dependabot-npm_and_yarn 0.294.0 → 0.296.0

data/lib/dependabot/npm_and_yarn/file_updater/pnpm_workspace_updater.rb

@@ -0,0 +1,140 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "dependabot/npm_and_yarn/helpers"
+require "dependabot/npm_and_yarn/update_checker/registry_finder"
+require "dependabot/npm_and_yarn/registry_parser"
+require "dependabot/shared_helpers"
+
+class DependencyRequirement < T::Struct
+  const :file, String
+  const :requirement, String
+  const :groups, T::Array[String]
+  const :source, T.nilable(String)
+end
+
+module Dependabot
+  module NpmAndYarn
+    class FileUpdater
+      class PnpmWorkspaceUpdater
+        extend T::Sig
+
+        sig do
+          params(
+            workspace_file: Dependabot::DependencyFile,
+            dependencies: T::Array[Dependabot::Dependency]
+          ) .void
+        end
+        def initialize(workspace_file:, dependencies:)
+          @dependencies = dependencies
+          @workspace_file = workspace_file
+        end
+
+        sig { returns(Dependabot::DependencyFile) }
+        def updated_pnpm_workspace
+          updated_file = workspace_file.dup
+          updated_file.content = updated_pnpm_workspace_content
+          updated_file
+        end
+
+        private
+
+        sig { returns(Dependabot::DependencyFile) }
+        attr_reader :workspace_file
+
+        sig { returns(T::Array[Dependabot::Dependency]) }
+        attr_reader :dependencies
+
+        sig { returns(T.nilable(String)) }
+        def updated_pnpm_workspace_content
+          content = workspace_file.content.dup
+          dependencies.each do |dependency|
+            content = update_dependency_versions(T.must(content), dependency)
+          end
+
+          content
+        end
+
+        sig { params(content: String, dependency: Dependabot::Dependency).returns(String) }
+        def update_dependency_versions(content, dependency)
+          new_requirements(dependency).each do |requirement|
+            content = replace_version_in_content(
+              content: content,
+              dependency: dependency,
+              old_requirement: T.must(old_requirement(dependency, requirement)),
+              new_requirement: requirement
+            )
+          end
+
+          content
+        end
+
+        sig do
+          params(
+            content: String,
+            dependency: Dependabot::Dependency,
+            old_requirement: DependencyRequirement,
+            new_requirement: DependencyRequirement
+          ).returns(String)
+        end
+        def replace_version_in_content(content:, dependency:, old_requirement:, new_requirement:)
+          old_version = old_requirement.requirement
+          new_version = new_requirement.requirement
+
+          pattern = build_replacement_pattern(
+            dependency_name: dependency.name,
+            version: old_version
+          )
+
+          replacement = build_replacement_string(
+            dependency_name: dependency.name,
+            version: new_version
+          )
+
+          content.gsub(pattern, replacement)
+        end
+
+        sig { params(dependency_name: String, version: String).returns(Regexp) }
+        def build_replacement_pattern(dependency_name:, version:)
+          /(["']?)#{dependency_name}\1:\s*(["']?)#{Regexp.escape(version)}\2/
+        end
+
+        sig { params(dependency_name: String, version: String).returns(String) }
+        def build_replacement_string(dependency_name:, version:)
+          "\\1#{dependency_name}\\1: \\2#{version}\\2"
+        end
+
+        sig { params(dependency: Dependabot::Dependency).returns(T::Array[DependencyRequirement]) }
+        def new_requirements(dependency)
+          dependency.requirements
+                    .select { |r| r[:file] == workspace_file.name }
+                    .map do |r|
+            DependencyRequirement.new(
+              file: r[:file],
+              requirement: r[:requirement],
+              groups: r[:groups],
+              source: r[:source]
+            )
+          end
+        end
+
+        sig do
+          params(dependency: Dependabot::Dependency,
+                 new_requirement: DependencyRequirement).returns(T.nilable(DependencyRequirement))
+        end
+        def old_requirement(dependency, new_requirement)
+          matching_req = T.must(dependency.previous_requirements).find { |r| r[:groups] == new_requirement.groups }
+
+          return nil if matching_req.nil?
+
+          DependencyRequirement.new(
+            file: matching_req[:file],
+            requirement: matching_req[:requirement],
+            groups: matching_req[:groups],
+            source: matching_req[:source]
+          )
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/npm_and_yarn/file_updater.rb

