.NET transitive dependencies not showing on dependency chart

[vmcbaptista]

Transitive dependencies are not added to dependency graph even if support for packages.lock.json is enabled.

These lock files must be considered to also detect vulnerabilities in transitive dependencies.

Note tha dependabot recently added support to these lock files, which makes this even more relevant.