Fix resolver incorrect lockfile (issue #2629)

[bestander]

Summary

This PR fixes an issue in package-resolver that was revealed in #2629.

From the #2629 yarn.lock was incorrectly generated:

@angular/core@4.0.0-rc.1", "@angular/core@>=2.3.1 <5.0.0 || >=4.0.0-beta <5.0.0", "@angular/core@^2.0.0":
   version "4.0.0-rc.1"
   resolved "https://registry.yarnpkg.com/@angular/core/-/core-4.0.0-rc.1.tgz#7f87b7696b407476e45d6d3c1880a50d5afbb6e3"

@angular/core@^2.0.0 can't satisfy version 4.0.0-rc.1 and this inconsistency resulted in core-4.0.0-rc.1.tgz being represented as two different PackageRemote objects which lead to two concurrent downloads of the same .tgz file.

This PR adds a check for every find in package-resolver that the version in lockfile satisfies the version range of the pattern.
If the version does not satisfy the pattern then it is removed from lockfile and re-resolved.

Test plan

1. Added unit test.

2. Manual Test Plan

git clone <https://github.com/yarnpkg/yarn/issues/2629#issuecomment-282745896>
$ yarn install --ignore-scripts --network-concurrency 50
Using Yarn from /Users/bestander/work/yarn/bin/yarn
yarn install v0.24.0-0
[1/4] 🔍  Resolving packages...
warning Lockfile has incorrect entry for "@angular/core@^2.0.0". Ingoring it.
warning Lockfile has incorrect entry for "typescript@>=2.0.0 <2.2.0". Ingoring it.
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
warning "@angular/flex-layout@2.0.0-rc.1" has incorrect peer dependency "@angular/common@^2.2.3".
warning "@angular/material@2.0.0-beta.2" has incorrect peer dependency "@angular/common@^2.3.0".
warning "@angular/material@2.0.0-beta.2" has incorrect peer dependency "@angular/http@^2.3.0".
warning "angular2-notifications@0.4.53" has incorrect peer dependency "@angular/common@^2.1.2".
warning "angular2-notifications@0.4.53" has incorrect peer dependency "@angular/platform-browser@^2.1.1".
warning "ng2-translate@5.0.0" has incorrect peer dependency "@angular/http@^2.0.0".
warning "redux-batched-actions@0.1.5" has unmet peer dependency "redux@>=1.0.0".
[4/4] 📃  Building fresh packages...
warning Ignored scripts due to flag.
success Saved lockfile.
✨  Done in 48.73s.

$ git diff
diff --git a/frontend/yarn.lock b/frontend/yarn.lock
index 4572969..ef746c2 100644
--- a/frontend/yarn.lock
+++ b/frontend/yarn.lock
@@ -85,10 +85,14 @@
   version "4.0.0-rc.1"
   resolved "https://registry.yarnpkg.com/@angular/compiler/-/compiler-4.0.0-rc.1.tgz#e89f2d76f8800cb599e9dc6c7f8a381e79b92715"

-"@angular/core@4.0.0-rc.1", "@angular/core@>=2.3.1 <5.0.0 || >=4.0.0-beta <5.0.0", "@angular/core@^2.0.0":
+"@angular/core@4.0.0-rc.1", "@angular/core@>=2.3.1 <5.0.0 || >=4.0.0-beta <5.0.0":
   version "4.0.0-rc.1"
   resolved "https://registry.yarnpkg.com/@angular/core/-/core-4.0.0-rc.1.tgz#7f87b7696b407476e45d6d3c1880a50d5afbb6e3"

+"@angular/core@^2.0.0":
+  version "2.4.10"
+  resolved "https://registry.yarnpkg.com/@angular/core/-/core-2.4.10.tgz#0b8320a65065965d998645b1f5cd3cf769b441ea"
+
 "@angular/flex-layout@2.0.0-rc.1":
   version "2.0.0-rc.1"
   resolved "https://registry.yarnpkg.com/@angular/flex-layout/-/flex-layout-2.0.0-rc.1.tgz#96fa7f85b2c4bacf2784913a2d607e2ed23dc7f1"
@@ -4788,10 +4792,14 @@ type-is@~1.6.14:
     media-typer "0.3.0"
     mime-types "~2.1.13"

-typescript@2.2.1, typescript@>=2.1.4, "typescript@>=2.0.0 <2.2.0":
+typescript@2.2.1, typescript@>=2.1.4:
   version "2.2.1"
   resolved "https://registry.yarnpkg.com/typescript/-/typescript-2.2.1.tgz#4862b662b988a4c8ff691cc7969622d24db76ae9"

+"typescript@>=2.0.0 <2.2.0":
+  version "2.1.6"
+  resolved "https://registry.yarnpkg.com/typescript/-/typescript-2.1.6.tgz#40c7e6e9e5da7961b7718b55505f9cac9487a607"
+
 uglify-js@2.7.x, uglify-js@^2.6, uglify-js@^2.7.5:
   version "2.7.5"
   resolved "https://registry.yarnpkg.com/uglify-js/-/uglify-js-2.7.5.tgz#4612c0c7baaee2ba7c487de4904ae122079f2ca8"

[arcanis]

This commit will fix the corrupted lockfiles, but what's the root cause of the issue?

[bestander]

This commit will fix the corrupted lockfiles, but what's the root cause of the issue?

That is a mystery, I think some older version of Yarn might have had a bug generating lockfiles.

[arcanis]

👍