@@ -11,7 +11,7 @@ require "sorbet-runtime"
 
 module Dependabot
   module NpmAndYarn
-    class FileUpdater < Dependabot::FileUpdaters::Base
+    class FileUpdater < Dependabot::FileUpdaters::Base # rubocop:disable Metrics/ClassLength
       extend T::Sig
 
       require_relative "file_updater/package_json_updater"
@@ -19,6 +19,7 @@ module Dependabot
       require_relative "file_updater/yarn_lockfile_updater"
       require_relative "file_updater/pnpm_lockfile_updater"
       require_relative "file_updater/bun_lockfile_updater"
+      require_relative "file_updater/pnpm_workspace_updater"
 
       class NoChangeError < StandardError
         extend T::Sig
@@ -43,34 +44,27 @@ module Dependabot
           %r{^(?:.*/)?npm-shrinkwrap\.json$},
           %r{^(?:.*/)?yarn\.lock$},
           %r{^(?:.*/)?pnpm-lock\.yaml$},
+          %r{^(?:.*/)?pnpm-workspace\.yaml$},
           %r{^(?:.*/)?\.yarn/.*}, # Matches any file within the .yarn/ directory
           %r{^(?:.*/)?\.pnp\.(?:js|cjs)$} # Matches .pnp.js or .pnp.cjs files
         ]
       end
 
-      # rubocop:disable Metrics/PerceivedComplexity
       sig { override.returns(T::Array[DependencyFile]) }
       def updated_dependency_files
         updated_files = T.let([], T::Array[DependencyFile])
 
         updated_files += updated_manifest_files
-        updated_files += updated_lockfiles
+        updated_files += if pnpm_workspace.any?
+                           update_pnpm_workspace_and_locks
+                         else
+                           updated_lockfiles
+                         end
 
         if updated_files.none?
-
-          if Dependabot::Experiments.enabled?(:enable_fix_for_pnpm_no_change_error)
-            # when all dependencies are transitive
-            all_transitive = dependencies.none?(&:top_level?)
-            # when there is no update in package.json
-            no_package_json_update = package_files.empty?
-            # handle the no change error for transitive dependency updates
-            if pnpm_locks.any? && dependencies.length.positive? && all_transitive && no_package_json_update
-              raise ToolFeatureNotSupported.new(
-                tool_name: "pnpm",
-                tool_type: "package_manager",
-                feature: "updating transitive dependencies"
-              )
-            end
+          if Dependabot::Experiments.enabled?(:enable_fix_for_pnpm_no_change_error) && original_pnpm_locks.any?
+            raise_tool_not_supported_for_pnpm_if_transitive
+            raise_miss_configured_tooling_if_pnpm_subdirectory
           end
 
           raise NoChangeError.new(
@@ -89,10 +83,69 @@ module Dependabot
 
         vendor_updated_files(updated_files)
       end
-      # rubocop:enable Metrics/PerceivedComplexity
 
       private
 
+      sig { void }
+      def raise_tool_not_supported_for_pnpm_if_transitive
+        # ✅ Ensure there are dependencies and check if all are transitive
+        return if dependencies.empty? || dependencies.any?(&:top_level?)
+
+        raise ToolFeatureNotSupported.new(
+          tool_name: "pnpm",
+          tool_type: "package_manager",
+          feature: "updating transitive dependencies"
+        )
+      end
+
+      # rubocop:disable Metrics/PerceivedComplexity
+      sig { void }
+      def raise_miss_configured_tooling_if_pnpm_subdirectory
+        workspace_files = original_pnpm_workspace
+        lockfiles = original_pnpm_locks
+
+        # ✅ Ensure `pnpm-workspace.yaml` is in a parent directory
+        return if workspace_files.empty?
+        return if workspace_files.any? { |f| f.directory == "/" }
+        return unless workspace_files.all? { |f| f.name.end_with?("../pnpm-workspace.yaml") }
+
+        # ✅ Ensure `pnpm-lock.yaml` is also in a parent directory
+        return if lockfiles.empty?
+        return if lockfiles.any? { |f| f.directory == "/" }
+        return unless lockfiles.all? { |f| f.name.end_with?("../pnpm-lock.yaml") }
+
+        # ❌ Raise error → Updating inside a subdirectory is misconfigured
+        raise MisconfiguredTooling.new(
+          "pnpm",
+          "Updating workspaces from inside a workspace subdirectory is not supported. " \
+          "Both `pnpm-lock.yaml` and `pnpm-workspace.yaml` exist in a parent directory. " \
+          "Dependabot should only update from the root workspace."
+        )
+      end
+      # rubocop:enable Metrics/PerceivedComplexity
+
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def update_pnpm_workspace_and_locks
+        workspace_updates = updated_pnpm_workspace_files
+        lock_updates = update_pnpm_locks
+
+        workspace_updates + lock_updates
+      end
+
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def update_pnpm_locks
+        updated_files = []
+        pnpm_locks.each do |pnpm_lock|
+          next unless pnpm_lock_changed?(pnpm_lock)
+
+          updated_files << updated_file(
+            file: pnpm_lock,
+            content: updated_pnpm_lock_content(pnpm_lock)
+          )
+        end
+        updated_files
+      end
+
       sig { params(updated_files: T::Array[Dependabot::DependencyFile]).returns(T::Array[Dependabot::DependencyFile]) }
       def vendor_updated_files(updated_files)
         base_dir = T.must(updated_files.first).directory
@@ -208,6 +261,33 @@ module Dependabot
         )
       end
 
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def pnpm_workspace
+        @pnpm_workspace ||= T.let(
+          filtered_dependency_files
+          .select { |f| f.name.end_with?("pnpm-workspace.yaml") },
+          T.nilable(T::Array[Dependabot::DependencyFile])
+        )
+      end
+
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def original_pnpm_locks
+        @original_pnpm_locks ||= T.let(
+          dependency_files
+          .select { |f| f.name.end_with?("pnpm-lock.yaml") },
+          T.nilable(T::Array[Dependabot::DependencyFile])
+        )
+      end
+
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def original_pnpm_workspace
+        @original_pnpm_workspace ||= T.let(
+          dependency_files
+          .select { |f| f.name.end_with?("pnpm-workspace.yaml") },
+          T.nilable(T::Array[Dependabot::DependencyFile])
+        )
+      end
+
       sig { returns(T::Array[Dependabot::DependencyFile]) }
       def bun_locks
         @bun_locks ||= T.let(
@@ -270,8 +350,16 @@ module Dependabot
         end
       end
 
-      # rubocop:disable Metrics/MethodLength
-      # rubocop:disable Metrics/PerceivedComplexity
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def updated_pnpm_workspace_files
+        pnpm_workspace.filter_map do |file|
+          updated_content = updated_pnpm_workspace_content(file)
+          next if updated_content == file.content
+
+          updated_file(file: file, content: T.must(updated_content))
+        end
+      end
+
       sig { returns(T::Array[Dependabot::DependencyFile]) }
       def updated_lockfiles
         updated_files = []
@@ -285,14 +373,7 @@ module Dependabot
           )
         end
 
-        pnpm_locks.each do |pnpm_lock|
-          next unless pnpm_lock_changed?(pnpm_lock)
-
-          updated_files << updated_file(
-            file: pnpm_lock,
-            content: updated_pnpm_lock_content(pnpm_lock)
-          )
-        end
+        updated_files.concat(update_pnpm_locks)
 
         bun_locks.each do |bun_lock|
           next unless bun_lock_changed?(bun_lock)
@@ -323,9 +404,6 @@ module Dependabot
 
         updated_files
       end
-      # rubocop:enable Metrics/MethodLength
-      # rubocop:enable Metrics/PerceivedComplexity
-
       sig { params(yarn_lock: Dependabot::DependencyFile).returns(String) }
       def updated_yarn_lock_content(yarn_lock)
         @updated_yarn_lock_content ||= T.let({}, T.nilable(T::Hash[String, T.nilable(String)]))
@@ -337,7 +415,10 @@ module Dependabot
       def updated_pnpm_lock_content(pnpm_lock)
         @updated_pnpm_lock_content ||= T.let({}, T.nilable(T::Hash[String, T.nilable(String)]))
         @updated_pnpm_lock_content[pnpm_lock.name] ||=
-          pnpm_lockfile_updater.updated_pnpm_lock_content(pnpm_lock)
+          pnpm_lockfile_updater.updated_pnpm_lock_content(
+            pnpm_lock,
+            updated_pnpm_workspace_content: @updated_pnpm_workspace_content
+          )
       end
 
