Render lockfiles changes in MRs instead of displaying them like a diff

Problem to solve

Lockfiles (composer.lock, yarn.lock, etc) are meant to be committed to application projects. When they do, they're naturally included in the repo browser and MRs.

The problem with it is they're usually huge (the bigger the app, the bigger the lockfile):

$ ll -h composer.lock 
-rw-r--r--. 1 dalibor.karlovic dalibor.karlovic 509K svi  21 14:40 composer.lock

Even with very simple changes, they're too large to display:

This also highlights the fact they're not guaranteed to match the actual change in the spec file (I can make the lockfile install whatever and then tailor the spec file to say it's a harmless change like pictured), they're an security attack vector.

Intended users

• Delaney (Development Team Lead)
• Sasha (Software Developer)
• Sam (Security Analyst)
• Rachel (Release Manager)
• Alex (Security Operations Engineer)
• Simone (Software Engineer in Test)

User experience goal

Undestanding the lockfile changes at a glance just like specfile.

Proposal

The lockfiles are by default rendered in MRs, something like this:

my/package: 1.2.3 => 1.4.5
my/other: added, 2.3.4
my/second: removed, was 2.3.3

This would make displaying them in MRs much easier and user friendly.

What does success look like, and how can we measure that?

People viewing, understanding and interacting with lockfiles (commenting on them in MRs, etc), not just accepting them as a binary payload.