chore(axios,security-solution): remove axios from telemetry/role scripts#267944
Merged
azasypkin merged 1 commit intoelastic:mainfrom May 8, 2026
Merged
Conversation
azasypkin
added
chore
release_note:skip
azasypkin
force-pushed
the
issue-2244-remove-axios-phase-4
branch
from
fc4bff5 to
59a18cf
Compare
Contributor
💚 Build Succeeded
Metrics [docs]
History
|
tylersmalley
approved these changes
May 6, 2026
stephmilovic
approved these changes
May 8, 2026
Contributor
|
Starting backport for target branches: 8.19, 9.3, 9.4 https://github.com/elastic/kibana/actions/runs/25562389411 |
This was referenced May 8, 2026
Merged
Merged
Contributor
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
May 8, 2026
…e scripts (#267944) (#268478) # Backport This will backport the following commits from `main` to `9.4`: - [chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)](#267944) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Aleh Zasypkin","email":"aleh.zasypkin@elastic.co"},"sourceCommit":{"committedDate":"2026-05-08T14:53:10Z","message":"chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)\n\n## Summary\n\n> [!IMPORTANT]\n> **NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected. For these migrations a\nquick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-solution`. Phase 4 of the axios migration tracked\nunder #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files migrated, two files **deferred to a later phase**:\n\n- `scripts/telemetry/build_ebt_data_view.ts`: 1 axios.get + 1 axios.put.\nReplaced with `fetch`, `res.ok` check, and typed `await res.json()` for\nthe data-view fetch.\n- `scripts/telemetry/build_ebt_data_view.test.ts`: was mocking\n`axios.put` for `upsertRuntimeFields`. Switched to `jest.spyOn(global,\n'fetch')`. The 16 existing test cases pass unchanged in intent:\nname/type/url assertions adapted to read the `fetch(url, init)` argument\nshape (`init.body` is now `JSON.stringify(payload)` rather than the\nthird axios arg). Header equality and dotted-name handling assertions\nunchanged.\n-\n`server/lib/detection_engine/scripts/roles_users/create_role_and_user.ts`:\n2 axios.put calls. Replaced with `fetch` and an explicit non-2xx throw\nthat preserves status+body in the error message.\n\nRemoved the `scripts/telemetry/**` and\n`server/lib/detection_engine/scripts/**` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage in either of\nthose directories is now blocked by the existing global ban.\n\n**Deferred to a later phase**:\n`server/integration_tests/configuration.test.ts` and\n`server/integration_tests/telemetry.test.ts` mock `axios` at the module\nlevel for code under `server/lib/telemetry/*`, which is owned by\n`@elastic/security-data-analytics` and not yet migrated. Test mocks must\nflip in lockstep with the production code they intercept; these two\ntests will migrate alongside that team's PR.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. Errors thrown inside the migrated\nscripts now have the form `${status}:${body}` to keep the same\ndiagnostic content the original axios errors carried. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-handling shape from the original axios code are\npreserved.","sha":"312e26c1241eb65a63c33c6d5acc3593ef6956d1","branchLabelMapping":{"^v9.5.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["chore","release_note:skip","backport:all-open","v9.5.0"],"title":"chore(axios,security-solution): remove axios from telemetry/role scripts","number":267944,"url":"https://github.com/elastic/kibana/pull/267944","mergeCommit":{"message":"chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)\n\n## Summary\n\n> [!IMPORTANT]\n> **NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected. For these migrations a\nquick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-solution`. Phase 4 of the axios migration tracked\nunder #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files migrated, two files **deferred to a later phase**:\n\n- `scripts/telemetry/build_ebt_data_view.ts`: 1 axios.get + 1 axios.put.\nReplaced with `fetch`, `res.ok` check, and typed `await res.json()` for\nthe data-view fetch.\n- `scripts/telemetry/build_ebt_data_view.test.ts`: was mocking\n`axios.put` for `upsertRuntimeFields`. Switched to `jest.spyOn(global,\n'fetch')`. The 16 existing test cases pass unchanged in intent:\nname/type/url assertions adapted to read the `fetch(url, init)` argument\nshape (`init.body` is now `JSON.stringify(payload)` rather than the\nthird axios arg). Header equality and dotted-name handling assertions\nunchanged.