[ML] Remove node-fetch dependency in favor of native fetch#250719
Merged
afharo merged 16 commits intoelastic:mainfrom Feb 24, 2026
Merged
[ML] Remove node-fetch dependency in favor of native fetch#250719afharo merged 16 commits intoelastic:mainfrom
afharo merged 16 commits intoelastic:mainfrom
Conversation
## Changes - Updated aiops API integration tests to use Readable.fromWeb() - Updated related test utilities > [!WARNING] > These changes were vibe-coded using the AI agent `claude-4.5-opus-high`. Please review carefully.
afharo
added
backport:skip
3 tasks
peteharverson
changed the title
Native fetch doesn't support credentials embedded in URLs (unlike node-fetch). Extract username/password from server config and pass them via Authorization header instead.
The authHeader conditional type was inferred as a union that includes `Authorization?: undefined`, which is not compatible with the native fetch HeadersInit type. Adding an explicit `Record<string, string>` type annotation resolves this.
Contributor
💔 Build Failed
Failed CI StepsTest Failures
Metrics [docs]
History
|
Contributor
💚 Build Succeeded
Metrics [docs]
History
|
rbrtj
approved these changes
Feb 24, 2026
nreese
pushed a commit
to nreese/kibana
that referenced
this pull request
Feb 25, 2026
…50719) ## Summary This PR removes the `node-fetch` dependency for files owned by `@elastic/ml-ui`. ### Why Node.js 18+ includes a native `fetch` API (built on undici internally), making the `node-fetch` package unnecessary. This reduces the dependency footprint by removing one runtime dependency and its transitive dependencies. ### Changes - Updated AI/Ops API integration tests to use `Readable.fromWeb()` for stream conversion - Updated log rate analysis tests (full analysis and groups only) - Updated permissions tests > [!WARNING] > These changes were vibe-coded using the AI agent `claude-4.5-opus-high`. Please review carefully. ## Test plan - [x] Type check passes - [x] ESLint passes - [x] Integration tests pass for modified files --------- Co-authored-by: Robert Jaszczurek <92210485+rbrtj@users.noreply.github.com>
qn895
pushed a commit
to qn895/kibana
that referenced
this pull request
Mar 11, 2026
…50719) ## Summary This PR removes the `node-fetch` dependency for files owned by `@elastic/ml-ui`. ### Why Node.js 18+ includes a native `fetch` API (built on undici internally), making the `node-fetch` package unnecessary. This reduces the dependency footprint by removing one runtime dependency and its transitive dependencies. ### Changes - Updated AI/Ops API integration tests to use `Readable.fromWeb()` for stream conversion - Updated log rate analysis tests (full analysis and groups only) - Updated permissions tests > [!WARNING] > These changes were vibe-coded using the AI agent `claude-4.5-opus-high`. Please review carefully. ## Test plan - [x] Type check passes - [x] ESLint passes - [x] Integration tests pass for modified files --------- Co-authored-by: Robert Jaszczurek <92210485+rbrtj@users.noreply.github.com>
azasypkin
added a commit
that referenced
this pull request
May 4, 2026
#266771) ## Summary This PR removes the `axios` dependency for files owned by `@elastic/security-generative-ai`. Phase 1.1 of the axios migration tracked under #266556. ### Why Node.js 22 ships a native `fetch` API built on undici, and every browser Kibana targets supports `fetch` natively. Removing axios cuts one runtime dependency and continues the per-team rollout that mirrors the earlier node-fetch migration ([#250719](#250719) and siblings). ### Changes - Migrated `create_conversations_script.ts` (a developer seed script fetching the connector list) from `axios.get` to `fetch`. - Migrated `create_and_login_users.js` (a developer script that creates test users via the Elasticsearch security API) from `axios.get` / `axios.put` to `fetch`. Three call sites: role lookup, role create, user create. Basic auth was previously passed via axios's `auth: { username, password }` option; native fetch strips `user:pass@` URL credentials, so it now goes through an `Authorization: Basic <base64>` header. - Removed the entire `x-pack/solutions/security/plugins/elastic_assistant/scripts/` entry from `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage anywhere in this directory is now blocked by the existing global ban. ### Behavior parity Native fetch does not throw on non-2xx, so each call site explicitly checks `res.ok` / `res.status`. The previous status-based branches (404 fall-through on role check, 409 informational on user create) are preserved with the same logging and `return err` shape. The diff is intentionally minimal: variable names, comment placement, try-catch structure, and error-return semantics from the original axios code are kept. Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
seanrathier
pushed a commit
to seanrathier/kibana
that referenced
this pull request
May 4, 2026
elastic#266771) ## Summary This PR removes the `axios` dependency for files owned by `@elastic/security-generative-ai`. Phase 1.1 of the axios migration tracked under elastic#266556. ### Why Node.js 22 ships a native `fetch` API built on undici, and every browser Kibana targets supports `fetch` natively. Removing axios cuts one runtime dependency and continues the per-team rollout that mirrors the earlier node-fetch migration ([elastic#250719](elastic#250719) and siblings). ### Changes - Migrated `create_conversations_script.ts` (a developer seed script fetching the connector list) from `axios.get` to `fetch`. - Migrated `create_and_login_users.js` (a developer script that creates test users via the Elasticsearch security API) from `axios.get` / `axios.put` to `fetch`. Three call sites: role lookup, role create, user create. Basic auth was previously passed via axios's `auth: { username, password }` option; native fetch strips `user:pass@` URL credentials, so it now goes through an `Authorization: Basic <base64>` header. - Removed the entire `x-pack/solutions/security/plugins/elastic_assistant/scripts/` entry from `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage anywhere in this directory is now blocked by the existing global ban. ### Behavior parity Native fetch does not throw on non-2xx, so each call site explicitly checks `res.ok` / `res.status`. The previous status-based branches (404 fall-through on role check, 409 informational on user create) are preserved with the same logging and `return err` shape. The diff is intentionally minimal: variable names, comment placement, try-catch structure, and error-return semantics from the original axios code are kept. Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
kibanamachine
added a commit
that referenced
this pull request
May 4, 2026
…favor … (#266771) (#267468) # Backport This will backport the following commits from `main` to `9.4`: - [chore(axios,security-generative-ai) Remove axios dependency in favor … (#266771)](#266771) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Aleh Zasypkin","email":"aleh.zasypkin@elastic.co"},"sourceCommit":{"committedDate":"2026-05-04T12:08:41Z","message":"chore(axios,security-generative-ai) Remove axios dependency in favor … (#266771)\n\n## Summary\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-generative-ai`. Phase 1.1 of the axios migration\ntracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\n- Migrated `create_conversations_script.ts` (a developer seed script\nfetching the connector list) from `axios.get` to `fetch`.\n- Migrated `create_and_login_users.js` (a developer script that creates\ntest users via the Elasticsearch security API) from `axios.get` /\n`axios.put` to `fetch`. Three call sites: role lookup, role create, user\ncreate. Basic auth was previously passed via axios's `auth: { username,\npassword }` option; native fetch strips `user:pass@` URL credentials, so\nit now goes through an `Authorization: Basic <base64>` header.\n- Removed the entire\n`x-pack/solutions/security/plugins/elastic_assistant/scripts/` entry\nfrom `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage\nanywhere in this directory is now blocked by the existing global ban.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. The previous status-based branches (404\nfall-through on role check, 409 informational on user create) are\npreserved with the same logging and `return err` shape. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-return semantics from the original axios code are\nkept.\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0643d49acfbfd8dfdc758e88ecfa0c767f02a30f","branchLabelMapping":{"^v9.5.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["chore","release_note:skip","dependencies","backport:all-open","v9.5.0"],"title":"chore(axios,security-generative-ai) Remove axios dependency in favor …","number":266771,"url":"https://github.com/elastic/kibana/pull/266771","mergeCommit":{"message":"chore(axios,security-generative-ai) Remove axios dependency in favor … (#266771)\n\n## Summary\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-generative-ai`. Phase 1.1 of the axios migration\ntracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\n- Migrated `create_conversations_script.ts` (a developer seed script\nfetching the connector list) from `axios.get` to `fetch`.\n- Migrated `create_and_login_users.js` (a developer script that creates\ntest users via the Elasticsearch security API) from `axios.get` /\n`axios.put` to `fetch`. Three call sites: role lookup, role create, user\ncreate. Basic auth was previously passed via axios's `auth: { username,\npassword }` option; native fetch strips `user:pass@` URL credentials, so\nit now goes through an `Authorization: Basic <base64>` header.\n- Removed the entire\n`x-pack/solutions/security/plugins/elastic_assistant/scripts/` entry\nfrom `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage\nanywhere in this directory is now blocked by the existing global ban.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. The previous status-based branches (404\nfall-through on role check, 409 informational on user create) are\npreserved with the same logging and `return err` shape. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-return semantics from the original axios code are\nkept.\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0643d49acfbfd8dfdc758e88ecfa0c767f02a30f"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.5.0","branchLabelMappingKey":"^v9.5.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/266771","number":266771,"mergeCommit":{"message":"chore(axios,security-generative-ai) Remove axios dependency in favor … (#266771)\n\n## Summary\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-generative-ai`. Phase 1.1 of the axios migration\ntracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\n- Migrated `create_conversations_script.ts` (a developer seed script\nfetching the connector list) from `axios.get` to `fetch`.\n- Migrated `create_and_login_users.js` (a developer script that creates\ntest users via the Elasticsearch security API) from `axios.get` /\n`axios.put` to `fetch`. Three call sites: role lookup, role create, user\ncreate. Basic auth was previously passed via axios's `auth: { username,\npassword }` option; native fetch strips `user:pass@` URL credentials, so\nit now goes through an `Authorization: Basic <base64>` header.\n- Removed the entire\n`x-pack/solutions/security/plugins/elastic_assistant/scripts/` entry\nfrom `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage\nanywhere in this directory is now blocked by the existing global ban.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. The previous status-based branches (404\nfall-through on role check, 409 informational on user create) are\npreserved with the same logging and `return err` shape. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-return semantics from the original axios code are\nkept.\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0643d49acfbfd8dfdc758e88ecfa0c767f02a30f"}}]}] BACKPORT--> Co-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
kibanamachine
added a commit
that referenced
this pull request
May 4, 2026
…favor … (#266771) (#267467) # Backport This will backport the following commits from `main` to `9.3`: - [chore(axios,security-generative-ai) Remove axios dependency in favor … (#266771)](#266771) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Aleh Zasypkin","email":"aleh.zasypkin@elastic.co"},"sourceCommit":{"committedDate":"2026-05-04T12:08:41Z","message":"chore(axios,security-generative-ai) Remove axios dependency in favor … (#266771)\n\n## Summary\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-generative-ai`. Phase 1.1 of the axios migration\ntracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\n- Migrated `create_conversations_script.ts` (a developer seed script\nfetching the connector list) from `axios.get` to `fetch`.\n- Migrated `create_and_login_users.js` (a developer script that creates\ntest users via the Elasticsearch security API) from `axios.get` /\n`axios.put` to `fetch`. Three call sites: role lookup, role create, user\ncreate. Basic auth was previously passed via axios's `auth: { username,\npassword }` option; native fetch strips `user:pass@` URL credentials, so\nit now goes through an `Authorization: Basic <base64>` header.\n- Removed the entire\n`x-pack/solutions/security/plugins/elastic_assistant/scripts/` entry\nfrom `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage\nanywhere in this directory is now blocked by the existing global ban.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. The previous status-based branches (404\nfall-through on role check, 409 informational on user create) are\npreserved with the same logging and `return err` shape. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-return semantics from the original axios code are\nkept.\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0643d49acfbfd8dfdc758e88ecfa0c767f02a30f","branchLabelMapping":{"^v9.5.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["chore","release_note:skip","dependencies","backport:all-open","v9.5.0"],"title":"chore(axios,security-generative-ai) Remove axios dependency in favor …","number":266771,"url":"https://github.com/elastic/kibana/pull/266771","mergeCommit":{"message":"chore(axios,security-generative-ai) Remove axios dependency in favor … (#266771)\n\n## Summary\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-generative-ai`. Phase 1.1 of the axios migration\ntracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\n- Migrated `create_conversations_script.ts` (a developer seed script\nfetching the connector list) from `axios.get` to `fetch`.\n- Migrated `create_and_login_users.js` (a developer script that creates\ntest users via the Elasticsearch security API) from `axios.get` /\n`axios.put` to `fetch`. Three call sites: role lookup, role create, user\ncreate. Basic auth was previously passed via axios's `auth: { username,\npassword }` option; native fetch strips `user:pass@` URL credentials, so\nit now goes through an `Authorization: Basic <base64>` header.\n- Removed the entire\n`x-pack/solutions/security/plugins/elastic_assistant/scripts/` entry\nfrom `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage\nanywhere in this directory is now blocked by the existing global ban.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. The previous status-based branches (404\nfall-through on role check, 409 informational on user create) are\npreserved with the same logging and `return err` shape. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-return semantics from the original axios code are\nkept.\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0643d49acfbfd8dfdc758e88ecfa0c767f02a30f"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.5.0","branchLabelMappingKey":"^v9.5.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/266771","number":266771,"mergeCommit":{"message":"chore(axios,security-generative-ai) Remove axios dependency in favor … (#266771)\n\n## Summary\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-generative-ai`. Phase 1.1 of the axios migration\ntracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\n- Migrated `create_conversations_script.ts` (a developer seed script\nfetching the connector list) from `axios.get` to `fetch`.\n- Migrated `create_and_login_users.js` (a developer script that creates\ntest users via the Elasticsearch security API) from `axios.get` /\n`axios.put` to `fetch`. Three call sites: role lookup, role create, user\ncreate. Basic auth was previously passed via axios's `auth: { username,\npassword }` option; native fetch strips `user:pass@` URL credentials, so\nit now goes through an `Authorization: Basic <base64>` header.\n- Removed the entire\n`x-pack/solutions/security/plugins/elastic_assistant/scripts/` entry\nfrom `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage\nanywhere in this directory is now blocked by the existing global ban.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. The previous status-based branches (404\nfall-through on role check, 409 informational on user create) are\npreserved with the same logging and `return err` shape. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-return semantics from the original axios code are\nkept.\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0643d49acfbfd8dfdc758e88ecfa0c767f02a30f"}}]}] BACKPORT--> Co-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
