I'm new to nopCommerce, but I ran the current version through Whitesource Bolt to get a dependency scan and it comes back with 23 vulnerable libraries. Most of these have a fix through a package upgrade. I'm wondering how these are usually resolved/maintained. Screenshot below:
