yarn policies set-version crashes with "request.filter is not a function"

[mgol]

Bug description

Using Yarn 1.21.1, running yarn policies set-version with ^1.21.1 or 1.21.1 crashes with: request.filter is not a function. Passing berry works.

This happens even in a new directory with package.json containing just {}.

yarn-error.log contents:

Arguments: 
  /Users/me/.nvm/versions/node/v12.14.1/bin/node /usr/local/Cellar/yarn/1.21.1/libexec/bin/yarn.js policies set-version ^1.21.1

PATH: 
  /Users/me/.nvm/versions/node/v12.14.1/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/yarn/bin

Yarn version: 
  1.21.1

Node version: 
  12.14.1

Platform: 
  darwin x64

Trace: 
  TypeError: request.filter is not a function
      at /usr/local/Cellar/yarn/1.21.1/libexec/lib/cli.js:90113:28
      at Generator.next (<anonymous>)
      at step (/usr/local/Cellar/yarn/1.21.1/libexec/lib/cli.js:310:30)
      at /usr/local/Cellar/yarn/1.21.1/libexec/lib/cli.js:321:13
      at processTicksAndRejections (internal/process/task_queues.js:94:5)

npm manifest: 
  {}

yarn manifest: 
  No manifest

Lockfile: 
  No lockfile

Command

yarn policies set-version '^1.21.1'

What is the current behavior?

warning package.json: No license field
Resolving ^1.21.1 to a url...
error An unexpected error occurred: "request.filter is not a function".
info If you think this is a bug, please open a bug report with the information provided in "/Users/me/projects/yarn1-test/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/policies for documentation about this command.

What is the expected behavior?

It should set the policy. If there's anything wrong with my environment, it should say that explicitly instead of crashing in a random place.

Steps to Reproduce

1. Create an new directory with package.json consisting of just {}.
2. Run yarn policies set-version '^1.21.1'

Environment

• Node Version: 12.14.1
• Yarn v1 Version: 1.21.1
• OS and version: macOS 10.15.2 (19C57)

[olingern]

You probably have an expired or invalidated Github access token set (see #7846 for setting it up), but this indeed should be handled correctly.

I've opened something up that should solve this #7848

[mgol]

You're right, it works with a proper GitHub token. Thanks!

[sleshchenko]

@olingern adding github token does not seem to help:

> yarn policies set-version 1.22.5 --verbose
...
Resolving 1.22.5 to a url...
verbose 0.272414524 Performing "GET" request to "https://api.github.com/repos/yarnpkg/yarn/releases?access_token=ghp_way****6Xj".
verbose 0.534788913 Request "https://api.github.com/repos/yarnpkg/yarn/releases?access_token=ghp_way****6Xj" finished with status code 400.
error request.filter is not a function

If I try curl that the reason is clear:

> curl https://api.github.com/repos/yarnpkg/yarn/releases\?access_token\=ghp_way***6Xj
{
  "message": "Must specify access token via Authorization header. https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param",
  "documentation_url": "https://docs.github.com/v3/#oauth2-token-sent-in-a-header"
}

All authentication using query parameters will return a status code of 401 like all other auth failures starting on:
September 8 2021 at 14:00 UTC

[olingern]

@sleshchenko I would make sure you're on the latest version, 1.22.11 and retry. As noted above, #7848 should have fixed this.

[minism]

@sleshchenko I would make sure you're on the latest version, 1.22.11 and retry. As noted above, #7848 should have fixed this.

I am still getting the same issue, FYI.

% yarn --version
1.22.11
% yarn policies set-version v1.18
Resolving v1.18 to a url...
error request.filter is not a function

[sleshchenko]

@olingern Hello, my issue not really that not clear error is reported but that yarn uses token as query param which is not allowed anymore, header is expected. See #7847 (comment)

[lachlanhunt]

I managed to work around this by first installing yarn 1.13.0, which appears to call https://api.github.com/repos/yarnpkg/yarn/releases without appending the github token to the end. Then I could use yarn policies set-version to download the latest 1.x version.

[kylemh]

• I created a brand new token as outlined here.
• printenv GITHUB_TOKEN reveals that token, so it's exported in my profile.
• I'm using yarn@1.22.17

yet...

[quisido]

Adding more to this, you can see that the request hits a 400 error:

Example request: https://api.github.com/repos/yarnpkg/yarn/releases?access_token=1

Response:

{
  "message": "Must specify access token via Authorization header. https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param",
  "documentation_url": "https://docs.github.com/v3/#oauth2-token-sent-in-a-header"
}

This is an issue with Yarn passing the access token by URL instead of by header.

[philBrown]

Was able to work around this by blanking out the GITHUB_TOKEN...

GITHUB_TOKEN="" yarn set version 1.22.19

[sepehr]

Still facing this when GITHUB_TOKEN is populated.

[0xdevalias]

Still facing this when GITHUB_TOKEN is populated.

@sepehr What version of yarn are you using?

---

See the comment above in #7847 (comment)

This is an issue with Yarn passing the access token by URL instead of by header.

If you run yarn policies set-version 1.22.5 --verbose then you will likely see that it is trying to add the GitHub token to the URL it's requesting via a URL param, not a header; as described in #7847 (comment)

[smeijer]

For others running into this, for me it worked to set the GITHUB_TOKEN, and using yarn 1.13 to set the policy, like

GITHUB_TOKEN=… npx yarn@1.13.0 policies set-version 1.18.0