       sig { params(bun_lock: Dependabot::DependencyFile).returns(String) }
@@ -407,6 +488,19 @@ module Dependabot
             dependencies: dependencies
           ).updated_package_json.content
       end
+
+      sig do
+        params(file: Dependabot::DependencyFile)
+          .returns(T.nilable(String))
+      end
+      def updated_pnpm_workspace_content(file)
+        @updated_pnpm_workspace_content ||= T.let({}, T.nilable(T::Hash[String, T.nilable(String)]))
+        @updated_pnpm_workspace_content[file.name] ||=
+          PnpmWorkspaceUpdater.new(
+            workspace_file: file,
+            dependencies: dependencies
+          ).updated_pnpm_workspace.content
+      end
     end
   end
 end

data/lib/dependabot/npm_and_yarn/helpers.rb

@@ -467,6 +467,8 @@ module Dependabot
       # Attempt to activate the local version of the package manager
       sig { params(name: String).void }
       def self.fallback_to_local_version(name)
+        return "Corepack does not support #{name}" unless corepack_supported_package_manager?(name)
+
         Dependabot.logger.info("Falling back to activate the currently installed version of #{name}.")
 
         # Fetch the currently installed version directly from the environment
@@ -553,6 +555,11 @@ module Dependabot
         result
       rescue StandardError => e
         Dependabot.logger.error("Error running package manager command: #{full_command}, Error: #{e.message}")
+        if e.message.match?(/Response Code.*:.*404.*\(Not Found\)/) &&
+           e.message.include?("The remote server failed to provide the requested resource")
+          raise RegistryError.new(404, "The remote server failed to provide the requested resource")
+        end
+
         raise
       end
 

data/lib/dependabot/npm_and_yarn/npm_package_manager.rb

@@ -38,8 +38,8 @@ module Dependabot
       def initialize(detected_version: nil, raw_version: nil, requirement: nil)
         super(
           name: NAME,
-          detected_version: detected_version ? Version.new(detected_version) : nil,
-          version: raw_version ? Version.new(raw_version) : nil,
+          detected_version: detected_version && !detected_version.empty? ? Version.new(detected_version) : nil,
+          version: raw_version && !raw_version.empty? ? Version.new(raw_version) : nil,
           deprecated_versions: DEPRECATED_VERSIONS,
           supported_versions: SUPPORTED_VERSIONS,
           requirement: requirement
@@ -48,22 +48,16 @@ module Dependabot
 
       sig { override.returns(T::Boolean) }
       def deprecated?
-        return false unless detected_version
-
-        return false if unsupported?
-
         return false unless Dependabot::Experiments.enabled?(:npm_v6_deprecation_warning)
 
-        deprecated_versions.include?(detected_version)
+        super
       end
 
       sig { override.returns(T::Boolean) }
       def unsupported?
-        return false unless detected_version
-
         return false unless Dependabot::Experiments.enabled?(:npm_v6_unsupported_error)
 
-        supported_versions.all? { |supported| supported > detected_version }
+        super
       end
     end
   end

data/lib/dependabot/npm_and_yarn/package_manager.rb

@@ -11,6 +11,7 @@ require "dependabot/npm_and_yarn/yarn_package_manager"
 require "dependabot/npm_and_yarn/pnpm_package_manager"
 require "dependabot/npm_and_yarn/bun_package_manager"
 require "dependabot/npm_and_yarn/language"
+require "dependabot/npm_and_yarn/constraint_helper"
 
 module Dependabot
   module NpmAndYarn
@@ -188,6 +189,8 @@ module Dependabot
         @language_requirement ||= find_engine_constraints_as_requirement(Language::NAME)
       end
 
+      # rubocop:disable Metrics/PerceivedComplexity
+      # rubocop:disable Metrics/AbcSize
       sig { params(name: String).returns(T.nilable(Requirement)) }
       def find_engine_constraints_as_requirement(name)
         Dependabot.logger.info("Processing engine constraints for #{name}")
@@ -197,27 +200,42 @@ module Dependabot
         raw_constraint = @engines[name].to_s.strip
         return nil if raw_constraint.empty?
 