kibanamachine
added a commit
that referenced
this pull request
May 4, 2026
…favor … (#266771) (#267466) # Backport This will backport the following commits from `main` to `9.2`: - [chore(axios,security-generative-ai) Remove axios dependency in favor … (#266771)](#266771) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Aleh Zasypkin","email":"aleh.zasypkin@elastic.co"},"sourceCommit":{"committedDate":"2026-05-04T12:08:41Z","message":"chore(axios,security-generative-ai) Remove axios dependency in favor … (#266771)\n\n## Summary\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-generative-ai`. Phase 1.1 of the axios migration\ntracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\n- Migrated `create_conversations_script.ts` (a developer seed script\nfetching the connector list) from `axios.get` to `fetch`.\n- Migrated `create_and_login_users.js` (a developer script that creates\ntest users via the Elasticsearch security API) from `axios.get` /\n`axios.put` to `fetch`. Three call sites: role lookup, role create, user\ncreate. Basic auth was previously passed via axios's `auth: { username,\npassword }` option; native fetch strips `user:pass@` URL credentials, so\nit now goes through an `Authorization: Basic <base64>` header.\n- Removed the entire\n`x-pack/solutions/security/plugins/elastic_assistant/scripts/` entry\nfrom `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage\nanywhere in this directory is now blocked by the existing global ban.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. The previous status-based branches (404\nfall-through on role check, 409 informational on user create) are\npreserved with the same logging and `return err` shape. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-return semantics from the original axios code are\nkept.\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0643d49acfbfd8dfdc758e88ecfa0c767f02a30f","branchLabelMapping":{"^v9.5.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["chore","release_note:skip","dependencies","backport:all-open","v9.5.0"],"title":"chore(axios,security-generative-ai) Remove axios dependency in favor …","number":266771,"url":"https://github.com/elastic/kibana/pull/266771","mergeCommit":{"message":"chore(axios,security-generative-ai) Remove axios dependency in favor … (#266771)\n\n## Summary\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-generative-ai`. Phase 1.1 of the axios migration\ntracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\n- Migrated `create_conversations_script.ts` (a developer seed script\nfetching the connector list) from `axios.get` to `fetch`.\n- Migrated `create_and_login_users.js` (a developer script that creates\ntest users via the Elasticsearch security API) from `axios.get` /\n`axios.put` to `fetch`. Three call sites: role lookup, role create, user\ncreate. Basic auth was previously passed via axios's `auth: { username,\npassword }` option; native fetch strips `user:pass@` URL credentials, so\nit now goes through an `Authorization: Basic <base64>` header.\n- Removed the entire\n`x-pack/solutions/security/plugins/elastic_assistant/scripts/` entry\nfrom `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage\nanywhere in this directory is now blocked by the existing global ban.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. The previous status-based branches (404\nfall-through on role check, 409 informational on user create) are\npreserved with the same logging and `return err` shape. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-return semantics from the original axios code are\nkept.\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0643d49acfbfd8dfdc758e88ecfa0c767f02a30f"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.5.0","branchLabelMappingKey":"^v9.5.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/266771","number":266771,"mergeCommit":{"message":"chore(axios,security-generative-ai) Remove axios dependency in favor … (#266771)\n\n## Summary\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-generative-ai`. Phase 1.1 of the axios migration\ntracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\n- Migrated `create_conversations_script.ts` (a developer seed script\nfetching the connector list) from `axios.get` to `fetch`.\n- Migrated `create_and_login_users.js` (a developer script that creates\ntest users via the Elasticsearch security API) from `axios.get` /\n`axios.put` to `fetch`. Three call sites: role lookup, role create, user\ncreate. Basic auth was previously passed via axios's `auth: { username,\npassword }` option; native fetch strips `user:pass@` URL credentials, so\nit now goes through an `Authorization: Basic <base64>` header.\n- Removed the entire\n`x-pack/solutions/security/plugins/elastic_assistant/scripts/` entry\nfrom `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage\nanywhere in this directory is now blocked by the existing global ban.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. The previous status-based branches (404\nfall-through on role check, 409 informational on user create) are\npreserved with the same logging and `return err` shape. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-return semantics from the original axios code are\nkept.\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0643d49acfbfd8dfdc758e88ecfa0c767f02a30f"}}]}] BACKPORT--> Co-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
azasypkin
added a commit
that referenced
this pull request
May 5, 2026
…ls (#267512) ## Summary This PR removes the `axios` dependency for files owned by `@elastic/workflows-eng`. Phase 2 of the axios migration tracked under #266556. ### Why Node.js 22 ships a native `fetch` API built on undici, and every browser Kibana targets supports `fetch` natively. Removing axios cuts one runtime dependency and continues the per-team rollout that mirrors the earlier node-fetch migration ([#250719](#250719) and siblings). ### Changes - `src/platform/plugins/shared/workflows_management/server/connectors/workflows/utils.ts` previously imported `isAxiosError` from `axios` to decide whether to extract `error.response.data.message`. The production caller (`service.ts`) feeds errors thrown by the injected workflow services, never AxiosError; the axios-specific branch was effectively dead defensive code. Replaced the type-guard with duck-typed access to `response?.data?.message` so any HTTP-client error of similar shape still gets the upstream message extracted. - `utils.test.ts` updated correspondingly: dropped the `AxiosError` type-only import, renamed mocks to `httpError`, added `name: 'Error'` so `as Error` casts type-check. All 5 existing test cases still pass. - Removed the `workflows_management/server/connectors/workflows/**` entry from `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage in this directory is now blocked by the existing global ban. The broader `workflows_management/**` override that bans `*legacy*` imports still applies. ### Behavior parity The duck-typed access preserves the exact extraction logic: when the error has `response.data.message`, that string is used; otherwise it falls back to `error.message`. All five test cases (HTTP error with `data.message`, HTTP error with empty `data`, HTTP error without `response`, regular `Error`, error without message) pass without change to expected output.
azasypkin
added a commit
that referenced
this pull request
May 5, 2026
… favor … (#266771) (#267478) # Backport This will backport the following commits from `main` to `8.19`: - [chore(axios,security-generative-ai) Remove axios dependency in favor … (#266771)](#266771) <!--- Backport version: 11.0.2 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Aleh Zasypkin","email":"aleh.zasypkin@elastic.co"},"sourceCommit":{"committedDate":"2026-05-04T12:08:41Z","message":"chore(axios,security-generative-ai) Remove axios dependency in favor … (#266771)\n\n## Summary\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-generative-ai`. Phase 1.1 of the axios migration\ntracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\n- Migrated `create_conversations_script.ts` (a developer seed script\nfetching the connector list) from `axios.get` to `fetch`.\n- Migrated `create_and_login_users.js` (a developer script that creates\ntest users via the Elasticsearch security API) from `axios.get` /\n`axios.put` to `fetch`. Three call sites: role lookup, role create, user\ncreate. Basic auth was previously passed via axios's `auth: { username,\npassword }` option; native fetch strips `user:pass@` URL credentials, so\nit now goes through an `Authorization: Basic <base64>` header.\n- Removed the entire\n`x-pack/solutions/security/plugins/elastic_assistant/scripts/` entry\nfrom `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage\nanywhere in this directory is now blocked by the existing global ban.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. The previous status-based branches (404\nfall-through on role check, 409 informational on user create) are\npreserved with the same logging and `return err` shape. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-return semantics from the original axios code are\nkept.\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0643d49acfbfd8dfdc758e88ecfa0c767f02a30f","branchLabelMapping":{"^v9.5.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["chore","release_note:skip","dependencies","backport:all-open","v9.5.0"],"title":"chore(axios,security-generative-ai) Remove axios dependency in favor …","number":266771,"url":"https://github.com/elastic/kibana/pull/266771","mergeCommit":{"message":"chore(axios,security-generative-ai) Remove axios dependency in favor … (#266771)\n\n## Summary\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-generative-ai`. Phase 1.1 of the axios migration\ntracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\n- Migrated `create_conversations_script.ts` (a developer seed script\nfetching the connector list) from `axios.get` to `fetch`.\n- Migrated `create_and_login_users.js` (a developer script that creates\ntest users via the Elasticsearch security API) from `axios.get` /\n`axios.put` to `fetch`. Three call sites: role lookup, role create, user\ncreate. Basic auth was previously passed via axios's `auth: { username,\npassword }` option; native fetch strips `user:pass@` URL credentials, so\nit now goes through an `Authorization: Basic <base64>` header.\n- Removed the entire\n`x-pack/solutions/security/plugins/elastic_assistant/scripts/` entry\nfrom `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage\nanywhere in this directory is now blocked by the existing global ban.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. The previous status-based branches (404\nfall-through on role check, 409 informational on user create) are\npreserved with the same logging and `return err` shape. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-return semantics from the original axios code are\nkept.\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0643d49acfbfd8dfdc758e88ecfa0c767f02a30f"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.5.0","branchLabelMappingKey":"^v9.5.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/266771","number":266771,"mergeCommit":{"message":"chore(axios,security-generative-ai) Remove axios dependency in favor … (#266771)\n\n## Summary\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-generative-ai`. Phase 1.1 of the axios migration\ntracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\n- Migrated `create_conversations_script.ts` (a developer seed script\nfetching the connector list) from `axios.get` to `fetch`.\n- Migrated `create_and_login_users.js` (a developer script that creates\ntest users via the Elasticsearch security API) from `axios.get` /\n`axios.put` to `fetch`. Three call sites: role lookup, role create, user\ncreate. Basic auth was previously passed via axios's `auth: { username,\npassword }` option; native fetch strips `user:pass@` URL credentials, so\nit now goes through an `Authorization: Basic <base64>` header.\n- Removed the entire\n`x-pack/solutions/security/plugins/elastic_assistant/scripts/` entry\nfrom `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage\nanywhere in this directory is now blocked by the existing global ban.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. The previous status-based branches (404\nfall-through on role check, 409 informational on user create) are\npreserved with the same logging and `return err` shape. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-return semantics from the original axios code are\nkept.\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0643d49acfbfd8dfdc758e88ecfa0c767f02a30f"}},{"url":"https://github.com/elastic/kibana/pull/267466","number":267466,"branch":"9.2","state":"OPEN"},{"url":"https://github.com/elastic/kibana/pull/267467","number":267467,"branch":"9.3","state":"OPEN"},{"url":"https://github.com/elastic/kibana/pull/267468","number":267468,"branch":"9.4","state":"OPEN"}]}] BACKPORT-->
kibanamachine
added a commit
that referenced
this pull request
May 5, 2026