\n-\n`server/lib/detection_engine/scripts/roles_users/create_role_and_user.ts`:\n2 axios.put calls. Replaced with `fetch` and an explicit non-2xx throw\nthat preserves status+body in the error message.\n\nRemoved the `scripts/telemetry/**` and\n`server/lib/detection_engine/scripts/**` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage in either of\nthose directories is now blocked by the existing global ban.\n\n**Deferred to a later phase**:\n`server/integration_tests/configuration.test.ts` and\n`server/integration_tests/telemetry.test.ts` mock `axios` at the module\nlevel for code under `server/lib/telemetry/*`, which is owned by\n`@elastic/security-data-analytics` and not yet migrated. Test mocks must\nflip in lockstep with the production code they intercept; these two\ntests will migrate alongside that team's PR.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. Errors thrown inside the migrated\nscripts now have the form `${status}:${body}` to keep the same\ndiagnostic content the original axios errors carried. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-handling shape from the original axios code are\npreserved.","sha":"312e26c1241eb65a63c33c6d5acc3593ef6956d1"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.5.0","branchLabelMappingKey":"^v9.5.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/267944","number":267944,"mergeCommit":{"message":"chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)\n\n## Summary\n\n> [!IMPORTANT]\n> **NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected. For these migrations a\nquick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-solution`. Phase 4 of the axios migration tracked\nunder #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files migrated, two files **deferred to a later phase**:\n\n- `scripts/telemetry/build_ebt_data_view.ts`: 1 axios.get + 1 axios.put.\nReplaced with `fetch`, `res.ok` check, and typed `await res.json()` for\nthe data-view fetch.\n- `scripts/telemetry/build_ebt_data_view.test.ts`: was mocking\n`axios.put` for `upsertRuntimeFields`. Switched to `jest.spyOn(global,\n'fetch')`. The 16 existing test cases pass unchanged in intent:\nname/type/url assertions adapted to read the `fetch(url, init)` argument\nshape (`init.body` is now `JSON.stringify(payload)` rather than the\nthird axios arg). Header equality and dotted-name handling assertions\nunchanged.\n-\n`server/lib/detection_engine/scripts/roles_users/create_role_and_user.ts`:\n2 axios.put calls. Replaced with `fetch` and an explicit non-2xx throw\nthat preserves status+body in the error message.\n\nRemoved the `scripts/telemetry/**` and\n`server/lib/detection_engine/scripts/**` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage in either of\nthose directories is now blocked by the existing global ban.\n\n**Deferred to a later phase**:\n`server/integration_tests/configuration.test.ts` and\n`server/integration_tests/telemetry.test.ts` mock `axios` at the module\nlevel for code under `server/lib/telemetry/*`, which is owned by\n`@elastic/security-data-analytics` and not yet migrated. Test mocks must\nflip in lockstep with the production code they intercept; these two\ntests will migrate alongside that team's PR.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. Errors thrown inside the migrated\nscripts now have the form `${status}:${body}` to keep the same\ndiagnostic content the original axios errors carried. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-handling shape from the original axios code are\npreserved.","sha":"312e26c1241eb65a63c33c6d5acc3593ef6956d1"}}]}] BACKPORT--> Co-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co>
3 tasks
kibanamachine
added a commit
that referenced
this pull request
May 8, 2026
