[security-solution] Remove node-fetch dependency in favor of native fetch#250715
Merged
afharo merged 4 commits intoelastic:mainfrom Feb 4, 2026
Merged
[security-solution] Remove node-fetch dependency in favor of native fetch#250715afharo merged 4 commits intoelastic:mainfrom
afharo merged 4 commits intoelastic:mainfrom
Conversation
…etch ## Changes - Updated agent downloads service to use native fetch with Readable.fromWeb() - Updated usage reporting service to use undici Agent for TLS - Updated MITRE extraction script - Updated all related test files > [!WARNING] > These changes were vibe-coded using the AI agent `claude-4.5-opus-high`. Please review carefully.
Contributor
|
Pinging @elastic/security-defend-workflows (Team:Defend Workflows) |
3 tasks
The test was using new Response(body, { status: 200 }) which doesn't
properly set the ok property in all test environments. Also improved
the WriteStream mock to support pipe operations needed by
Readable.fromWeb().
paul-tavares
approved these changes
Feb 2, 2026
Contributor
paul-tavares
left a comment
There was a problem hiding this comment.
changes to files under x-pack/solutions/security/plugins/security_solution/scripts/endpoint/* look good.
Thank you
szwarckonrad
approved these changes
Feb 4, 2026
Contributor
szwarckonrad
left a comment
There was a problem hiding this comment.
LGTM, thanks for addressing this!
Contributor
💚 Build Succeeded
The CI Stats report is too large to be displayed here, check out the CI build annotation for this information. History
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR removes the
node-fetchdependency for files owned by@elastic/security-solution.Why
Node.js 18+ includes a native
fetchAPI (built on undici internally), making thenode-fetchpackage unnecessary. This reduces the dependency footprint by removing one runtime dependency and its transitive dependencies.Changes
Readable.fromWeb()for stream conversionundici.Agentfor custom TLS configurationWarning
These changes were vibe-coded using the AI agent
claude-4.5-opus-high. Please review carefully.Test plan