…or utils (#267512) (#267665) # Backport This will backport the following commits from `main` to `9.4`: - [chore(axios,workflows-eng): remove axios from workflows connector utils (#267512)](#267512) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Aleh Zasypkin","email":"aleh.zasypkin@elastic.co"},"sourceCommit":{"committedDate":"2026-05-05T08:05:42Z","message":"chore(axios,workflows-eng): remove axios from workflows connector utils (#267512)\n\n## Summary\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/workflows-eng`. Phase 2 of the axios migration tracked under\n#266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\n-\n`src/platform/plugins/shared/workflows_management/server/connectors/workflows/utils.ts`\npreviously imported `isAxiosError` from `axios` to decide whether to\nextract `error.response.data.message`. The production caller\n(`service.ts`) feeds errors thrown by the injected workflow services,\nnever AxiosError; the axios-specific branch was effectively dead\ndefensive code. Replaced the type-guard with duck-typed access to\n`response?.data?.message` so any HTTP-client error of similar shape\nstill gets the upstream message extracted.\n- `utils.test.ts` updated correspondingly: dropped the `AxiosError`\ntype-only import, renamed mocks to `httpError`, added `name: 'Error'` so\n`as Error` casts type-check. All 5 existing test cases still pass.\n- Removed the `workflows_management/server/connectors/workflows/**`\nentry from `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage\nin this directory is now blocked by the existing global ban. The broader\n`workflows_management/**` override that bans `*legacy*` imports still\napplies.\n\n### Behavior parity\n\nThe duck-typed access preserves the exact extraction logic: when the\nerror has `response.data.message`, that string is used; otherwise it\nfalls back to `error.message`. All five test cases (HTTP error with\n`data.message`, HTTP error with empty `data`, HTTP error without\n`response`, regular `Error`, error without message) pass without change\nto expected output.","sha":"5f51f6c8463974089a6d781c56dcdb928557c52b","branchLabelMapping":{"^v9.5.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["chore","release_note:skip","dependencies","backport:all-open","Team:One Workflow","v9.5.0"],"title":"chore(axios,workflows-eng): remove axios from workflows connector utils","number":267512,"url":"https://github.com/elastic/kibana/pull/267512","mergeCommit":{"message":"chore(axios,workflows-eng): remove axios from workflows connector utils (#267512)\n\n## Summary\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/workflows-eng`. Phase 2 of the axios migration tracked under\n#266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\n-\n`src/platform/plugins/shared/workflows_management/server/connectors/workflows/utils.ts`\npreviously imported `isAxiosError` from `axios` to decide whether to\nextract `error.response.data.message`. The production caller\n(`service.ts`) feeds errors thrown by the injected workflow services,\nnever AxiosError; the axios-specific branch was effectively dead\ndefensive code. Replaced the type-guard with duck-typed access to\n`response?.data?.message` so any HTTP-client error of similar shape\nstill gets the upstream message extracted.\n- `utils.test.ts` updated correspondingly: dropped the `AxiosError`\ntype-only import, renamed mocks to `httpError`, added `name: 'Error'` so\n`as Error` casts type-check. All 5 existing test cases still pass.\n- Removed the `workflows_management/server/connectors/workflows/**`\nentry from `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage\nin this directory is now blocked by the existing global ban. The broader\n`workflows_management/**` override that bans `*legacy*` imports still\napplies.\n\n### Behavior parity\n\nThe duck-typed access preserves the exact extraction logic: when the\nerror has `response.data.message`, that string is used; otherwise it\nfalls back to `error.message`. All five test cases (HTTP error with\n`data.message`, HTTP error with empty `data`, HTTP error without\n`response`, regular `Error`, error without message) pass without change\nto expected output.","sha":"5f51f6c8463974089a6d781c56dcdb928557c52b"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.5.0","branchLabelMappingKey":"^v9.5.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/267512","number":267512,"mergeCommit":{"message":"chore(axios,workflows-eng): remove axios from workflows connector utils (#267512)\n\n## Summary\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/workflows-eng`. Phase 2 of the axios migration tracked under\n#266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\n-\n`src/platform/plugins/shared/workflows_management/server/connectors/workflows/utils.ts`\npreviously imported `isAxiosError` from `axios` to decide whether to\nextract `error.response.data.message`. The production caller\n(`service.ts`) feeds errors thrown by the injected workflow services,\nnever AxiosError; the axios-specific branch was effectively dead\ndefensive code. Replaced the type-guard with duck-typed access to\n`response?.data?.message` so any HTTP-client error of similar shape\nstill gets the upstream message extracted.\n- `utils.test.ts` updated correspondingly: dropped the `AxiosError`\ntype-only import, renamed mocks to `httpError`, added `name: 'Error'` so\n`as Error` casts type-check. All 5 existing test cases still pass.\n- Removed the `workflows_management/server/connectors/workflows/**`\nentry from `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage\nin this directory is now blocked by the existing global ban. The broader\n`workflows_management/**` override that bans `*legacy*` imports still\napplies.\n\n### Behavior parity\n\nThe duck-typed access preserves the exact extraction logic: when the\nerror has `response.data.message`, that string is used; otherwise it\nfalls back to `error.message`. All five test cases (HTTP error with\n`data.message`, HTTP error with empty `data`, HTTP error without\n`response`, regular `Error`, error without message) pass without change\nto expected output.","sha":"5f51f6c8463974089a6d781c56dcdb928557c52b"}}]}] BACKPORT--> Co-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co>
azasypkin
added a commit
that referenced
this pull request
May 5, 2026
…_cypress scripts (#267684) ## Summary **NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day. Please verify the changes still work as expected - for these migrations a quick run of the affected scripts/tests is worth more than a code-only review. This PR removes the `axios` dependency for files owned by `@elastic/security-engineering-productivity`. Phase 3 of the axios migration tracked under #266556. ### Why Node.js 22 ships a native `fetch` API built on undici, and every browser Kibana targets supports `fetch` natively. Removing axios cuts one runtime dependency and continues the per-team rollout that mirrors the earlier node-fetch migration ([#250719](#250719) and siblings). ### Changes Three files under `x-pack/solutions/security/plugins/security_solution/scripts/run_cypress/`, all developer/CI scripts that spin up serverless test projects and poll their readiness: - `parallel_serverless.ts` - 5 axios calls (proxy healthcheck, ES `_cluster/health`, Kibana `/api/status`, ES root, Kibana login). Replaced with `fetch` + explicit `res.ok` check + typed `await res.json()`. Dropped the `.catch(catchAxiosErrorFormatAndThrow)` wrappers that wrapped AxiosError into FormattedAxiosError; replaced with inline `throw new Error('${response.status}:${await response.text()}')` that preserves status+body in the error message. Folded `'Content-Type': 'application/json'` into the module-private `API_HEADERS` constant and unwrapped `[ELASTIC_HTTP_VERSION_HEADER]: [INITIAL_REST_VERSION]` to a bare string - axios was setting Content-Type implicitly for object bodies and silently joining the single-element array, neither of which fetch does. - `cloud_project_handler.ts` - 4 axios calls (create project, delete project, reset credentials, status poll). - `proxy_project_handler.ts` - same shape as `cloud_project_handler.ts` with proxy-specific URLs. Both project_handler files: catch blocks previously had an `if (error instanceof AxiosError) { log status:data } else { log message }` branch; with fetch the AxiosError branch is now dead, so they collapse to a single `this.log.error(${error.message})`. The thrown error's message contains `${status}:${responseBody}` to preserve the same diagnostic content. The retry callbacks' `error instanceof AxiosError && error.code === 'ENOTFOUND'` checks (used to log a friendlier "URL not yet reachable" message during DNS failures) were replaced with `(error as { cause?: { code?: string } }).cause?.code === 'ENOTFOUND'` — Node fetch wraps the underlying network error on `error.cause`, so DNS failures still surface with `cause.code === 'ENOTFOUND'`. The one retry callback in `proxyHealthcheck` previously guarded its log behind `if (error instanceof AxiosError)`; with fetch every error reaching that callback is HTTP/network-related, so the guard is dropped and the parameter omitted. Removed the corresponding `run_cypress/` entries from `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage anywhere in this directory is now blocked by the existing global ban. ### Behavior parity - Status-based retry decisions unchanged: `res.ok` is true exactly for 2xx, matching axios's auto-throw on non-2xx + `error.response.status === 200` checks. - ENOTFOUND detection unchanged: fetch's wrapped `cause.code` matches axios's `code` for DNS failures. - Error log content preserved: messages still include status code and response body where the original did. - The `catchAxiosErrorFormatAndThrow` import (which would have required migrating the `format_axios_error.ts` utility owned by `@elastic/security-defend-workflows`) is no longer needed; that utility stays as-is for its other consumers and will be migrated in a later phase.
kibanamachine
added a commit
that referenced
this pull request
May 5, 2026
…om run_cypress scripts (#267684) (#267733) # Backport This will backport the following commits from `main` to `9.3`: - [chore(axios,security-engineering-productivity): remove axios from run_cypress scripts (#267684)](#267684) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Aleh Zasypkin","email":"aleh.zasypkin@elastic.co"},"sourceCommit":{"committedDate":"2026-05-05T13:08:17Z","message":"chore(axios,security-engineering-productivity): remove axios from run_cypress scripts (#267684)\n\n## Summary\n\n**NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected - for these migrations\na quick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-engineering-productivity`. Phase 3 of the axios\nmigration tracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files under\n`x-pack/solutions/security/plugins/security_solution/scripts/run_cypress/`,\nall developer/CI scripts that spin up serverless test projects and poll\ntheir readiness:\n\n- `parallel_serverless.ts` - 5 axios calls (proxy healthcheck, ES\n`_cluster/health`, Kibana `/api/status`, ES root, Kibana login).\nReplaced with `fetch` + explicit `res.ok` check + typed `await\nres.json()`. Dropped the `.catch(catchAxiosErrorFormatAndThrow)`\nwrappers that wrapped AxiosError into FormattedAxiosError; replaced with\ninline `throw new Error('${response.status}:${await response.text()}')`\nthat preserves status+body in the error message. Folded `'Content-Type':\n'application/json'` into the module-private `API_HEADERS` constant and\nunwrapped `[ELASTIC_HTTP_VERSION_HEADER]: [INITIAL_REST_VERSION]` to a\nbare string - axios was setting Content-Type implicitly for object\nbodies and silently joining the single-element array, neither of which\nfetch does.\n- `cloud_project_handler.ts` - 4 axios calls (create project, delete\nproject, reset credentials, status poll).\n- `proxy_project_handler.ts` - same shape as `cloud_project_handler.ts`\nwith proxy-specific URLs.\n\nBoth project_handler files: catch blocks previously had an `if (error\ninstanceof AxiosError) { log status:data } else { log message }` branch;\nwith fetch the AxiosError branch is now dead, so they collapse to a\nsingle `this.log.error(${error.message})`. The thrown error's message\ncontains `${status}:${responseBody}` to preserve the same diagnostic\ncontent.\n\nThe retry callbacks' `error instanceof AxiosError && error.code ===\n'ENOTFOUND'` checks (used to log a friendlier \"URL not yet reachable\"\nmessage during DNS failures) were replaced with `(error as { cause?: {\ncode?: string } }).cause?.code === 'ENOTFOUND'` — Node fetch wraps the\nunderlying network error on `error.cause`, so DNS failures still surface\nwith `cause.code === 'ENOTFOUND'`. The one retry callback in\n`proxyHealthcheck` previously guarded its log behind `if (error\ninstanceof AxiosError)`; with fetch every error reaching that callback\nis HTTP/network-related, so the guard is dropped and the parameter\nomitted.\n\nRemoved the corresponding `run_cypress/` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage anywhere in\nthis directory is now blocked by the existing global ban.\n\n### Behavior parity\n\n- Status-based retry decisions unchanged: `res.ok` is true exactly for\n2xx, matching axios's auto-throw on non-2xx + `error.response.status ===\n200` checks.\n- ENOTFOUND detection unchanged: fetch's wrapped `cause.code` matches\naxios's `code` for DNS failures.\n- Error log content preserved: messages still include status code and\nresponse body where the original did.\n- The `catchAxiosErrorFormatAndThrow` import (which would have required\nmigrating the `format_axios_error.ts` utility owned by\n`@elastic/security-defend-workflows`) is no longer needed; that utility\nstays as-is for its other consumers and will be migrated in a later\nphase.","sha":"cbbfb6d9139df3fcb8a07ae05b9dc484f580d6dd","branchLabelMapping":{"^v9.5.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["chore","release_note:skip","dependencies","backport:all-open","v9.5.0"],"title":"chore(axios,security-engineering-productivity): remove axios from run_cypress scripts","number":267684,"url":"https://github.com/elastic/kibana/pull/267684","mergeCommit":{"message":"chore(axios,security-engineering-productivity): remove axios from run_cypress scripts (#267684)\n\n## Summary\n\n**NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected - for these migrations\na quick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-engineering-productivity`. Phase 3 of the axios\nmigration tracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files under\n`x-pack/solutions/security/plugins/security_solution/scripts/run_cypress/`,\nall developer/CI scripts that spin up serverless test projects and poll\ntheir readiness:\n\n- `parallel_serverless.ts` - 5 axios calls (proxy healthcheck, ES\n`_cluster/health`, Kibana `/api/status`, ES root, Kibana login).\nReplaced with `fetch` + explicit `res.ok` check + typed `await\nres.json()`. Dropped the `.catch(catchAxiosErrorFormatAndThrow)`\nwrappers that wrapped AxiosError into FormattedAxiosError; replaced with\ninline `throw new Error('${response.status}:${await response.text()}')`\nthat preserves status+body in the error message. Folded `'Content-Type':\n'application/json'` into the module-private `API_HEADERS` constant and\nunwrapped `[ELASTIC_HTTP_VERSION_HEADER]: [INITIAL_REST_VERSION]` to a\nbare string - axios was setting Content-Type implicitly for object\nbodies and silently joining the single-element array, neither of which\nfetch does.\n- `cloud_project_handler.ts` - 4 axios calls (create project, delete\nproject, reset credentials, status poll).\n- `proxy_project_handler.ts` - same shape as `cloud_project_handler.ts`\nwith proxy-specific URLs.\n\nBoth project_handler files: catch blocks previously had an `if (error\ninstanceof AxiosError) { log status:data } else { log message }` branch;\nwith fetch the AxiosError branch is now dead, so they collapse to a\nsingle `this.log.error(${error.message})`. The thrown error's message\ncontains `${status}:${responseBody}` to preserve the same diagnostic\ncontent.\n\nThe retry callbacks' `error instanceof AxiosError && error.code ===\n'ENOTFOUND'` checks (used to log a friendlier \"URL not yet reachable\"\nmessage during DNS failures) were replaced with `(error as { cause?: {\ncode?: string } }).cause?.code === 'ENOTFOUND'` — Node fetch wraps the\nunderlying network error on `error.cause`, so DNS failures still surface\nwith `cause.code === 'ENOTFOUND'`. The one retry callback in\n`proxyHealthcheck` previously guarded its log behind `if (error\ninstanceof AxiosError)`; with fetch every error reaching that callback\nis HTTP/network-related, so the guard is dropped and the parameter\nomitted.