…le scripts (#267944) (#268475) # Backport This will backport the following commits from `main` to `8.19`: - [chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)](#267944) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Aleh Zasypkin","email":"aleh.zasypkin@elastic.co"},"sourceCommit":{"committedDate":"2026-05-08T14:53:10Z","message":"chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)\n\n## Summary\n\n> [!IMPORTANT]\n> **NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected. For these migrations a\nquick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-solution`. Phase 4 of the axios migration tracked\nunder #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files migrated, two files **deferred to a later phase**:\n\n- `scripts/telemetry/build_ebt_data_view.ts`: 1 axios.get + 1 axios.put.\nReplaced with `fetch`, `res.ok` check, and typed `await res.json()` for\nthe data-view fetch.\n- `scripts/telemetry/build_ebt_data_view.test.ts`: was mocking\n`axios.put` for `upsertRuntimeFields`. Switched to `jest.spyOn(global,\n'fetch')`. The 16 existing test cases pass unchanged in intent:\nname/type/url assertions adapted to read the `fetch(url, init)` argument\nshape (`init.body` is now `JSON.stringify(payload)` rather than the\nthird axios arg). Header equality and dotted-name handling assertions\nunchanged.\n-\n`server/lib/detection_engine/scripts/roles_users/create_role_and_user.ts`:\n2 axios.put calls. Replaced with `fetch` and an explicit non-2xx throw\nthat preserves status+body in the error message.\n\nRemoved the `scripts/telemetry/**` and\n`server/lib/detection_engine/scripts/**` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage in either of\nthose directories is now blocked by the existing global ban.\n\n**Deferred to a later phase**:\n`server/integration_tests/configuration.test.ts` and\n`server/integration_tests/telemetry.test.ts` mock `axios` at the module\nlevel for code under `server/lib/telemetry/*`, which is owned by\n`@elastic/security-data-analytics` and not yet migrated. Test mocks must\nflip in lockstep with the production code they intercept; these two\ntests will migrate alongside that team's PR.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. Errors thrown inside the migrated\nscripts now have the form `${status}:${body}` to keep the same\ndiagnostic content the original axios errors carried. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-handling shape from the original axios code are\npreserved.","sha":"312e26c1241eb65a63c33c6d5acc3593ef6956d1","branchLabelMapping":{"^v9.5.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["chore","release_note:skip","backport:all-open","v9.5.0"],"title":"chore(axios,security-solution): remove axios from telemetry/role scripts","number":267944,"url":"https://github.com/elastic/kibana/pull/267944","mergeCommit":{"message":"chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)\n\n## Summary\n\n> [!IMPORTANT]\n> **NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected. For these migrations a\nquick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-solution`. Phase 4 of the axios migration tracked\nunder #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files migrated, two files **deferred to a later phase**:\n\n- `scripts/telemetry/build_ebt_data_view.ts`: 1 axios.get + 1 axios.put.\nReplaced with `fetch`, `res.ok` check, and typed `await res.json()` for\nthe data-view fetch.\n- `scripts/telemetry/build_ebt_data_view.test.ts`: was mocking\n`axios.put` for `upsertRuntimeFields`. Switched to `jest.spyOn(global,\n'fetch')`. The 16 existing test cases pass unchanged in intent:\nname/type/url assertions adapted to read the `fetch(url, init)` argument\nshape (`init.body` is now `JSON.stringify(payload)` rather than the\nthird axios arg). Header equality and dotted-name handling assertions\nunchanged.\n-\n`server/lib/detection_engine/scripts/roles_users/create_role_and_user.ts`:\n2 axios.put calls. Replaced with `fetch` and an explicit non-2xx throw\nthat preserves status+body in the error message.\n\nRemoved the `scripts/telemetry/**` and\n`server/lib/detection_engine/scripts/**` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage in either of\nthose directories is now blocked by the existing global ban.\n\n**Deferred to a later phase**:\n`server/integration_tests/configuration.test.ts` and\n`server/integration_tests/telemetry.test.ts` mock `axios` at the module\nlevel for code under `server/lib/telemetry/*`, which is owned by\n`@elastic/security-data-analytics` and not yet migrated. Test mocks must\nflip in lockstep with the production code they intercept; these two\ntests will migrate alongside that team's PR.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. Errors thrown inside the migrated\nscripts now have the form `${status}:${body}` to keep the same\ndiagnostic content the original axios errors carried. