Analyses-725: Uses safe lookup for yarn.lock

[meghfossa]

Overview

Uses safe lookup, to address scenarios when, yarn v1 has deep dependencies (ex: @f/sub-dep, e.g.) from resolved dependency (eg: @f/a@0.0.1, typically file or remote sourced) which are not specified at root level:

"@f/a@0.0.1":
  version "0.0.1"
  resolved "some-file-url.gz"
  integrity sha1-somehash
  dependencies:
    "@f/sub-dep" "0.0.0"
    jsdom "^16.6.0"
    tslib "^2.2.0"

Acceptance criteria

• CLI does not produce runtime error, when parsing valid yarn.lock with unspecified deep dependency.

Testing plan

Test against yarn lock file provided in: fossas/team-analysis#725

Before

➜  spectrometer git:(analyses-725/safe-lookup) ✗ fossa analyze ./rapid -o | jq
[ INFO] [ 0 Waiting / 8 Running / 0 Completed ]
[ INFO] [ 20 Waiting / 11 Running / 1 Completed ]
[ INFO] Analyzing yarn project at /Users/megh/Work/upstream/spectrometer/rapid/
[ INFO] [ 0 Waiting / 10 Running / 23 Completed ]
[ INFO] [ 0 Waiting / 8 Running / 25 Completed ]
[ INFO] [ 0 Waiting / 2 Running / 31 Completed ]
[ INFO] [ 0 Waiting / 1 Running / 32 Completed ]
[ERROR] ----------
  An error occurred:

      An exception occurred: Map.!: given key is not an element in the map
      CallStack (from HasCallStack):
        error, called at libraries/containers/containers/src/Data/Map/Internal.hs:627:17 in containers-0.6.2.1:Data.Map.Internal

      Traceback:
        

➜  spectrometer git:(analyses-725/safe-lookup) ✗ 

After

➜  spectrometer git:(analyses-725/safe-lookup) ✗ ./fossa analyze ./rapid -o | jq > graph.json
[ INFO] [ 0 Waiting / 8 Running / 0 Completed ]
[ INFO] [ 11 Waiting / 9 Running / 0 Completed ]
[ INFO] [ 15 Waiting / 9 Running / 0 Completed ]
[ INFO] [ 19 Waiting / 9 Running / 0 Completed ]
[ INFO] [ 23 Waiting / 9 Running / 0 Completed ]
[ INFO] [ 21 Waiting / 10 Running / 1 Completed ]
[ INFO] Analyzing yarn project at /Users/megh/Work/upstream/spectrometer/rapid/
[ INFO] [ 0 Waiting / 4 Running / 29 Completed ]
[ INFO] [ 0 Waiting / 3 Running / 30 Completed ]
[ INFO] [ 0 Waiting / 2 Running / 31 Completed ]
[ INFO] [ 0 Waiting / 1 Running / 32 Completed ]
➜  spectrometer git:(analyses-725/safe-lookup) ✗ head graph.json
{
  "projects": [
    {
      "graph": {
        "assocs": [
          [
            0,
            [
              31
            ]
➜  spectrometer git:(analyses-725/safe-lookup) ✗ 

Risks

N/A

References

Closes fossas/team-analysis#725

Checklist

• I added tests for this PR's change (or confirmed tests are not viable).
• If this PR introduced a user-visible change, I added documentation into docs/.
• I updated Changelog.md if this change is externally facing. If this PR did not mark a release, I added my changes into an # Unreleased section at the top.
• I linked this PR to any referenced GitHub issues, if they exist.

[skilly-lily]

Looks good