\n\nRemoved the corresponding `run_cypress/` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage anywhere in\nthis directory is now blocked by the existing global ban.\n\n### Behavior parity\n\n- Status-based retry decisions unchanged: `res.ok` is true exactly for\n2xx, matching axios's auto-throw on non-2xx + `error.response.status ===\n200` checks.\n- ENOTFOUND detection unchanged: fetch's wrapped `cause.code` matches\naxios's `code` for DNS failures.\n- Error log content preserved: messages still include status code and\nresponse body where the original did.\n- The `catchAxiosErrorFormatAndThrow` import (which would have required\nmigrating the `format_axios_error.ts` utility owned by\n`@elastic/security-defend-workflows`) is no longer needed; that utility\nstays as-is for its other consumers and will be migrated in a later\nphase.","sha":"cbbfb6d9139df3fcb8a07ae05b9dc484f580d6dd"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.5.0","branchLabelMappingKey":"^v9.5.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/267684","number":267684,"mergeCommit":{"message":"chore(axios,security-engineering-productivity): remove axios from run_cypress scripts (#267684)\n\n## Summary\n\n**NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected - for these migrations\na quick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-engineering-productivity`. Phase 3 of the axios\nmigration tracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files under\n`x-pack/solutions/security/plugins/security_solution/scripts/run_cypress/`,\nall developer/CI scripts that spin up serverless test projects and poll\ntheir readiness:\n\n- `parallel_serverless.ts` - 5 axios calls (proxy healthcheck, ES\n`_cluster/health`, Kibana `/api/status`, ES root, Kibana login).\nReplaced with `fetch` + explicit `res.ok` check + typed `await\nres.json()`. Dropped the `.catch(catchAxiosErrorFormatAndThrow)`\nwrappers that wrapped AxiosError into FormattedAxiosError; replaced with\ninline `throw new Error('${response.status}:${await response.text()}')`\nthat preserves status+body in the error message. Folded `'Content-Type':\n'application/json'` into the module-private `API_HEADERS` constant and\nunwrapped `[ELASTIC_HTTP_VERSION_HEADER]: [INITIAL_REST_VERSION]` to a\nbare string - axios was setting Content-Type implicitly for object\nbodies and silently joining the single-element array, neither of which\nfetch does.\n- `cloud_project_handler.ts` - 4 axios calls (create project, delete\nproject, reset credentials, status poll).\n- `proxy_project_handler.ts` - same shape as `cloud_project_handler.ts`\nwith proxy-specific URLs.\n\nBoth project_handler files: catch blocks previously had an `if (error\ninstanceof AxiosError) { log status:data } else { log message }` branch;\nwith fetch the AxiosError branch is now dead, so they collapse to a\nsingle `this.log.error(${error.message})`. The thrown error's message\ncontains `${status}:${responseBody}` to preserve the same diagnostic\ncontent.\n\nThe retry callbacks' `error instanceof AxiosError && error.code ===\n'ENOTFOUND'` checks (used to log a friendlier \"URL not yet reachable\"\nmessage during DNS failures) were replaced with `(error as { cause?: {\ncode?: string } }).cause?.code === 'ENOTFOUND'` — Node fetch wraps the\nunderlying network error on `error.cause`, so DNS failures still surface\nwith `cause.code === 'ENOTFOUND'`. The one retry callback in\n`proxyHealthcheck` previously guarded its log behind `if (error\ninstanceof AxiosError)`; with fetch every error reaching that callback\nis HTTP/network-related, so the guard is dropped and the parameter\nomitted.\n\nRemoved the corresponding `run_cypress/` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage anywhere in\nthis directory is now blocked by the existing global ban.\n\n### Behavior parity\n\n- Status-based retry decisions unchanged: `res.ok` is true exactly for\n2xx, matching axios's auto-throw on non-2xx + `error.response.status ===\n200` checks.\n- ENOTFOUND detection unchanged: fetch's wrapped `cause.code` matches\naxios's `code` for DNS failures.\n- Error log content preserved: messages still include status code and\nresponse body where the original did.\n- The `catchAxiosErrorFormatAndThrow` import (which would have required\nmigrating the `format_axios_error.ts` utility owned by\n`@elastic/security-defend-workflows`) is no longer needed; that utility\nstays as-is for its other consumers and will be migrated in a later\nphase.","sha":"cbbfb6d9139df3fcb8a07ae05b9dc484f580d6dd"}}]}] BACKPORT--> Co-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co>
kibanamachine
added a commit
that referenced
this pull request
May 5, 2026
…om run_cypress scripts (#267684) (#267732) # Backport This will backport the following commits from `main` to `9.2`: - [chore(axios,security-engineering-productivity): remove axios from run_cypress scripts (#267684)](#267684) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Aleh Zasypkin","email":"aleh.zasypkin@elastic.co"},"sourceCommit":{"committedDate":"2026-05-05T13:08:17Z","message":"chore(axios,security-engineering-productivity): remove axios from run_cypress scripts (#267684)\n\n## Summary\n\n**NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected - for these migrations\na quick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-engineering-productivity`. Phase 3 of the axios\nmigration tracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files under\n`x-pack/solutions/security/plugins/security_solution/scripts/run_cypress/`,\nall developer/CI scripts that spin up serverless test projects and poll\ntheir readiness:\n\n- `parallel_serverless.ts` - 5 axios calls (proxy healthcheck, ES\n`_cluster/health`, Kibana `/api/status`, ES root, Kibana login).\nReplaced with `fetch` + explicit `res.ok` check + typed `await\nres.json()`. Dropped the `.catch(catchAxiosErrorFormatAndThrow)`\nwrappers that wrapped AxiosError into FormattedAxiosError; replaced with\ninline `throw new Error('${response.status}:${await response.text()}')`\nthat preserves status+body in the error message. Folded `'Content-Type':\n'application/json'` into the module-private `API_HEADERS` constant and\nunwrapped `[ELASTIC_HTTP_VERSION_HEADER]: [INITIAL_REST_VERSION]` to a\nbare string - axios was setting Content-Type implicitly for object\nbodies and silently joining the single-element array, neither of which\nfetch does.\n- `cloud_project_handler.ts` - 4 axios calls (create project, delete\nproject, reset credentials, status poll).\n- `proxy_project_handler.ts` - same shape as `cloud_project_handler.ts`\nwith proxy-specific URLs.\n\nBoth project_handler files: catch blocks previously had an `if (error\ninstanceof AxiosError) { log status:data } else { log message }` branch;\nwith fetch the AxiosError branch is now dead, so they collapse to a\nsingle `this.log.error(${error.message})`. The thrown error's message\ncontains `${status}:${responseBody}` to preserve the same diagnostic\ncontent.\n\nThe retry callbacks' `error instanceof AxiosError && error.code ===\n'ENOTFOUND'` checks (used to log a friendlier \"URL not yet reachable\"\nmessage during DNS failures) were replaced with `(error as { cause?: {\ncode?: string } }).cause?.code === 'ENOTFOUND'` — Node fetch wraps the\nunderlying network error on `error.cause`, so DNS failures still surface\nwith `cause.code === 'ENOTFOUND'`. The one retry callback in\n`proxyHealthcheck` previously guarded its log behind `if (error\ninstanceof AxiosError)`; with fetch every error reaching that callback\nis HTTP/network-related, so the guard is dropped and the parameter\nomitted.\n\nRemoved the corresponding `run_cypress/` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage anywhere in\nthis directory is now blocked by the existing global ban.\n\n### Behavior parity\n\n- Status-based retry decisions unchanged: `res.ok` is true exactly for\n2xx, matching axios's auto-throw on non-2xx + `error.response.status ===\n200` checks.\n- ENOTFOUND detection unchanged: fetch's wrapped `cause.code` matches\naxios's `code` for DNS failures.\n- Error log content preserved: messages still include status code and\nresponse body where the original did.\n- The `catchAxiosErrorFormatAndThrow` import (which would have required\nmigrating the `format_axios_error.ts` utility owned by\n`@elastic/security-defend-workflows`) is no longer needed; that utility\nstays as-is for its other consumers and will be migrated in a later\nphase.","sha":"cbbfb6d9139df3fcb8a07ae05b9dc484f580d6dd","branchLabelMapping":{"^v9.5.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["chore","release_note:skip","dependencies","backport:all-open","v9.5.0"],"title":"chore(axios,security-engineering-productivity): remove axios from run_cypress scripts","number":267684,"url":"https://github.com/elastic/kibana/pull/267684","mergeCommit":{"message":"chore(axios,security-engineering-productivity): remove axios from run_cypress scripts (#267684)\n\n## Summary\n\n**NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected - for these migrations\na quick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-engineering-productivity`. Phase 3 of the axios\nmigration tracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files under\n`x-pack/solutions/security/plugins/security_solution/scripts/run_cypress/`,\nall developer/CI scripts that spin up serverless test projects and poll\ntheir readiness:\n\n- `parallel_serverless.ts` - 5 axios calls (proxy healthcheck, ES\n`_cluster/health`, Kibana `/api/status`, ES root, Kibana login).\nReplaced with `fetch` + explicit `res.ok` check + typed `await\nres.json()`. Dropped the `.catch(catchAxiosErrorFormatAndThrow)`\nwrappers that wrapped AxiosError into FormattedAxiosError; replaced with\ninline `throw new Error('${response.status}:${await response.text()}')`\nthat preserves status+body in the error message. Folded `'Content-Type':\n'application/json'` into the module-private `API_HEADERS` constant and\nunwrapped `[ELASTIC_HTTP_VERSION_HEADER]: [INITIAL_REST_VERSION]` to a\nbare string - axios was setting Content-Type implicitly for object\nbodies and silently joining the single-element array, neither of which\nfetch does.\n- `cloud_project_handler.ts` - 4 axios calls (create project, delete\nproject, reset credentials, status poll).\n- `proxy_project_handler.ts` - same shape as `cloud_project_handler.ts`\nwith proxy-specific URLs.\n\nBoth project_handler files: catch blocks previously had an `if (error\ninstanceof AxiosError) { log status:data } else { log message }` branch;\nwith fetch the AxiosError branch is now dead, so they collapse to a\nsingle `this.log.error(${error.message})`. The thrown error's message\ncontains `${status}:${responseBody}` to preserve the same diagnostic\ncontent.\n\nThe retry callbacks' `error instanceof AxiosError && error.code ===\n'ENOTFOUND'` checks (used to log a friendlier \"URL not yet reachable\"\nmessage during DNS failures) were replaced with `(error as { cause?: {\ncode?: string } }).cause?.code === 'ENOTFOUND'` — Node fetch wraps the\nunderlying network error on `error.cause`, so DNS failures still surface\nwith `cause.code === 'ENOTFOUND'`. The one retry callback in\n`proxyHealthcheck` previously guarded its log behind `if (error\ninstanceof AxiosError)`; with fetch every error reaching that callback\nis HTTP/network-related, so the guard is dropped and the parameter\nomitted.\n\nRemoved the corresponding `run_cypress/` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage anywhere in\nthis directory is now blocked by the existing global ban.\n\n### Behavior parity\n\n- Status-based retry decisions unchanged: `res.ok` is true exactly for\n2xx, matching axios's auto-throw on non-2xx + `error.response.status ===\n200` checks.\n- ENOTFOUND detection unchanged: fetch's wrapped `cause.code` matches\naxios's `code` for DNS failures.\n- Error log content preserved: messages still include status code and\nresponse body where the original did.\n- The `catchAxiosErrorFormatAndThrow` import (which would have required\nmigrating the `format_axios_error.ts` utility owned by\n`@elastic/security-defend-workflows`) is no longer needed; that utility\nstays as-is for its other consumers and will be migrated in a later\nphase.","sha":"cbbfb6d9139df3fcb8a07ae05b9dc484f580d6dd"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.5.0","branchLabelMappingKey":"^v9.5.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/267684","number":267684,"mergeCommit":{"message":"chore(axios,security-engineering-productivity): remove axios from run_cypress scripts (#267684)\n\n## Summary\n\n**NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected - for these migrations\na quick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-engineering-productivity`. Phase 3 of the axios\nmigration tracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files under\n`x-pack/solutions/security/plugins/security_solution/scripts/run_cypress/`,\nall developer/CI scripts that spin up serverless test projects and poll\ntheir readiness:\n\n- `parallel_serverless.ts` - 5 axios calls (proxy healthcheck, ES\n`_cluster/health`, Kibana `/api/status`, ES root, Kibana login).\nReplaced with `fetch` + explicit `res.ok` check + typed `await\nres.json()`. Dropped the `.catch(catchAxiosErrorFormatAndThrow)`\nwrappers that wrapped AxiosError into FormattedAxiosError; replaced with\ninline `throw new Error('${response.status}:${await response.text()}')`\nthat preserves status+body in the error message. Folded `'Content-Type':\n'application/json'` into the module-private `API_HEADERS` constant and\nunwrapped `[ELASTIC_HTTP_VERSION_HEADER]: [INITIAL_REST_VERSION]` to a\nbare string - axios was setting Content-Type implicitly for object\nbodies and silently joining the single-element array, neither of which\nfetch does.\n- `cloud_project_handler.ts` - 4 axios calls (create project, delete\nproject, reset credentials, status poll).\n- `proxy_project_handler.ts` - same shape as `cloud_project_handler.ts`\nwith proxy-specific URLs.\n\nBoth project_handler files: catch blocks previously had an `if (error\ninstanceof AxiosError) { log status:data } else { log message }` branch;\nwith fetch the AxiosError branch is now dead, so they collapse to a\nsingle `this.log.error(${error.message})`. The thrown error's message\ncontains `${status}:${responseBody}` to preserve the same diagnostic\ncontent.\n\nThe retry callbacks' `error instanceof AxiosError && error.code ===\n'ENOTFOUND'` checks (used to log a friendlier \"URL not yet reachable\"\nmessage during DNS failures) were replaced with `(error as { cause?: {\ncode?: string } }).cause?.code === 'ENOTFOUND'` — Node fetch wraps the\nunderlying network error on `error.cause`, so DNS failures still surface\nwith `cause.code === 'ENOTFOUND'`. The one retry callback in\n`proxyHealthcheck` previously guarded its log behind `if (error\ninstanceof AxiosError)`; with fetch every error reaching that callback\nis HTTP/network-related, so the guard is dropped and the parameter\nomitted.\n\nRemoved the corresponding `run_cypress/` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage anywhere in\nthis directory is now blocked by the existing global ban.\n\n### Behavior parity\n\n- Status-based retry decisions unchanged: `res.ok` is true exactly for\n2xx, matching axios's auto-throw on non-2xx + `error.response.status ===\n200` checks.\n- ENOTFOUND detection unchanged: fetch's wrapped `cause.code` matches\naxios's `code` for DNS failures.\n- Error log content preserved: messages still include status code and\nresponse body where the original did.\n- The `catchAxiosErrorFormatAndThrow` import (which would have required\nmigrating the `format_axios_error.ts` utility owned by\n`@elastic/security-defend-workflows`) is no longer needed; that utility\nstays as-is for its other consumers and will be migrated in a later\nphase.","sha":"cbbfb6d9139df3fcb8a07ae05b9dc484f580d6dd"}}]}] BACKPORT--> Co-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co>