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-handling shape from the original axios code are\npreserved.","sha":"312e26c1241eb65a63c33c6d5acc3593ef6956d1"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.5.0","branchLabelMappingKey":"^v9.5.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/267944","number":267944,"mergeCommit":{"message":"chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)\n\n## Summary\n\n> [!IMPORTANT]\n> **NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected. For these migrations a\nquick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-solution`. Phase 4 of the axios migration tracked\nunder #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files migrated, two files **deferred to a later phase**:\n\n- `scripts/telemetry/build_ebt_data_view.ts`: 1 axios.get + 1 axios.put.\nReplaced with `fetch`, `res.ok` check, and typed `await res.json()` for\nthe data-view fetch.\n- `scripts/telemetry/build_ebt_data_view.test.ts`: was mocking\n`axios.put` for `upsertRuntimeFields`. Switched to `jest.spyOn(global,\n'fetch')`. The 16 existing test cases pass unchanged in intent:\nname/type/url assertions adapted to read the `fetch(url, init)` argument\nshape (`init.body` is now `JSON.stringify(payload)` rather than the\nthird axios arg). Header equality and dotted-name handling assertions\nunchanged.\n-\n`server/lib/detection_engine/scripts/roles_users/create_role_and_user.ts`:\n2 axios.put calls. Replaced with `fetch` and an explicit non-2xx throw\nthat preserves status+body in the error message.\n\nRemoved the `scripts/telemetry/**` and\n`server/lib/detection_engine/scripts/**` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage in either of\nthose directories is now blocked by the existing global ban.\n\n**Deferred to a later phase**:\n`server/integration_tests/configuration.test.ts` and\n`server/integration_tests/telemetry.test.ts` mock `axios` at the module\nlevel for code under `server/lib/telemetry/*`, which is owned by\n`@elastic/security-data-analytics` and not yet migrated. Test mocks must\nflip in lockstep with the production code they intercept; these two\ntests will migrate alongside that team's PR.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. Errors thrown inside the migrated\nscripts now have the form `${status}:${body}` to keep the same\ndiagnostic content the original axios errors carried. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-handling shape from the original axios code are\npreserved.","sha":"312e26c1241eb65a63c33c6d5acc3593ef6956d1"}}]}] BACKPORT--> Co-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co>
kibanamachine
added a commit
that referenced
this pull request
May 8, 2026
…e scripts (#267944) (#268476) # Backport This will backport the following commits from `main` to `9.3`: - [chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)](#267944) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Aleh Zasypkin","email":"aleh.zasypkin@elastic.co"},"sourceCommit":{"committedDate":"2026-05-08T14:53:10Z","message":"chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)\n\n## Summary\n\n> [!IMPORTANT]\n> **NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected. For these migrations a\nquick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-solution`. Phase 4 of the axios migration tracked\nunder #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files migrated, two files **deferred to a later phase**:\n\n- `scripts/telemetry/build_ebt_data_view.ts`: 1 axios.get + 1 axios.put.\nReplaced with `fetch`, `res.ok` check, and typed `await res.json()` for\nthe data-view fetch.\n- `scripts/telemetry/build_ebt_data_view.test.ts`: was mocking\n`axios.put` for `upsertRuntimeFields`. Switched to `jest.spyOn(global,\n'fetch')`. The 16 existing test cases pass unchanged in intent:\nname/type/url assertions adapted to read the `fetch(url, init)` argument\nshape (`init.body` is now `JSON.stringify(payload)` rather than the\nthird axios arg). Header equality and dotted-name handling assertions\nunchanged.\n-\n`server/lib/detection_engine/scripts/roles_users/create_role_and_user.ts`:\n2 axios.put calls. Replaced with `fetch` and an explicit non-2xx throw\nthat preserves status+body in the error message.\n\nRemoved the `scripts/telemetry/**` and\n`server/lib/detection_engine/scripts/**` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage in either of\nthose directories is now blocked by the existing global ban.