-        raw_constraints = raw_constraint.split
-        constraints = raw_constraints.map do |constraint|
-          case constraint
-          when /^\d+$/
-            ">=#{constraint}.0.0 <#{constraint.to_i + 1}.0.0"
-          when /^\d+\.\d+$/
-            ">=#{constraint} <#{constraint.split('.').first.to_i + 1}.0.0"
-          when /^\d+\.\d+\.\d+$/
-            "=#{constraint}"
-          else
-            Dependabot.logger.warn("Unrecognized constraint format for #{name}: #{constraint}")
-            constraint
+        if Dependabot::Experiments.enabled?(:enable_engine_version_detection)
+          constraints = ConstraintHelper.extract_ruby_constraints(raw_constraint)
+          # When constraints are invalid we return constraints array nil
+          if constraints.nil?
+            Dependabot.logger.warn(
+              "Unrecognized constraint format for #{name}: #{raw_constraint}"
+            )
+          end
+        else
+          raw_constraints = raw_constraint.split
+          constraints = raw_constraints.map do |constraint|
+            case constraint
+            when /^\d+$/
+              ">=#{constraint}.0.0 <#{constraint.to_i + 1}.0.0"
+            when /^\d+\.\d+$/
+              ">=#{constraint} <#{constraint.split('.').first.to_i + 1}.0.0"
+            when /^\d+\.\d+\.\d+$/
+              "=#{constraint}"
+            else
+              Dependabot.logger.warn("Unrecognized constraint format for #{name}: #{constraint}")
+              constraint
+            end
           end
+
         end
 
-        Dependabot.logger.info("Parsed constraints for #{name}: #{constraints.join(', ')}")
-        Requirement.new(constraints)
+        if constraints && !constraints.empty?
+          Dependabot.logger.info("Parsed constraints for #{name}: #{constraints.join(', ')}")
+          Requirement.new(constraints)
+        end
       rescue StandardError => e
         Dependabot.logger.error("Error processing constraints for #{name}: #{e.message}")
         nil
       end
+      # rubocop:enable Metrics/AbcSize
+      # rubocop:enable Metrics/PerceivedComplexity
 
       # rubocop:disable Metrics/CyclomaticComplexity
       # rubocop:disable Metrics/AbcSize
@@ -289,19 +307,24 @@ module Dependabot
 
       sig { params(name: String).returns(T.nilable(String)) }
       def detect_version(name)
-        # we prioritize version mentioned in "packageManager" instead of "engines"
+        # Prioritize version mentioned in "packageManager" instead of "engines"
         if @manifest_package_manager&.start_with?("#{name}@")
           detected_version = @manifest_package_manager.split("@").last.to_s
         end
 
-        # if "packageManager" have no version specified, we check if we can extract "engines" information
-        detected_version = check_engine_version(name) if !detected_version || detected_version.empty?
+        # If "packageManager" has no version specified, check if we can extract "engines" information
+        detected_version ||= check_engine_version(name) if detected_version.to_s.empty?
+
+        # If neither "packageManager" nor "engines" have versions, infer version from lockfileVersion
+        detected_version ||= guessed_version(name) if detected_version.to_s.empty?
+
+        # Strip and validate version format
+        detected_version_string = detected_version.to_s.strip
 
-        # if "packageManager" and "engines" both are not present, we check if we can infer the version
-        # from the manifest file lockfileVersion
-        detected_version = guessed_version(name) if !detected_version || detected_version.empty?
+        # Ensure detected_version is neither "0" nor invalid format
+        return if detected_version_string == "0" || !detected_version_string.match?(ConstraintHelper::VERSION_REGEX)
 
-        detected_version&.to_s
+        detected_version_string
       end
 
       sig { params(name: T.nilable(String)).returns(Ecosystem::VersionManager) }
@@ -332,7 +355,7 @@ module Dependabot
         end
 
         package_manager_class.new(
-          detected_version: detected_version.to_s,
+          detected_version: detected_version,
           raw_version: installed_version,
           requirement: package_manager_requirement
         )
@@ -394,10 +417,15 @@ module Dependabot
 