kibanamachine
added a commit
that referenced
this pull request
May 5, 2026
…om run_cypress scripts (#267684) (#267734) # Backport This will backport the following commits from `main` to `9.4`: - [chore(axios,security-engineering-productivity): remove axios from run_cypress scripts (#267684)](#267684) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Aleh Zasypkin","email":"aleh.zasypkin@elastic.co"},"sourceCommit":{"committedDate":"2026-05-05T13:08:17Z","message":"chore(axios,security-engineering-productivity): remove axios from run_cypress scripts (#267684)\n\n## Summary\n\n**NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected - for these migrations\na quick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-engineering-productivity`. Phase 3 of the axios\nmigration tracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files under\n`x-pack/solutions/security/plugins/security_solution/scripts/run_cypress/`,\nall developer/CI scripts that spin up serverless test projects and poll\ntheir readiness:\n\n- `parallel_serverless.ts` - 5 axios calls (proxy healthcheck, ES\n`_cluster/health`, Kibana `/api/status`, ES root, Kibana login).\nReplaced with `fetch` + explicit `res.ok` check + typed `await\nres.json()`. Dropped the `.catch(catchAxiosErrorFormatAndThrow)`\nwrappers that wrapped AxiosError into FormattedAxiosError; replaced with\ninline `throw new Error('${response.status}:${await response.text()}')`\nthat preserves status+body in the error message. Folded `'Content-Type':\n'application/json'` into the module-private `API_HEADERS` constant and\nunwrapped `[ELASTIC_HTTP_VERSION_HEADER]: [INITIAL_REST_VERSION]` to a\nbare string - axios was setting Content-Type implicitly for object\nbodies and silently joining the single-element array, neither of which\nfetch does.\n- `cloud_project_handler.ts` - 4 axios calls (create project, delete\nproject, reset credentials, status poll).\n- `proxy_project_handler.ts` - same shape as `cloud_project_handler.ts`\nwith proxy-specific URLs.\n\nBoth project_handler files: catch blocks previously had an `if (error\ninstanceof AxiosError) { log status:data } else { log message }` branch;\nwith fetch the AxiosError branch is now dead, so they collapse to a\nsingle `this.log.error(${error.message})`. The thrown error's message\ncontains `${status}:${responseBody}` to preserve the same diagnostic\ncontent.\n\nThe retry callbacks' `error instanceof AxiosError && error.code ===\n'ENOTFOUND'` checks (used to log a friendlier \"URL not yet reachable\"\nmessage during DNS failures) were replaced with `(error as { cause?: {\ncode?: string } }).cause?.code === 'ENOTFOUND'` — Node fetch wraps the\nunderlying network error on `error.cause`, so DNS failures still surface\nwith `cause.code === 'ENOTFOUND'`. The one retry callback in\n`proxyHealthcheck` previously guarded its log behind `if (error\ninstanceof AxiosError)`; with fetch every error reaching that callback\nis HTTP/network-related, so the guard is dropped and the parameter\nomitted.\n\nRemoved the corresponding `run_cypress/` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage anywhere in\nthis directory is now blocked by the existing global ban.\n\n### Behavior parity\n\n- Status-based retry decisions unchanged: `res.ok` is true exactly for\n2xx, matching axios's auto-throw on non-2xx + `error.response.status ===\n200` checks.\n- ENOTFOUND detection unchanged: fetch's wrapped `cause.code` matches\naxios's `code` for DNS failures.\n- Error log content preserved: messages still include status code and\nresponse body where the original did.\n- The `catchAxiosErrorFormatAndThrow` import (which would have required\nmigrating the `format_axios_error.ts` utility owned by\n`@elastic/security-defend-workflows`) is no longer needed; that utility\nstays as-is for its other consumers and will be migrated in a later\nphase.","sha":"cbbfb6d9139df3fcb8a07ae05b9dc484f580d6dd","branchLabelMapping":{"^v9.5.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["chore","release_note:skip","dependencies","backport:all-open","v9.5.0"],"title":"chore(axios,security-engineering-productivity): remove axios from run_cypress scripts","number":267684,"url":"https://github.com/elastic/kibana/pull/267684","mergeCommit":{"message":"chore(axios,security-engineering-productivity): remove axios from run_cypress scripts (#267684)\n\n## Summary\n\n**NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected - for these migrations\na quick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-engineering-productivity`. Phase 3 of the axios\nmigration tracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files under\n`x-pack/solutions/security/plugins/security_solution/scripts/run_cypress/`,\nall developer/CI scripts that spin up serverless test projects and poll\ntheir readiness:\n\n- `parallel_serverless.ts` - 5 axios calls (proxy healthcheck, ES\n`_cluster/health`, Kibana `/api/status`, ES root, Kibana login).\nReplaced with `fetch` + explicit `res.ok` check + typed `await\nres.json()`. Dropped the `.catch(catchAxiosErrorFormatAndThrow)`\nwrappers that wrapped AxiosError into FormattedAxiosError; replaced with\ninline `throw new Error('${response.status}:${await response.text()}')`\nthat preserves status+body in the error message. Folded `'Content-Type':\n'application/json'` into the module-private `API_HEADERS` constant and\nunwrapped `[ELASTIC_HTTP_VERSION_HEADER]: [INITIAL_REST_VERSION]` to a\nbare string - axios was setting Content-Type implicitly for object\nbodies and silently joining the single-element array, neither of which\nfetch does.\n- `cloud_project_handler.ts` - 4 axios calls (create project, delete\nproject, reset credentials, status poll).\n- `proxy_project_handler.ts` - same shape as `cloud_project_handler.ts`\nwith proxy-specific URLs.\n\nBoth project_handler files: catch blocks previously had an `if (error\ninstanceof AxiosError) { log status:data } else { log message }` branch;\nwith fetch the AxiosError branch is now dead, so they collapse to a\nsingle `this.log.error(${error.message})`. The thrown error's message\ncontains `${status}:${responseBody}` to preserve the same diagnostic\ncontent.\n\nThe retry callbacks' `error instanceof AxiosError && error.code ===\n'ENOTFOUND'` checks (used to log a friendlier \"URL not yet reachable\"\nmessage during DNS failures) were replaced with `(error as { cause?: {\ncode?: string } }).cause?.code === 'ENOTFOUND'` — Node fetch wraps the\nunderlying network error on `error.cause`, so DNS failures still surface\nwith `cause.code === 'ENOTFOUND'`. The one retry callback in\n`proxyHealthcheck` previously guarded its log behind `if (error\ninstanceof AxiosError)`; with fetch every error reaching that callback\nis HTTP/network-related, so the guard is dropped and the parameter\nomitted.\n\nRemoved the corresponding `run_cypress/` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage anywhere in\nthis directory is now blocked by the existing global ban.\n\n### Behavior parity\n\n- Status-based retry decisions unchanged: `res.ok` is true exactly for\n2xx, matching axios's auto-throw on non-2xx + `error.response.status ===\n200` checks.\n- ENOTFOUND detection unchanged: fetch's wrapped `cause.code` matches\naxios's `code` for DNS failures.\n- Error log content preserved: messages still include status code and\nresponse body where the original did.\n- The `catchAxiosErrorFormatAndThrow` import (which would have required\nmigrating the `format_axios_error.ts` utility owned by\n`@elastic/security-defend-workflows`) is no longer needed; that utility\nstays as-is for its other consumers and will be migrated in a later\nphase.","sha":"cbbfb6d9139df3fcb8a07ae05b9dc484f580d6dd"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.5.0","branchLabelMappingKey":"^v9.5.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/267684","number":267684,"mergeCommit":{"message":"chore(axios,security-engineering-productivity): remove axios from run_cypress scripts (#267684)\n\n## Summary\n\n**NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected - for these migrations\na quick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-engineering-productivity`. Phase 3 of the axios\nmigration tracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files under\n`x-pack/solutions/security/plugins/security_solution/scripts/run_cypress/`,\nall developer/CI scripts that spin up serverless test projects and poll\ntheir readiness:\n\n- `parallel_serverless.ts` - 5 axios calls (proxy healthcheck, ES\n`_cluster/health`, Kibana `/api/status`, ES root, Kibana login).\nReplaced with `fetch` + explicit `res.ok` check + typed `await\nres.json()`. Dropped the `.catch(catchAxiosErrorFormatAndThrow)`\nwrappers that wrapped AxiosError into FormattedAxiosError; replaced with\ninline `throw new Error('${response.status}:${await response.text()}')`\nthat preserves status+body in the error message. Folded `'Content-Type':\n'application/json'` into the module-private `API_HEADERS` constant and\nunwrapped `[ELASTIC_HTTP_VERSION_HEADER]: [INITIAL_REST_VERSION]` to a\nbare string - axios was setting Content-Type implicitly for object\nbodies and silently joining the single-element array, neither of which\nfetch does.\n- `cloud_project_handler.ts` - 4 axios calls (create project, delete\nproject, reset credentials, status poll).\n- `proxy_project_handler.ts` - same shape as `cloud_project_handler.ts`\nwith proxy-specific URLs.\n\nBoth project_handler files: catch blocks previously had an `if (error\ninstanceof AxiosError) { log status:data } else { log message }` branch;\nwith fetch the AxiosError branch is now dead, so they collapse to a\nsingle `this.log.error(${error.message})`. The thrown error's message\ncontains `${status}:${responseBody}` to preserve the same diagnostic\ncontent.\n\nThe retry callbacks' `error instanceof AxiosError && error.code ===\n'ENOTFOUND'` checks (used to log a friendlier \"URL not yet reachable\"\nmessage during DNS failures) were replaced with `(error as { cause?: {\ncode?: string } }).cause?.code === 'ENOTFOUND'` — Node fetch wraps the\nunderlying network error on `error.cause`, so DNS failures still surface\nwith `cause.code === 'ENOTFOUND'`. The one retry callback in\n`proxyHealthcheck` previously guarded its log behind `if (error\ninstanceof AxiosError)`; with fetch every error reaching that callback\nis HTTP/network-related, so the guard is dropped and the parameter\nomitted.\n\nRemoved the corresponding `run_cypress/` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage anywhere in\nthis directory is now blocked by the existing global ban.\n\n### Behavior parity\n\n- Status-based retry decisions unchanged: `res.ok` is true exactly for\n2xx, matching axios's auto-throw on non-2xx + `error.response.status ===\n200` checks.\n- ENOTFOUND detection unchanged: fetch's wrapped `cause.code` matches\naxios's `code` for DNS failures.\n- Error log content preserved: messages still include status code and\nresponse body where the original did.\n- The `catchAxiosErrorFormatAndThrow` import (which would have required\nmigrating the `format_axios_error.ts` utility owned by\n`@elastic/security-defend-workflows`) is no longer needed; that utility\nstays as-is for its other consumers and will be migrated in a later\nphase.","sha":"cbbfb6d9139df3fcb8a07ae05b9dc484f580d6dd"}}]}] BACKPORT--> Co-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
azasypkin
added a commit
that referenced
this pull request
May 6, 2026
…rom run_cypress scripts (#267684) (#267765) # Backport This will backport the following commits from `main` to `8.19`: - [chore(axios,security-engineering-productivity): remove axios from run_cypress scripts (#267684)](#267684) <!--- Backport version: 11.0.2 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Aleh Zasypkin","email":"aleh.zasypkin@elastic.co"},"sourceCommit":{"committedDate":"2026-05-05T13:08:17Z","message":"chore(axios,security-engineering-productivity): remove axios from run_cypress scripts (#267684)\n\n## Summary\n\n**NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected - for these migrations\na quick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-engineering-productivity`. Phase 3 of the axios\nmigration tracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files under\n`x-pack/solutions/security/plugins/security_solution/scripts/run_cypress/`,\nall developer/CI scripts that spin up serverless test projects and poll\ntheir readiness:\n\n- `parallel_serverless.ts` - 5 axios calls (proxy healthcheck, ES\n`_cluster/health`, Kibana `/api/status`, ES root, Kibana login).\nReplaced with `fetch` + explicit `res.ok` check + typed `await\nres.json()`. Dropped the `.catch(catchAxiosErrorFormatAndThrow)`\nwrappers that wrapped AxiosError into FormattedAxiosError; replaced with\ninline `throw new Error('${response.status}:${await response.text()}')`\nthat preserves status+body in the error message. Folded `'Content-Type':\n'application/json'` into the module-private `API_HEADERS` constant and\nunwrapped `[ELASTIC_HTTP_VERSION_HEADER]: [INITIAL_REST_VERSION]` to a\nbare string - axios was setting Content-Type implicitly for object\nbodies and silently joining the single-element array, neither of which\nfetch does.\n- `cloud_project_handler.ts` - 4 axios calls (create project, delete\nproject, reset credentials, status poll).\n- `proxy_project_handler.ts` - same shape as `cloud_project_handler.ts`\nwith proxy-specific URLs.\n\nBoth project_handler files: catch blocks previously had an `if (error\ninstanceof AxiosError) { log status:data } else { log message }` branch;\nwith fetch the AxiosError branch is now dead, so they collapse to a\nsingle `this.log.error(${error.message})`. The thrown error's message\ncontains `${status}:${responseBody}` to preserve the same diagnostic\ncontent.\n\nThe retry callbacks' `error instanceof AxiosError && error.code ===\n'ENOTFOUND'` checks (used to log a friendlier \"URL not yet reachable\"\nmessage during DNS failures) were replaced with `(error as { cause?: {\ncode?: string } }).cause?.code === 'ENOTFOUND'` — Node fetch wraps the\nunderlying network error on `error.cause`, so DNS failures still surface\nwith `cause.code === 'ENOTFOUND'`. The one retry callback in\n`proxyHealthcheck` previously guarded its log behind `if (error\ninstanceof AxiosError)`; with fetch every error reaching that callback\nis HTTP/network-related, so the guard is dropped and the parameter\nomitted.\n\nRemoved the corresponding `run_cypress/` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage anywhere in\nthis directory is now blocked by the existing global ban.\n\n### Behavior parity\n\n- Status-based retry decisions unchanged: `res.ok` is true exactly for\n2xx, matching axios's auto-throw on non-2xx + `error.response.status ===\n200` checks.\n- ENOTFOUND detection unchanged: fetch's wrapped `cause.code` matches\naxios's `code` for DNS failures.\n- Error log content preserved: messages still include status code and\nresponse body where the original did.\n- The `catchAxiosErrorFormatAndThrow` import (which would have required\nmigrating the `format_axios_error.ts` utility owned by\n`@elastic/security-defend-workflows`) is no longer needed; that utility\nstays as-is for its other consumers and will be migrated in a later\nphase.","sha":"cbbfb6d9139df3fcb8a07ae05b9dc484f580d6dd","branchLabelMapping":{"^v9.5.