\n\n**Deferred to a later phase**:\n`server/integration_tests/configuration.test.ts` and\n`server/integration_tests/telemetry.test.ts` mock `axios` at the module\nlevel for code under `server/lib/telemetry/*`, which is owned by\n`@elastic/security-data-analytics` and not yet migrated. Test mocks must\nflip in lockstep with the production code they intercept; these two\ntests will migrate alongside that team's PR.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. Errors thrown inside the migrated\nscripts now have the form `${status}:${body}` to keep the same\ndiagnostic content the original axios errors carried. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-handling shape from the original axios code are\npreserved.","sha":"312e26c1241eb65a63c33c6d5acc3593ef6956d1","branchLabelMapping":{"^v9.5.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["chore","release_note:skip","backport:all-open","v9.5.0"],"title":"chore(axios,security-solution): remove axios from telemetry/role scripts","number":267944,"url":"https://github.com/elastic/kibana/pull/267944","mergeCommit":{"message":"chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)\n\n## Summary\n\n> [!IMPORTANT]\n> **NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected. For these migrations a\nquick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-solution`. Phase 4 of the axios migration tracked\nunder #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files migrated, two files **deferred to a later phase**:\n\n- `scripts/telemetry/build_ebt_data_view.ts`: 1 axios.get + 1 axios.put.\nReplaced with `fetch`, `res.ok` check, and typed `await res.json()` for\nthe data-view fetch.\n- `scripts/telemetry/build_ebt_data_view.test.ts`: was mocking\n`axios.put` for `upsertRuntimeFields`. Switched to `jest.spyOn(global,\n'fetch')`. The 16 existing test cases pass unchanged in intent:\nname/type/url assertions adapted to read the `fetch(url, init)` argument\nshape (`init.body` is now `JSON.stringify(payload)` rather than the\nthird axios arg). Header equality and dotted-name handling assertions\nunchanged.\n-\n`server/lib/detection_engine/scripts/roles_users/create_role_and_user.ts`:\n2 axios.put calls. Replaced with `fetch` and an explicit non-2xx throw\nthat preserves status+body in the error message.\n\nRemoved the `scripts/telemetry/**` and\n`server/lib/detection_engine/scripts/**` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage in either of\nthose directories is now blocked by the existing global ban.\n\n**Deferred to a later phase**:\n`server/integration_tests/configuration.test.ts` and\n`server/integration_tests/telemetry.test.ts` mock `axios` at the module\nlevel for code under `server/lib/telemetry/*`, which is owned by\n`@elastic/security-data-analytics` and not yet migrated. Test mocks must\nflip in lockstep with the production code they intercept; these two\ntests will migrate alongside that team's PR.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. Errors thrown inside the migrated\nscripts now have the form `${status}:${body}` to keep the same\ndiagnostic content the original axios errors carried. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-handling shape from the original axios code are\npreserved.","sha":"312e26c1241eb65a63c33c6d5acc3593ef6956d1"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.5.0","branchLabelMappingKey":"^v9.5.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/267944","number":267944,"mergeCommit":{"message":"chore(axios,security-solution): remove axios from telemetry/role scripts (#267944)\n\n## Summary\n\n> [!IMPORTANT]\n> **NOTE TO CODE OWNERS:** I'm modifying code I don't own day to day.\nPlease verify the changes still work as expected. For these migrations a\nquick run of the affected scripts/tests is worth more than a code-only\nreview.\n\nThis PR removes the `axios` dependency for files owned by\n`@elastic/security-solution`. Phase 4 of the axios migration tracked\nunder #266556.\n\n### Why\n\nNode.js 22 ships a native `fetch` API built on undici, and every browser\nKibana targets supports `fetch` natively. Removing axios cuts one\nruntime dependency and continues the per-team rollout that mirrors the\nearlier node-fetch migration\n([#250719](#250719) and siblings).\n\n### Changes\n\nThree files migrated, two files **deferred to a later phase**:\n\n- `scripts/telemetry/build_ebt_data_view.ts`: 1 axios.get + 1 axios.put.