
AzCLITest.run()	❌ failure	12ms
ConsumeTest.initializationError	❌ failure	1ms
PublishTest.initializationError	❌ failure
RealTimeTriggerTest.initializationError	❌ failure	1ms
TriggerTest.initializationError	❌ failure	1ms
AllTest.run()	❌ failure	383ms
AllTest.maxFiles()	❌ failure	425ms
DeleteFilesTest.run()	❌ failure	339ms
ReadsTest.run()	❌ failure	376ms
SharedAccessTest.run()	❌ failure	369ms
AppendTest.run()	❌ failure	266ms
LeaseTest.run()	❌ failure	326ms
SetAccessControlTest.run()	❌ failure	382ms
AllTest.run()	❌ failure	269ms
AllTest.maxFiles()	❌ failure	253ms
CopyTest.delete()	❌ failure	274ms
CopyTest.run()	❌ failure	300ms
DeleteListTest.run()	❌ failure	348ms
DownloadsTest.delete()	❌ failure	314ms
DownloadsTest.move()	❌ failure	305ms
SharedAccessTest.run()	❌ failure	288ms
TriggerTest.shouldExecuteOnCreate()	❌ failure	388ms
TriggerTest.deleteAction()	❌ failure	309ms
TriggerTest.shouldExecuteOnUpdate()	❌ failure	279ms
TriggerTest.shouldExecuteOnCreateOrUpdate()	❌ failure	249ms
TriggerTest.noneAction()	❌ failure	277ms
BatchTest.initializationError	❌ failure
CreateItemTest.initializationError	❌ failure
DeleteTest.initializationError	❌ failure
QueriesTest.initializationError	❌ failure
QueryTest.initializationError	❌ failure	1ms
SuiteTest.run()	❌ failure	32ms

[fdelbrayelle]

@dependabot rebase

[dependabot]

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[fdelbrayelle]

@dependabot rebase

[dependabot]

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[fdelbrayelle]

@dependabot rebase

[fdelbrayelle]

@dependabot rebase

[dependabot]

Superseded by #269.