Security Violations in Sonatype scan

[arthurtalkgoal]

We have a security scan on the project that there are some depending packages not passing the scanning.

And below are the npm ls of the package dependencies. namely - lodash 3.10.1, mongoose 4.13.21, express 4.17.1, mongodb 2.2.34

Policy Violations - Security-Critical

├─┬ keystone@4.2.1
│ ├─┬ asyncdi@1.1.0
│ │ └── lodash@3.10.1

├─┬ keystone@4.2.1
│ └── mongoose@4.13.21

Policy Violations - Security-High

└─┬ keystone@4.2.1
└── express@4.17.1

├─┬ keystone@4.2.1
│ └─┬ mongoose@4.13.21
│ └── mongodb@2.2.34