\nReplaced with `fetch`, `res.ok` check, and typed `await res.json()` for\nthe data-view fetch.\n- `scripts/telemetry/build_ebt_data_view.test.ts`: was mocking\n`axios.put` for `upsertRuntimeFields`. Switched to `jest.spyOn(global,\n'fetch')`. The 16 existing test cases pass unchanged in intent:\nname/type/url assertions adapted to read the `fetch(url, init)` argument\nshape (`init.body` is now `JSON.stringify(payload)` rather than the\nthird axios arg). Header equality and dotted-name handling assertions\nunchanged.\n-\n`server/lib/detection_engine/scripts/roles_users/create_role_and_user.ts`:\n2 axios.put calls. Replaced with `fetch` and an explicit non-2xx throw\nthat preserves status+body in the error message.\n\nRemoved the `scripts/telemetry/**` and\n`server/lib/detection_engine/scripts/**` entries from\n`AXIOS_LEGACY_CONSUMERS` in `.eslintrc.js`. New axios usage in either of\nthose directories is now blocked by the existing global ban.\n\n**Deferred to a later phase**:\n`server/integration_tests/configuration.test.ts` and\n`server/integration_tests/telemetry.test.ts` mock `axios` at the module\nlevel for code under `server/lib/telemetry/*`, which is owned by\n`@elastic/security-data-analytics` and not yet migrated. Test mocks must\nflip in lockstep with the production code they intercept; these two\ntests will migrate alongside that team's PR.\n\n### Behavior parity\n\nNative fetch does not throw on non-2xx, so each call site explicitly\nchecks `res.ok` / `res.status`. Errors thrown inside the migrated\nscripts now have the form `${status}:${body}` to keep the same\ndiagnostic content the original axios errors carried. The diff is\nintentionally minimal: variable names, comment placement, try-catch\nstructure, and error-handling shape from the original axios code are\npreserved.","sha":"312e26c1241eb65a63c33c6d5acc3593ef6956d1"}}]}] BACKPORT--> Co-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Important
NOTE TO CODE OWNERS: I'm modifying code I don't own day to day. Please verify the changes still work as expected. For these migrations a quick run of the affected scripts/tests is worth more than a code-only review.
This PR removes the
axiosdependency for files owned by@elastic/security-solution. Phase 4 of the axios migration tracked under #266556.Why
Node.js 22 ships a native
fetchAPI built on undici, and every browser Kibana targets supportsfetchnatively. Removing axios cuts one runtime dependency and continues the per-team rollout that mirrors the earlier node-fetch migration (#250719 and siblings).Changes
Three files migrated, two files deferred to a later phase:
scripts/telemetry/build_ebt_data_view.ts: 1 axios.get + 1 axios.put. Replaced withfetch,res.okcheck, and typedawait res.json()for the data-view fetch.scripts/telemetry/build_ebt_data_view.test.ts: was mockingaxios.putforupsertRuntimeFields. Switched tojest.spyOn(global, 'fetch'). The 16 existing test cases pass unchanged in intent: name/type/url assertions adapted to read thefetch(url, init)argument shape (init.bodyis nowJSON.stringify(payload)rather than the third axios arg). Header equality and dotted-name handling assertions unchanged.server/lib/detection_engine/scripts/roles_users/create_role_and_user.ts: 2 axios.put calls. Replaced withfetchand an explicit non-2xx throw that preserves status+body in the error message.Removed the
scripts/telemetry/**andserver/lib/detection_engine/scripts/**entries fromAXIOS_LEGACY_CONSUMERSin.eslintrc.js. New axios usage in either of those directories is now blocked by the existing global ban.Deferred to a later phase:
server/integration_tests/configuration.test.tsandserver/integration_tests/telemetry.test.tsmockaxiosat the module level for code underserver/lib/telemetry/*, which is owned by@elastic/security-data-analyticsand not yet migrated. Test mocks must flip in lockstep with the production code they intercept; these two tests will migrate alongside that team's PR.Behavior parity
Native fetch does not throw on non-2xx, so each call site explicitly checks
res.ok/res.status. Errors thrown inside the migrated scripts now have the form${status}:${body}to keep the same diagnostic content the original axios errors carried. The diff is intentionally minimal: variable names, comment placement, try-catch structure, and error-handling shape from the original axios code are preserved.