Update pgscan to support npm lockfileversion 3

[ShaydeNofziger]

Currently, pgscan only appears to work with lockfileversion=2 package-lock.json npm files. I believe this is because syntax was changed with lockfileversion 3 and the "dependencies" node is no longer where it was in lockfileversion 2.

Can anyone else confirm this issue, and would you be open to a PR to fix this?

[whatatripp]

We would love some help would be very grateful for a pull request :)

It seems easy enough to fix, but the "hard part" for us is getting this tested/verified. We don't have a "problem project" ourselves yet, so we have to repro, study, fix, test, etc.

Also, this is currently in discussion here, so I'll close this Issue: https://forums.inedo.com/topic/3877/pgscan-lockfileversion-3-for-npm-dependencies-not-supported

hopefully you can reply on the forums; unlike our forums, we don't have an internal tracker for GitHub issues, so it's too easy for us to lose track of open discussions

[ShaydeNofziger]

@crotondo-dap before I spend an afternoon attempting to fix this, are you looking at a fix for this already? If not I'm going to go ahead with a PR. I'll follow up in the forums as well but don't currently have an account there yet.