yarn2nix: use yarn lockfile integrity field whenever possible

Whenever available use the SRI hashes from the integrity field to create
the fetchurl calls instead of entirely relying on the `resolved` sha1
which may or may not exist with recent yarn versions.

Related issues:

- https://github.com/nix-community/yarn2nix/issues/125
- https://github.com/NixOS/nixpkgs/issues/77238

pkgs/development/tools/yarn2nix-moretea/yarn2nix/internal/fixup_yarn_lock.js

@@ -25,14 +25,14 @@ const result = []
 
 readFile
   .on('line', line => {
-    const arr = line.match(/^ {2}resolved "([^#]+)#([^"]+)"$/)
+    const arr = line.match(/^ {2}resolved "([^#]+)(#[^"]+)?"$/)
 
     if (arr !== null) {
       const [_, url, shaOrRev] = arr
 
       const fileName = urlToName(url)
 
-      result.push(`  resolved "${fileName}#${shaOrRev}"`)
+      result.push(`  resolved "${fileName}${shaOrRev ?? ''}"`)
     } else {
       result.push(line)
     }

pkgs/development/tools/yarn2nix-moretea/yarn2nix/lib/generateNix.js

@@ -69,7 +69,7 @@ function fetchgit(fileName, url, rev, branch, builtinFetchGit) {
 
 function fetchLockedDep(builtinFetchGit) {
   return function (pkg) {
-    const { nameWithVersion, resolved } = pkg
+    const { integrity, nameWithVersion, resolved } = pkg
 
     if (!resolved) {
       console.error(
@@ -102,14 +102,14 @@ function fetchLockedDep(builtinFetchGit) {
       return fetchgit(fileName, urlForGit, rev, branch || 'master', builtinFetchGit)
     }
 
-    const sha = sha1OrRev
+    const [algo, hash] = integrity ? integrity.split('-') : ['sha1', sha1OrRev]
 
     return `    {
       name = "${fileName}";
       path = fetchurl {
         name = "${fileName}";
         url  = "${url}";
-        sha1 = "${sha}";
+        ${algo} = "${hash}";
       };
     }`
   }