Update snyk parser and added tests for yarn berry

[ethriel3695]

I've had a couple of users reach out saying that the manifest dependency tracing does not work for yarn berry.

It appears that yarn2 / lockfile v2 with resolutions is specifically what is not working.

Given a package.json with a resolution like so:
"resolutions": {
  "chalk": "^4.1.2"
}

In v1, yarn would list every version of chalk needed by the various dependencies and then specify the resolved version.

In v2, this has been reduced to just the forced version.

OutOfSyncError: Dependency chalk@^4.1.2 was not found in yarn.lock. 
Your package.json and yarn.lock are probably out of sync. Please run "yarn install" and try again.

Recent versions of https://github.com/snyk/nodejs-lockfile-parser have changed how lockfile v2 is parsed.

I also added tests to verify that the yarn berry lock file format is read successfully, and, changes between v2 lock files are detected as expected.

[ethriel3695]

@ghengeveld @tmeasday

I updated the lock files to match the resolution format and the structure for yarn berry in pnp mode.
I also added tests to verify the behavior and verify we trace the packages correctly.

Please let me know what you think.

[tmeasday]

LGTM! thanks for updating the tests.

Do we have a sample repo we can test this against?

[ghengeveld]

Released in 6.21.0.