Yarn upgrade followed by yarn install changes lockfile

This repo contains a script that reproduces a case where upgrading a package with yarn then running yarn install changes the yarn.lock.

The script is in test.sh, and should be easy to follow. I've included a more detailed explanation of what it's doing below.

Running

1. Clone the project
2. Run ./test.sh
3. Observe the results and inspect the yarn.lock files in project, and isolated-upgrade

Explanation

1. Create a clean directory (project/), and copy in a package.json and yarn.lock that depend on (among other things) react-scripts v0.9.5.
2. Run yarn install in the directory to pull down all the packages, populating node_modules.
3. Copy the directory in its entirety (including node_modules) into a new directory (isolated-upgrade/).
4. Inside isolated-upgrade/, use yarn add to upgrade react-scripts to v1.0.6.
5. Copy the package.json and yarn.lock from the isolated-upgrade/ directory back to the project/ directory
6. Inside project/, use yarn install to upgrade react-scripts, as it now has the updated dependency files.

At the end, we have two yarn.lock files:

1. isolated-upgrade/yarn.lock: the result of effectively doing a yarn add react-scripts@1.0.6 in the original project
2. project/yarn.lock: the result of taking an upgraded yarn.lock, and doing a yarn install with the original set of packages (equivalent to pulling down an updated lockfile from GitHub)

I'd expect these files to be the same, but - at least when I run this on my machine - they're different.

For simpler sets of dependencies (e.g. just react-scripts) yarn 0.24 produces inconsistent results, but yarn 0.26 produces consistent results (possibly as a result of this PR). However, with the more complex files I've included in this repo, even yarn 0.26 produces inconsistent results.