How to patch security issues on package-lock.json?

I have a security issue on my codes. I will just bring one of the issues as an example.

Secure Codes Scanner detected that I should NOT use lodash 4.17.11

I opened up package-lock.json, I saw

"lodash": "^4.17.11", and 14 more … of "lodash": " .... "

How do I fix these security issues ?

Should I go through all "lodash": " .... " and replace them all with "lodash": "4.7.19" as suggested?

enter image description here

How do we fix this kind of vulnerabilities?