WIP: Build dependency graph

What does this MR do?

Add CLI commands to build, query, and export the dependency graph.

List shortest paths to a given dependency:

% ./analyzer graph shortest scanner/parser/yarn/fixtures/big/yarn.lock big.js 3.1.3     
webpack@2.3.2 (2.3.2) -> loader-utils@0.2.16 (^0.2.16) -> big.js@3.1.3 (^3.1.3)
babel-loader@6.4.1 (^6.4.1) -> loader-utils@0.2.16 (^0.2.16) -> big.js@3.1.3 (^3.1.3)
html-webpack-plugin@2.28.0 (^2.28.0) -> loader-utils@0.2.16 (^0.2.16) -> big.js@3.1.3 (^3.1.3)
extract-text-webpack-plugin@2.1.0 (^2.1.0) -> loader-utils@1.1.0 (^1.0.2) -> big.js@3.1.3 (^3.1.3)
style-loader@0.16.1 (^0.16.1) -> loader-utils@1.1.0 (^1.0.2) -> big.js@3.1.3 (^3.1.3)
css-loader@0.28.0 (^0.28.0) -> loader-utils@1.1.0 (^1.0.2) -> big.js@3.1.3 (^3.1.3)
postcss-loader@1.3.3 (^1.3.3) -> loader-utils@1.1.0 (^1.0.2) -> big.js@3.1.3 (^3.1.3)
imports-loader@0.7.1 (^0.7.1) -> loader-utils@1.1.0 (^1.0.2) -> big.js@3.1.3 (^3.1.3)
html-loader@0.4.5 (^0.4.5) -> loader-utils@1.1.0 (^1.0.2) -> big.js@3.1.3 (^3.1.3)
exports-loader@0.6.4 (^0.6.4) -> loader-utils@1.1.0 (^1.0.2) -> big.js@3.1.3 (^3.1.3)
url-loader@0.5.8 (^0.5.8) -> loader-utils@1.1.0 (^1.0.2) -> big.js@3.1.3 (^3.1.3)
sass-loader@6.0.3 (^6.0.3) -> loader-utils@1.1.0 (^1.0.1) -> big.js@3.1.3 (^3.1.3)
file-loader@0.10.1 (^0.10.1) -> loader-utils@1.1.0 (^1.0.2) -> big.js@3.1.3 (^3.1.3)

Export full dependency graph to a DOT file:

 ./analyzer graph export --format=dot yarn.lock

Export dependency graph to a DOT file, and filter on paths that lead to big.js v3.1.3 (all shortest paths):

% ./analyzer graph export --format=dot scanner/parser/yarn/fixtures/big/yarn.lock big.js 3.1.3

See generated DOT file and PDF export generated using dot CLI command.

List top-level dependencies:

% ./analyzer graph tops scanner/parser/yarn/fixtures/big/yarn.lock |head -n 5
babel-plugin-lodash 3.2.11
raw-loader 0.5.1
parse-link-header 0.4.1
console-polyfill 0.2.3
angular-animate 1.6.4

Support is limited to yarn.lock.

This is a Proof of Concept.

TODO

• Set labels for this MR
• Fix the code that removes the double quotes from the specs, when parsing yarn.lock files

What are the relevant issue numbers?

gitlab-org/gitlab#198034 (closed)

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer