Security Violations in Sonatype scan #4994
Description
We have a security scan on the project that there are some depending packages not passing the scanning.
And below are the npm ls of the package dependencies. namely - lodash 3.10.1, mongoose 4.13.21, express 4.17.1, mongodb 2.2.34
Policy Violations - Security-Critical
├─┬ keystone@4.2.1
│ ├─┬ asyncdi@1.1.0
│ │ └── lodash@3.10.1
├─┬ keystone@4.2.1
│ └── mongoose@4.13.21
Policy Violations - Security-High
└─┬ keystone@4.2.1
└── express@4.17.1
├─┬ keystone@4.2.1
│ └─┬ mongoose@4.13.21
│ └── mongodb@2.2.34