Running audit-ci with yarn 4.1.1 is broken, and does not report vulnerabilities at all.

It seems that v4 introduced major changes to the json output format of yarn npm audit that break audit-ci.

Example output in a project with vulnerabilities:

$ npx audit-ci
audit-ci version: 6.6.1
Yarn Berry audit report results:
undefined
undefined
[truncated]
undefined
undefined
Passed yarn security audit.

I updated one of the existing tests in test/yarn-berry-moderate to use yarn 4, and it (obviously) fails.