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["chore","release_note:skip","dependencies","backport:all-open","v9.5.0"],"title":"chore(axios,security-engineering-productivity): remove axios from run_cypress scripts","number":267684,"url":"https://github.com/elastic/kibana/pull/267684","mergeCommit":{"message":"chore(axios,security-engineering-productivity): remove axios from run_cypress scripts (#267684)\n\n## Summary\n\n**NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected - for these migrations\na quick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-engineering-productivity`. Phase 3 of the axios\nmigration tracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files under\n`x-pack/solutions/security/plugins/security_solution/scripts/run_cypress/`,\nall developer/CI scripts that spin up serverless test projects and poll\ntheir readiness:\n\n- `parallel_serverless.ts` - 5 axios calls (proxy healthcheck, ES\n`_cluster/health`, Kibana `/api/status`, ES root, Kibana login).\nReplaced with `fetch` + explicit `res.ok` check + typed `await\nres.json()`. Dropped the `.catch(catchAxiosErrorFormatAndThrow)`\nwrappers that wrapped AxiosError into FormattedAxiosError; replaced with\ninline `throw new Error('${response.status}:${await response.text()}')`\nthat preserves status+body in the error message. Folded `'Content-Type':\n'application/json'` into the module-private `API_HEADERS` constant and\nunwrapped `[ELASTIC_HTTP_VERSION_HEADER]: [INITIAL_REST_VERSION]` to a\nbare string - axios was setting Content-Type implicitly for object\nbodies and silently joining the single-element array, neither of which\nfetch does.\n- `cloud_project_handler.ts` - 4 axios calls (create project, delete\nproject, reset credentials, status poll).\n- `proxy_project_handler.ts` - same shape as `cloud_project_handler.ts`\nwith proxy-specific URLs.\n\nBoth project_handler files: catch blocks previously had an `if (error\ninstanceof AxiosError) { log status:data } else { log message }` branch;\nwith fetch the AxiosError branch is now dead, so they collapse to a\nsingle `this.log.error(${error.message})`. The thrown error's message\ncontains `${status}:${responseBody}` to preserve the same diagnostic\ncontent.\n\nThe retry callbacks' `error instanceof AxiosError && error.code ===\n'ENOTFOUND'` checks (used to log a friendlier \"URL not yet reachable\"\nmessage during DNS failures) were replaced with `(error as { cause?: {\ncode?: string } }).cause?.code === 'ENOTFOUND'` — Node fetch wraps the\nunderlying network error on `error.cause`, so DNS failures still surface\nwith `cause.code === 'ENOTFOUND'`. The one retry callback in\n`proxyHealthcheck` previously guarded its log behind `if (error\ninstanceof AxiosError)`; with fetch every error reaching that callback\nis HTTP/network-related, so the guard is dropped and the parameter\nomitted.\n\nRemoved the corresponding `run_cypress/` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage anywhere in\nthis directory is now blocked by the existing global ban.\n\n### Behavior parity\n\n- Status-based retry decisions unchanged: `res.ok` is true exactly for\n2xx, matching axios's auto-throw on non-2xx + `error.response.status ===\n200` checks.\n- ENOTFOUND detection unchanged: fetch's wrapped `cause.code` matches\naxios's `code` for DNS failures.\n- Error log content preserved: messages still include status code and\nresponse body where the original did.\n- The `catchAxiosErrorFormatAndThrow` import (which would have required\nmigrating the `format_axios_error.ts` utility owned by\n`@elastic/security-defend-workflows`) is no longer needed; that utility\nstays as-is for its other consumers and will be migrated in a later\nphase.","sha":"cbbfb6d9139df3fcb8a07ae05b9dc484f580d6dd"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.5.0","branchLabelMappingKey":"^v9.5.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/267684","number":267684,"mergeCommit":{"message":"chore(axios,security-engineering-productivity): remove axios from run_cypress scripts (#267684)\n\n## Summary\n\n**NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected - for these migrations\na quick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-engineering-productivity`. Phase 3 of the axios\nmigration tracked under #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files under\n`x-pack/solutions/security/plugins/security_solution/scripts/run_cypress/`,\nall developer/CI scripts that spin up serverless test projects and poll\ntheir readiness:\n\n- `parallel_serverless.ts` - 5 axios calls (proxy healthcheck, ES\n`_cluster/health`, Kibana `/api/status`, ES root, Kibana login).\nReplaced with `fetch` + explicit `res.ok` check + typed `await\nres.json()`. Dropped the `.catch(catchAxiosErrorFormatAndThrow)`\nwrappers that wrapped AxiosError into FormattedAxiosError; replaced with\ninline `throw new Error('${response.status}:${await response.text()}')`\nthat preserves status+body in the error message. Folded `'Content-Type':\n'application/json'` into the module-private `API_HEADERS` constant and\nunwrapped `[ELASTIC_HTTP_VERSION_HEADER]: [INITIAL_REST_VERSION]` to a\nbare string - axios was setting Content-Type implicitly for object\nbodies and silently joining the single-element array, neither of which\nfetch does.\n- `cloud_project_handler.ts` - 4 axios calls (create project, delete\nproject, reset credentials, status poll).\n- `proxy_project_handler.ts` - same shape as `cloud_project_handler.ts`\nwith proxy-specific URLs.\n\nBoth project_handler files: catch blocks previously had an `if (error\ninstanceof AxiosError) { log status:data } else { log message }` branch;\nwith fetch the AxiosError branch is now dead, so they collapse to a\nsingle `this.log.error(${error.message})`. The thrown error's message\ncontains `${status}:${responseBody}` to preserve the same diagnostic\ncontent.\n\nThe retry callbacks' `error instanceof AxiosError && error.code ===\n'ENOTFOUND'` checks (used to log a friendlier \"URL not yet reachable\"\nmessage during DNS failures) were replaced with `(error as { cause?: {\ncode?: string } }).cause?.code === 'ENOTFOUND'` — Node fetch wraps the\nunderlying network error on `error.cause`, so DNS failures still surface\nwith `cause.code === 'ENOTFOUND'`. The one retry callback in\n`proxyHealthcheck` previously guarded its log behind `if (error\ninstanceof AxiosError)`; with fetch every error reaching that callback\nis HTTP/network-related, so the guard is dropped and the parameter\nomitted.\n\nRemoved the corresponding `run_cypress/` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage anywhere in\nthis directory is now blocked by the existing global ban.\n\n### Behavior parity\n\n- Status-based retry decisions unchanged: `res.ok` is true exactly for\n2xx, matching axios's auto-throw on non-2xx + `error.response.status ===\n200` checks.\n- ENOTFOUND detection unchanged: fetch's wrapped `cause.code` matches\naxios's `code` for DNS failures.\n- Error log content preserved: messages still include status code and\nresponse body where the original did.\n- The `catchAxiosErrorFormatAndThrow` import (which would have required\nmigrating the `format_axios_error.ts` utility owned by\n`@elastic/security-defend-workflows`) is no longer needed; that utility\nstays as-is for its other consumers and will be migrated in a later\nphase.","sha":"cbbfb6d9139df3fcb8a07ae05b9dc484f580d6dd"}},{"url":"https://github.com/elastic/kibana/pull/267732","number":267732,"branch":"9.2","state":"OPEN"},{"url":"https://github.com/elastic/kibana/pull/267733","number":267733,"branch":"9.3","state":"OPEN"},{"url":"https://github.com/elastic/kibana/pull/267734","number":267734,"branch":"9.4","state":"OPEN"}]}] BACKPORT-->
azasypkin
added a commit
that referenced
this pull request
May 6, 2026
…or utils (#267512) (#267681) # Backport This will backport the following commits from `main` to `9.2`: - [chore(axios,workflows-eng): remove axios from workflows connector utils (#267512)](#267512) <!--- Backport version: 11.0.2 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Aleh Zasypkin","email":"aleh.zasypkin@elastic.co"},"sourceCommit":{"committedDate":"2026-05-05T08:05:42Z","message":"chore(axios,workflows-eng): remove axios from workflows connector utils (#267512)\n\n## Summary\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/workflows-eng`. Phase 2 of the axios migration tracked under\n#266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\n-\n`src/platform/plugins/shared/workflows_management/server/connectors/workflows/utils.ts`\npreviously imported `isAxiosError` from `axios` to decide whether to\nextract `error.response.data.message`. The production caller\n(`service.ts`) feeds errors thrown by the injected workflow services,\nnever AxiosError; the axios-specific branch was effectively dead\ndefensive code. Replaced the type-guard with duck-typed access to\n`response?.data?.message` so any HTTP-client error of similar shape\nstill gets the upstream message extracted.\n- `utils.test.ts` updated correspondingly: dropped the `AxiosError`\ntype-only import, renamed mocks to `httpError`, added `name: 'Error'` so\n`as Error` casts type-check. All 5 existing test cases still pass.\n- Removed the `workflows_management/server/connectors/workflows/**`\nentry from `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage\nin this directory is now blocked by the existing global ban. The broader\n`workflows_management/**` override that bans `*legacy*` imports still\napplies.\n\n### Behavior parity\n\nThe duck-typed access preserves the exact extraction logic: when the\nerror has `response.data.message`, that string is used; otherwise it\nfalls back to `error.message`. All five test cases (HTTP error with\n`data.message`, HTTP error with empty `data`, HTTP error without\n`response`, regular `Error`, error without message) pass without change\nto expected output.","sha":"5f51f6c8463974089a6d781c56dcdb928557c52b","branchLabelMapping":{"^v9.5.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["chore","release_note:skip","dependencies","backport:all-open","Team:One Workflow","v9.4.0","v9.5.0"],"title":"chore(axios,workflows-eng): remove axios from workflows connector utils","number":267512,"url":"https://github.com/elastic/kibana/pull/267512","mergeCommit":{"message":"chore(axios,workflows-eng): remove axios from workflows connector utils (#267512)\n\n## Summary\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/workflows-eng`. Phase 2 of the axios migration tracked under\n#266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\n-\n`src/platform/plugins/shared/workflows_management/server/connectors/workflows/utils.ts`\npreviously imported `isAxiosError` from `axios` to decide whether to\nextract `error.response.data.message`. The production caller\n(`service.ts`) feeds errors thrown by the injected workflow services,\nnever AxiosError; the axios-specific branch was effectively dead\ndefensive code. Replaced the type-guard with duck-typed access to\n`response?.data?.message` so any HTTP-client error of similar shape\nstill gets the upstream message extracted.\n- `utils.test.ts` updated correspondingly: dropped the `AxiosError`\ntype-only import, renamed mocks to `httpError`, added `name: 'Error'` so\n`as Error` casts type-check. All 5 existing test cases still pass.\n- Removed the `workflows_management/server/connectors/workflows/**`\nentry from `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage\nin this directory is now blocked by the existing global ban. The broader\n`workflows_management/**` override that bans `*legacy*` imports still\napplies.\n\n### Behavior parity\n\nThe duck-typed access preserves the exact extraction logic: when the\nerror has `response.data.message`, that string is used; otherwise it\nfalls back to `error.message`. All five test cases (HTTP error with\n`data.message`, HTTP error with empty `data`, HTTP error without\n`response`, regular `Error`, error without message) pass without change\nto expected output.","sha":"5f51f6c8463974089a6d781c56dcdb928557c52b"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"9.4","label":"v9.4.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/267665","number":267665,"state":"MERGED","mergeCommit":{"sha":"de5f2b8ecdfd4db23cafcabe81d376f0b54f251f","message":"[9.4] chore(axios,workflows-eng): remove axios from workflows connector utils (#267512) (#267665)\n\n# Backport\n\nThis will backport the following commits from `main` to `9.4`:\n- [chore(axios,workflows-eng): remove axios from workflows connector\nutils (#267512)](https://github.com/elastic/kibana/pull/267512)\n\n\n\n### Questions ?\nPlease refer to the [Backport tool\ndocumentation](https://github.com/sorenlouv/backport)\n\n\n\nCo-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co>"}},{"branch":"main","label":"v9.5.0","branchLabelMappingKey":"^v9.5.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/267512","number":267512,"mergeCommit":{"message":"chore(axios,workflows-eng): remove axios from workflows connector utils (#267512)\n\n## Summary\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/workflows-eng`. Phase 2 of the axios migration tracked under\n#266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\n-\n`src/platform/plugins/shared/workflows_management/server/connectors/workflows/utils.ts`\npreviously imported `isAxiosError` from `axios` to decide whether to\nextract `error.response.data.message`. The production caller\n(`service.ts`) feeds errors thrown by the injected workflow services,\nnever AxiosError; the axios-specific branch was effectively dead\ndefensive code. Replaced the type-guard with duck-typed access to\n`response?.data?.message` so any HTTP-client error of similar shape\nstill gets the upstream message extracted.\n- `utils.test.ts` updated correspondingly: dropped the `AxiosError`\ntype-only import, renamed mocks to `httpError`, added `name: 'Error'` so\n`as Error` casts type-check. All 5 existing test cases still pass.\n- Removed the `workflows_management/server/connectors/workflows/**`\nentry from `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage\nin this directory is now blocked by the existing global ban. The broader\n`workflows_management/**` override that bans `*legacy*` imports still\napplies.\n\n### Behavior parity\n\nThe duck-typed access preserves the exact extraction logic: when the\nerror has `response.data.message`, that string is used; otherwise it\nfalls back to `error.message`. All five test cases (HTTP error with\n`data.message`, HTTP error with empty `data`, HTTP error without\n`response`, regular `Error`, error without message) pass without change\nto expected output.","sha":"5f51f6c8463974089a6d781c56dcdb928557c52b"}}]}] BACKPORT-->
azasypkin
added a commit
that referenced
this pull request
May 6, 2026