         Dependabot.logger.info("Installing \"#{name}@#{version}\"")
 
-        SharedHelpers.run_shell_command(
-          "corepack install #{name}@#{version} --global --cache-only",
-          fingerprint: "corepack install <name>@<version> --global --cache-only"
-        )
+        begin
+          SharedHelpers.run_shell_command(
+            "corepack install #{name}@#{version} --global --cache-only",
+            fingerprint: "corepack install <name>@<version> --global --cache-only"
+          )
+        rescue SharedHelpers::HelperSubprocessFailed => e
+          Dependabot.logger.error("Error installing #{name}@#{version}: #{e.message}")
+          Helpers.fallback_to_local_version(name)
+        end
       end
 
       sig { params(name: T.nilable(String)).returns(String) }
@@ -434,7 +462,8 @@ module Dependabot
         return if @package_json.nil?
 
         version_selector = VersionSelector.new
-        engine_versions = version_selector.setup(@package_json, name)
+
+        engine_versions = version_selector.setup(@package_json, name, dependabot_versions(name))
 
         return if engine_versions.empty?
 
@@ -442,6 +471,20 @@ module Dependabot
         Dependabot.logger.info("Returned (#{MANIFEST_ENGINES_KEY}) info \"#{name}\" : \"#{version}\"")
         version
       end
+
+      sig { params(name: String).returns(T.nilable(T::Array[Dependabot::Version])) }
+      def dependabot_versions(name)
+        case name
+        when "npm"
+          NpmPackageManager::SUPPORTED_VERSIONS
+        when "yarn"
+          YarnPackageManager::SUPPORTED_VERSIONS
+        when "bun"
+          BunPackageManager::SUPPORTED_VERSIONS
+        when "pnpm"
+          PNPMPackageManager::SUPPORTED_VERSIONS
+        end
+      end
     end
   end
 end

data/lib/dependabot/npm_and_yarn/version_selector.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require "dependabot/shared_helpers"
+require "dependabot/npm_and_yarn/constraint_helper"
 
 module Dependabot
   module NpmAndYarn
@@ -13,18 +14,42 @@ module Dependabot
       # such as "20.8.7", "8.1.2", "8.21.2",
       NODE_ENGINE_SUPPORTED_REGEX = /^\d+(?:\.\d+)*$/
 
-      sig { params(manifest_json: T::Hash[String, T.untyped], name: String).returns(T::Hash[Symbol, T.untyped]) }
-      def setup(manifest_json, name)
+      # Sets up engine versions from the given manifest JSON.
+      #
+      # @param manifest_json [Hash] The manifest JSON containing version information.
+      # @param name [String] The engine name to match.
+      # @return [Hash] A hash with selected versions, if found.
+      sig do
+        params(
+          manifest_json: T::Hash[String, T.untyped],
+          name: String,
+          dependabot_versions: T.nilable(T::Array[Dependabot::Version])
+        )
+          .returns(T::Hash[Symbol, T.untyped])
+      end
+      def setup(manifest_json, name, dependabot_versions = nil)
         engine_versions = manifest_json["engines"]
 
+        # Return an empty hash if no engine versions are specified
         return {} if engine_versions.nil?
 
-        # Only keep matching specs versions i.e. "20.21.2", "7.1.2",
-        # Additional specs can be added later
-        engine_versions.delete_if { |_key, value| !valid_extracted_version?(value) }
-        version = engine_versions.select { |engine, _value| engine.to_s.match(name) }
+        versions = {}
+
+        if Dependabot::Experiments.enabled?(:enable_engine_version_detection)
+          engine_versions.each do |engine, value|
+            next unless engine.to_s.match(name)
+
+            versions[name] = ConstraintHelper.find_highest_version_from_constraint_expression(
+              value, dependabot_versions
+            )
+          end
+        else
+          versions = engine_versions.select do |engine, value|
+            engine.to_s.match(name) && valid_extracted_version?(value)
+          end
+        end
 
-        version
+        versions
       end
 
       sig { params(version: String).returns(T::Boolean) }