…or utils (#267512) (#267679) # Backport This will backport the following commits from `main` to `9.3`: - [chore(axios,workflows-eng): remove axios from workflows connector utils (#267512)](#267512) <!--- Backport version: 11.0.2 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Aleh Zasypkin","email":"aleh.zasypkin@elastic.co"},"sourceCommit":{"committedDate":"2026-05-05T08:05:42Z","message":"chore(axios,workflows-eng): remove axios from workflows connector utils (#267512)\n\n## Summary\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/workflows-eng`. Phase 2 of the axios migration tracked under\n#266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\n-\n`src/platform/plugins/shared/workflows_management/server/connectors/workflows/utils.ts`\npreviously imported `isAxiosError` from `axios` to decide whether to\nextract `error.response.data.message`. The production caller\n(`service.ts`) feeds errors thrown by the injected workflow services,\nnever AxiosError; the axios-specific branch was effectively dead\ndefensive code. Replaced the type-guard with duck-typed access to\n`response?.data?.message` so any HTTP-client error of similar shape\nstill gets the upstream message extracted.\n- `utils.test.ts` updated correspondingly: dropped the `AxiosError`\ntype-only import, renamed mocks to `httpError`, added `name: 'Error'` so\n`as Error` casts type-check. All 5 existing test cases still pass.\n- Removed the `workflows_management/server/connectors/workflows/**`\nentry from `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage\nin this directory is now blocked by the existing global ban. The broader\n`workflows_management/**` override that bans `*legacy*` imports still\napplies.\n\n### Behavior parity\n\nThe duck-typed access preserves the exact extraction logic: when the\nerror has `response.data.message`, that string is used; otherwise it\nfalls back to `error.message`. All five test cases (HTTP error with\n`data.message`, HTTP error with empty `data`, HTTP error without\n`response`, regular `Error`, error without message) pass without change\nto expected output.","sha":"5f51f6c8463974089a6d781c56dcdb928557c52b","branchLabelMapping":{"^v9.5.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["chore","release_note:skip","dependencies","backport:all-open","Team:One Workflow","v9.4.0","v9.5.0"],"title":"chore(axios,workflows-eng): remove axios from workflows connector utils","number":267512,"url":"https://github.com/elastic/kibana/pull/267512","mergeCommit":{"message":"chore(axios,workflows-eng): remove axios from workflows connector utils (#267512)\n\n## Summary\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/workflows-eng`. Phase 2 of the axios migration tracked under\n#266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\n-\n`src/platform/plugins/shared/workflows_management/server/connectors/workflows/utils.ts`\npreviously imported `isAxiosError` from `axios` to decide whether to\nextract `error.response.data.message`. The production caller\n(`service.ts`) feeds errors thrown by the injected workflow services,\nnever AxiosError; the axios-specific branch was effectively dead\ndefensive code. Replaced the type-guard with duck-typed access to\n`response?.data?.message` so any HTTP-client error of similar shape\nstill gets the upstream message extracted.\n- `utils.test.ts` updated correspondingly: dropped the `AxiosError`\ntype-only import, renamed mocks to `httpError`, added `name: 'Error'` so\n`as Error` casts type-check. All 5 existing test cases still pass.\n- Removed the `workflows_management/server/connectors/workflows/**`\nentry from `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage\nin this directory is now blocked by the existing global ban. The broader\n`workflows_management/**` override that bans `*legacy*` imports still\napplies.\n\n### Behavior parity\n\nThe duck-typed access preserves the exact extraction logic: when the\nerror has `response.data.message`, that string is used; otherwise it\nfalls back to `error.message`. All five test cases (HTTP error with\n`data.message`, HTTP error with empty `data`, HTTP error without\n`response`, regular `Error`, error without message) pass without change\nto expected output.","sha":"5f51f6c8463974089a6d781c56dcdb928557c52b"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"9.4","label":"v9.4.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/267665","number":267665,"state":"MERGED","mergeCommit":{"sha":"de5f2b8ecdfd4db23cafcabe81d376f0b54f251f","message":"[9.4] chore(axios,workflows-eng): remove axios from workflows connector utils (#267512) (#267665)\n\n# Backport\n\nThis will backport the following commits from `main` to `9.4`:\n- [chore(axios,workflows-eng): remove axios from workflows connector\nutils (#267512)](https://github.com/elastic/kibana/pull/267512)\n\n\n\n### Questions ?\nPlease refer to the [Backport tool\ndocumentation](https://github.com/sorenlouv/backport)\n\n\n\nCo-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co>"}},{"branch":"main","label":"v9.5.0","branchLabelMappingKey":"^v9.5.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/267512","number":267512,"mergeCommit":{"message":"chore(axios,workflows-eng): remove axios from workflows connector utils (#267512)\n\n## Summary\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/workflows-eng`. Phase 2 of the axios migration tracked under\n#266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\n-\n`src/platform/plugins/shared/workflows_management/server/connectors/workflows/utils.ts`\npreviously imported `isAxiosError` from `axios` to decide whether to\nextract `error.response.data.message`. The production caller\n(`service.ts`) feeds errors thrown by the injected workflow services,\nnever AxiosError; the axios-specific branch was effectively dead\ndefensive code. Replaced the type-guard with duck-typed access to\n`response?.data?.message` so any HTTP-client error of similar shape\nstill gets the upstream message extracted.\n- `utils.test.ts` updated correspondingly: dropped the `AxiosError`\ntype-only import, renamed mocks to `httpError`, added `name: 'Error'` so\n`as Error` casts type-check. All 5 existing test cases still pass.\n- Removed the `workflows_management/server/connectors/workflows/**`\nentry from `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage\nin this directory is now blocked by the existing global ban. The broader\n`workflows_management/**` override that bans `*legacy*` imports still\napplies.\n\n### Behavior parity\n\nThe duck-typed access preserves the exact extraction logic: when the\nerror has `response.data.message`, that string is used; otherwise it\nfalls back to `error.message`. All five test cases (HTTP error with\n`data.message`, HTTP error with empty `data`, HTTP error without\n`response`, regular `Error`, error without message) pass without change\nto expected output.","sha":"5f51f6c8463974089a6d781c56dcdb928557c52b"}}]}] BACKPORT-->
azasypkin
added a commit
that referenced
this pull request
May 8, 2026
…pts (#267944) ## Summary > [!IMPORTANT] > **NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day. Please verify the changes still work as expected. For these migrations a quick run of the affected scripts/tests is worth more than a code-only review. This PR removes the `axios` dependency for files owned by `@elastic/security-solution`. Phase 4 of the axios migration tracked under #266556. ### Why Node.js 22 ships a native `fetch` API built on undici, and every browser Kibana targets supports `fetch` natively. Removing axios cuts one runtime dependency and continues the per-team rollout that mirrors the earlier node-fetch migration ([#250719](#250719) and siblings). ### Changes Three files migrated, two files **deferred to a later phase**: - `scripts/telemetry/build_ebt_data_view.ts`: 1 axios.get + 1 axios.put. Replaced with `fetch`, `res.ok` check, and typed `await res.json()` for the data-view fetch. - `scripts/telemetry/build_ebt_data_view.test.ts`: was mocking `axios.put` for `upsertRuntimeFields`. Switched to `jest.spyOn(global, 'fetch')`. The 16 existing test cases pass unchanged in intent: name/type/url assertions adapted to read the `fetch(url, init)` argument shape (`init.body` is now `JSON.stringify(payload)` rather than the third axios arg). Header equality and dotted-name handling assertions unchanged. - `server/lib/detection_engine/scripts/roles_users/create_role_and_user.ts`: 2 axios.put calls. Replaced with `fetch` and an explicit non-2xx throw that preserves status+body in the error message. Removed the `scripts/telemetry/**` and `server/lib/detection_engine/scripts/**` entries from `AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage in either of those directories is now blocked by the existing global ban. **Deferred to a later phase**: `server/integration_tests/configuration.test.ts` and `server/integration_tests/telemetry.test.ts` mock `axios` at the module level for code under `server/lib/telemetry/*`, which is owned by `@elastic/security-data-analytics` and not yet migrated. Test mocks must flip in lockstep with the production code they intercept; these two tests will migrate alongside that team's PR. ### Behavior parity Native fetch does not throw on non-2xx, so each call site explicitly checks `res.ok` / `res.status`. Errors thrown inside the migrated scripts now have the form `${status}:${body}` to keep the same diagnostic content the original axios errors carried. The diff is intentionally minimal: variable names, comment placement, try-catch structure, and error-handling shape from the original axios code are preserved.
kibanamachine
added a commit
that referenced
this pull request
May 8, 2026
…e scripts (#267944) (#268478) # Backport This will backport the following commits from `main` to `9.4`: - [chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)](#267944) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Aleh Zasypkin","email":"aleh.zasypkin@elastic.co"},"sourceCommit":{"committedDate":"2026-05-08T14:53:10Z","message":"chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)\n\n## Summary\n\n> [!IMPORTANT]\n> **NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected. For these migrations a\nquick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-solution`. Phase 4 of the axios migration tracked\nunder #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files migrated, two files **deferred to a later phase**:\n\n- `scripts/telemetry/build_ebt_data_view.ts`: 1 axios.get + 1 axios.put.\nReplaced with `fetch`, `res.ok` check, and typed `await res.json()` for\nthe data-view fetch.\n- `scripts/telemetry/build_ebt_data_view.test.ts`: was mocking\n`axios.put` for `upsertRuntimeFields`. Switched to `jest.spyOn(global,\n'fetch')`. The 16 existing test cases pass unchanged in intent:\nname/type/url assertions adapted to read the `fetch(url, init)` argument\nshape (`init.body` is now `JSON.stringify(payload)` rather than the\nthird axios arg). Header equality and dotted-name handling assertions\nunchanged.\n-\n`server/lib/detection_engine/scripts/roles_users/create_role_and_user.ts`:\n2 axios.put calls. Replaced with `fetch` and an explicit non-2xx throw\nthat preserves status+body in the error message.\n\nRemoved the `scripts/telemetry/**` and\n`server/lib/detection_engine/scripts/**` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage in either of\nthose directories is now blocked by the existing global ban.\n\n**Deferred to a later phase**:\n`server/integration_tests/configuration.test.ts` and\n`server/integration_tests/telemetry.test.ts` mock `axios` at the module\nlevel for code under `server/lib/telemetry/*`, which is owned by\n`@elastic/security-data-analytics` and not yet migrated. Test mocks must\nflip in lockstep with the production code they intercept; these two\ntests will migrate alongside that team's PR.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. Errors thrown inside the migrated\nscripts now have the form `${status}:${body}` to keep the same\ndiagnostic content the original axios errors carried. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-handling shape from the original axios code are\npreserved.","sha":"312e26c1241eb65a63c33c6d5acc3593ef6956d1","branchLabelMapping":{"^v9.5.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["chore","release_note:skip","backport:all-open","v9.5.0"],"title":"chore(axios,security-solution): remove axios from telemetry/role scripts","number":267944,"url":"https://github.com/elastic/kibana/pull/267944","mergeCommit":{"message":"chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)\n\n## Summary\n\n> [!IMPORTANT]\n> **NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected. For these migrations a\nquick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-solution`. Phase 4 of the axios migration tracked\nunder #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files migrated, two files **deferred to a later phase**:\n\n- `scripts/telemetry/build_ebt_data_view.ts`: 1 axios.get + 1 axios.put.\nReplaced with `fetch`, `res.ok` check, and typed `await res.json()` for\nthe data-view fetch.\n- `scripts/telemetry/build_ebt_data_view.test.ts`: was mocking\n`axios.put` for `upsertRuntimeFields`. Switched to `jest.spyOn(global,\n'fetch')`. The 16 existing test cases pass unchanged in intent:\nname/type/url assertions adapted to read the `fetch(url, init)` argument\nshape (`init.body` is now `JSON.stringify(payload)` rather than the\nthird axios arg). Header equality and dotted-name handling assertions\nunchanged.\n-\n`server/lib/detection_engine/scripts/roles_users/create_role_and_user.ts`:\n2 axios.put calls. Replaced with `fetch` and an explicit non-2xx throw\nthat preserves status+body in the error message.\n\nRemoved the `scripts/telemetry/**` and\n`server/lib/detection_engine/scripts/**` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage in either of\nthose directories is now blocked by the existing global ban.\n\n**Deferred to a later phase**:\n`server/integration_tests/configuration.test.ts` and\n`server/integration_tests/telemetry.test.ts` mock `axios` at the module\nlevel for code under `server/lib/telemetry/*`, which is owned by\n`@elastic/security-data-analytics` and not yet migrated. Test mocks must\nflip in lockstep with the production code they intercept; these two\ntests will migrate alongside that team's PR.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. Errors thrown inside the migrated\nscripts now have the form `${status}:${body}` to keep the same\ndiagnostic content the original axios errors carried. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-handling shape from the original axios code are\npreserved.","sha":"312e26c1241eb65a63c33c6d5acc3593ef6956d1"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.5.0","branchLabelMappingKey":"^v9.5.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/267944","number":267944,"mergeCommit":{"message":"chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)\n\n## Summary\n\n> [!IMPORTANT]\n> **NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected. For these migrations a\nquick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-solution`. Phase 4 of the axios migration tracked\nunder #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files migrated, two files **deferred to a later phase**:\n\n- `scripts/telemetry/build_ebt_data_view.ts`: 1 axios.get + 1 axios.put.\nReplaced with `fetch`, `res.ok` check, and typed `await res.json()` for\nthe data-view fetch.\n- `scripts/telemetry/build_ebt_data_view.test.ts`: was mocking\n`axios.put` for `upsertRuntimeFields`. Switched to `jest.spyOn(global,\n'fetch')`. The 16 existing test cases pass unchanged in intent:\nname/type/url assertions adapted to read the `fetch(url, init)` argument\nshape (`init.body` is now `JSON.stringify(payload)` rather than the\nthird axios arg). Header equality and dotted-name handling assertions\nunchanged.\n-\n`server/lib/detection_engine/scripts/roles_users/create_role_and_user.ts`:\n2 axios.put calls. Replaced with `fetch` and an explicit non-2xx throw\nthat preserves status+body in the error message.\n\nRemoved the `scripts/telemetry/**` and\n`server/lib/detection_engine/scripts/**` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage in either of\nthose directories is now blocked by the existing global ban.\n\n**Deferred to a later phase**:\n`server/integration_tests/configuration.test.ts` and\n`server/integration_tests/telemetry.test.ts` mock `axios` at the module\nlevel for code under `server/lib/telemetry/*`, which is owned by\n`@elastic/security-data-analytics` and not yet migrated. Test mocks must\nflip in lockstep with the production code they intercept; these two\ntests will migrate alongside that team's PR.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. Errors thrown inside the migrated\nscripts now have the form `${status}:${body}` to keep the same\ndiagnostic content the original axios errors carried. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-handling shape from the original axios code are\npreserved.","sha":"312e26c1241eb65a63c33c6d5acc3593ef6956d1"}}]}] BACKPORT--> Co-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co>
kibanamachine
added a commit
that referenced
this pull request
May 8, 2026
…le scripts (#267944) (#268475) # Backport This will backport the following commits from `main` to `8.19`: - [chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)](#267944) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Aleh Zasypkin","email":"aleh.zasypkin@elastic.co"},"sourceCommit":{"committedDate":"2026-05-08T14:53:10Z","message":"chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)\n\n## Summary\n\n> [!IMPORTANT]\n> **NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected. For these migrations a\nquick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-solution`. Phase 4 of the axios migration tracked\nunder #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files migrated, two files **deferred to a later phase**:\n\n- `scripts/telemetry/build_ebt_data_view.ts`: 1 axios.get + 1 axios.put.\nReplaced with `fetch`, `res.ok` check, and typed `await res.json()` for\nthe data-view fetch.\n- `scripts/telemetry/build_ebt_data_view.test.ts`: was mocking\n`axios.put` for `upsertRuntimeFields`. Switched to `jest.spyOn(global,\n'fetch')`. The 16 existing test cases pass unchanged in intent:\nname/type/url assertions adapted to read the `fetch(url, init)` argument\nshape (`init.body` is now `JSON.stringify(payload)` rather than the\nthird axios arg). Header equality and dotted-name handling assertions\nunchanged.\n-\n`server/lib/detection_engine/scripts/roles_users/create_role_and_user.ts`:\n2 axios.put calls. Replaced with `fetch` and an explicit non-2xx throw\nthat preserves status+body in the error message.\n\nRemoved the `scripts/telemetry/**` and\n`server/lib/detection_engine/scripts/**` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage in either of\nthose directories is now blocked by the existing global ban.\n\n**Deferred to a later phase**:\n`server/integration_tests/configuration.test.ts` and\n`server/integration_tests/telemetry.test.ts` mock `axios` at the module\nlevel for code under `server/lib/telemetry/*`, which is owned by\n`@elastic/security-data-analytics` and not yet migrated. Test mocks must\nflip in lockstep with the production code they intercept; these two\ntests will migrate alongside that team's PR.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. Errors thrown inside the migrated\nscripts now have the form `${status}:${body}` to keep the same\ndiagnostic content the original axios errors carried. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-handling shape from the original axios code are\npreserved.","sha":"312e26c1241eb65a63c33c6d5acc3593ef6956d1","branchLabelMapping":{"^v9.5.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["chore","release_note:skip","backport:all-open","v9.5.0"],"title":"chore(axios,security-solution): remove axios from telemetry/role scripts","number":267944,"url":"https://github.com/elastic/kibana/pull/267944","mergeCommit":{"message":"chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)\n\n## Summary\n\n> [!IMPORTANT]\n> **NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected. For these migrations a\nquick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-solution`. Phase 4 of the axios migration tracked\nunder #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files migrated, two files **deferred to a later phase**:\n\n- `scripts/telemetry/build_ebt_data_view.ts`: 1 axios.get + 1 axios.put.\nReplaced with `fetch`, `res.ok` check, and typed `await res.json()` for\nthe data-view fetch.\n- `scripts/telemetry/build_ebt_data_view.test.ts`: was mocking\n`axios.put` for `upsertRuntimeFields`. Switched to `jest.spyOn(global,\n'fetch')`. The 16 existing test cases pass unchanged in intent:\nname/type/url assertions adapted to read the `fetch(url, init)` argument\nshape (`init.body` is now `JSON.stringify(payload)` rather than the\nthird axios arg). Header equality and dotted-name handling assertions\nunchanged.\n-\n`server/lib/detection_engine/scripts/roles_users/create_role_and_user.ts`:\n2 axios.put calls. Replaced with `fetch` and an explicit non-2xx throw\nthat preserves status+body in the error message.\n\nRemoved the `scripts/telemetry/**` and\n`server/lib/detection_engine/scripts/**` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage in either of\nthose directories is now blocked by the existing global ban.\n\n**Deferred to a later phase**:\n`server/integration_tests/configuration.test.ts` and\n`server/integration_tests/telemetry.test.ts` mock `axios` at the module\nlevel for code under `server/lib/telemetry/*`, which is owned by\n`@elastic/security-data-analytics` and not yet migrated. Test mocks must\nflip in lockstep with the production code they intercept; these two\ntests will migrate alongside that team's PR.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. Errors thrown inside the migrated\nscripts now have the form `${status}:${body}` to keep the same\ndiagnostic content the original axios errors carried. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-handling shape from the original axios code are\npreserved.","sha":"312e26c1241eb65a63c33c6d5acc3593ef6956d1"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.5.0","branchLabelMappingKey":"^v9.5.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/267944","number":267944,"mergeCommit":{"message":"chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)\n\n## Summary\n\n> [!IMPORTANT]\n> **NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected. For these migrations a\nquick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-solution`. Phase 4 of the axios migration tracked\nunder #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files migrated, two files **deferred to a later phase**:\n\n- `scripts/telemetry/build_ebt_data_view.ts`: 1 axios.get + 1 axios.put.\nReplaced with `fetch`, `res.ok` check, and typed `await res.json()` for\nthe data-view fetch.\n- `scripts/telemetry/build_ebt_data_view.test.ts`: was mocking\n`axios.put` for `upsertRuntimeFields`. Switched to `jest.spyOn(global,\n'fetch')`. The 16 existing test cases pass unchanged in intent:\nname/type/url assertions adapted to read the `fetch(url, init)` argument\nshape (`init.body` is now `JSON.stringify(payload)` rather than the\nthird axios arg). Header equality and dotted-name handling assertions\nunchanged.\n-\n`server/lib/detection_engine/scripts/roles_users/create_role_and_user.ts`:\n2 axios.put calls. Replaced with `fetch` and an explicit non-2xx throw\nthat preserves status+body in the error message.\n\nRemoved the `scripts/telemetry/**` and\n`server/lib/detection_engine/scripts/**` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage in either of\nthose directories is now blocked by the existing global ban.\n\n**Deferred to a later phase**:\n`server/integration_tests/configuration.test.ts` and\n`server/integration_tests/telemetry.test.ts` mock `axios` at the module\nlevel for code under `server/lib/telemetry/*`, which is owned by\n`@elastic/security-data-analytics` and not yet migrated. Test mocks must\nflip in lockstep with the production code they intercept; these two\ntests will migrate alongside that team's PR.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. Errors thrown inside the migrated\nscripts now have the form `${status}:${body}` to keep the same\ndiagnostic content the original axios errors carried. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-handling shape from the original axios code are\npreserved.","sha":"312e26c1241eb65a63c33c6d5acc3593ef6956d1"}}]}] BACKPORT--> Co-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co>
kibanamachine
added a commit
that referenced
this pull request
May 8, 2026
…e scripts (#267944) (#268476) # Backport This will backport the following commits from `main` to `9.3`: - [chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)](#267944) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Aleh Zasypkin","email":"aleh.zasypkin@elastic.co"},"sourceCommit":{"committedDate":"2026-05-08T14:53:10Z","message":"chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)\n\n## Summary\n\n> [!IMPORTANT]\n> **NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected. For these migrations a\nquick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-solution`. Phase 4 of the axios migration tracked\nunder #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files migrated, two files **deferred to a later phase**:\n\n- `scripts/telemetry/build_ebt_data_view.ts`: 1 axios.get + 1 axios.put.\nReplaced with `fetch`, `res.ok` check, and typed `await res.json()` for\nthe data-view fetch.\n- `scripts/telemetry/build_ebt_data_view.test.ts`: was mocking\n`axios.put` for `upsertRuntimeFields`. Switched to `jest.spyOn(global,\n'fetch')`. The 16 existing test cases pass unchanged in intent:\nname/type/url assertions adapted to read the `fetch(url, init)` argument\nshape (`init.body` is now `JSON.stringify(payload)` rather than the\nthird axios arg). Header equality and dotted-name handling assertions\nunchanged.\n-\n`server/lib/detection_engine/scripts/roles_users/create_role_and_user.ts`:\n2 axios.put calls. Replaced with `fetch` and an explicit non-2xx throw\nthat preserves status+body in the error message.\n\nRemoved the `scripts/telemetry/**` and\n`server/lib/detection_engine/scripts/**` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage in either of\nthose directories is now blocked by the existing global ban.\n\n**Deferred to a later phase**:\n`server/integration_tests/configuration.test.ts` and\n`server/integration_tests/telemetry.test.ts` mock `axios` at the module\nlevel for code under `server/lib/telemetry/*`, which is owned by\n`@elastic/security-data-analytics` and not yet migrated. Test mocks must\nflip in lockstep with the production code they intercept; these two\ntests will migrate alongside that team's PR.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. Errors thrown inside the migrated\nscripts now have the form `${status}:${body}` to keep the same\ndiagnostic content the original axios errors carried. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-handling shape from the original axios code are\npreserved.","sha":"312e26c1241eb65a63c33c6d5acc3593ef6956d1","branchLabelMapping":{"^v9.5.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["chore","release_note:skip","backport:all-open","v9.5.0"],"title":"chore(axios,security-solution): remove axios from telemetry/role scripts","number":267944,"url":"https://github.com/elastic/kibana/pull/267944","mergeCommit":{"message":"chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)\n\n## Summary\n\n> [!IMPORTANT]\n> **NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected. For these migrations a\nquick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-solution`. Phase 4 of the axios migration tracked\nunder #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files migrated, two files **deferred to a later phase**:\n\n- `scripts/telemetry/build_ebt_data_view.ts`: 1 axios.get + 1 axios.put.\nReplaced with `fetch`, `res.ok` check, and typed `await res.json()` for\nthe data-view fetch.\n- `scripts/telemetry/build_ebt_data_view.test.ts`: was mocking\n`axios.put` for `upsertRuntimeFields`. Switched to `jest.spyOn(global,\n'fetch')`. The 16 existing test cases pass unchanged in intent:\nname/type/url assertions adapted to read the `fetch(url, init)` argument\nshape (`init.body` is now `JSON.stringify(payload)` rather than the\nthird axios arg). Header equality and dotted-name handling assertions\nunchanged.\n-\n`server/lib/detection_engine/scripts/roles_users/create_role_and_user.ts`:\n2 axios.put calls. Replaced with `fetch` and an explicit non-2xx throw\nthat preserves status+body in the error message.\n\nRemoved the `scripts/telemetry/**` and\n`server/lib/detection_engine/scripts/**` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage in either of\nthose directories is now blocked by the existing global ban.\n\n**Deferred to a later phase**:\n`server/integration_tests/configuration.test.ts` and\n`server/integration_tests/telemetry.test.ts` mock `axios` at the module\nlevel for code under `server/lib/telemetry/*`, which is owned by\n`@elastic/security-data-analytics` and not yet migrated. Test mocks must\nflip in lockstep with the production code they intercept; these two\ntests will migrate alongside that team's PR.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. Errors thrown inside the migrated\nscripts now have the form `${status}:${body}` to keep the same\ndiagnostic content the original axios errors carried. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-handling shape from the original axios code are\npreserved.","sha":"312e26c1241eb65a63c33c6d5acc3593ef6956d1"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.5.0","branchLabelMappingKey":"^v9.5.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/267944","number":267944,"mergeCommit":{"message":"chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)\n\n## Summary\n\n> [!IMPORTANT]\n> **NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected. For these migrations a\nquick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-solution`. Phase 4 of the axios migration tracked\nunder #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files migrated, two files **deferred to a later phase**:\n\n- `scripts/telemetry/build_ebt_data_view.ts`: 1 axios.get + 1 axios.put.\nReplaced with `fetch`, `res.ok` check, and typed `await res.json()` for\nthe data-view fetch.\n- `scripts/telemetry/build_ebt_data_view.test.ts`: was mocking\n`axios.put` for `upsertRuntimeFields`. Switched to `jest.spyOn(global,\n'fetch')`. The 16 existing test cases pass unchanged in intent:\nname/type/url assertions adapted to read the `fetch(url, init)` argument\nshape (`init.body` is now `JSON.stringify(payload)` rather than the\nthird axios arg). Header equality and dotted-name handling assertions\nunchanged.\n-\n`server/lib/detection_engine/scripts/roles_users/create_role_and_user.ts`:\n2 axios.put calls. Replaced with `fetch` and an explicit non-2xx throw\nthat preserves status+body in the error message.\n\nRemoved the `scripts/telemetry/**` and\n`server/lib/detection_engine/scripts/**` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage in either of\nthose directories is now blocked by the existing global ban.\n\n**Deferred to a later phase**:\n`server/integration_tests/configuration.test.ts` and\n`server/integration_tests/telemetry.test.ts` mock `axios` at the module\nlevel for code under `server/lib/telemetry/*`, which is owned by\n`@elastic/security-data-analytics` and not yet migrated. Test mocks must\nflip in lockstep with the production code they intercept; these two\ntests will migrate alongside that team's PR.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. Errors thrown inside the migrated\nscripts now have the form `${status}:${body}` to keep the same\ndiagnostic content the original axios errors carried. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-handling shape from the original axios code are\npreserved.","sha":"312e26c1241eb65a63c33c6d5acc3593ef6956d1"}}]}] BACKPORT--> Co-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR removes the
node-fetchdependency for files owned by@elastic/ml-ui.Why
Node.js 18+ includes a native
fetchAPI (built on undici internally), making thenode-fetchpackage unnecessary. This reduces the dependency footprint by removing one runtime dependency and its transitive dependencies.Changes
Readable.fromWeb()for stream conversionWarning
These changes were vibe-coded using the AI agent
claude-4.5-opus-high. Please review carefully.Test plan