Describe the bug
When the lock file contains multiple versions of the same library, and at least one version is vulnerable - the tool detects the library, but returns as output the last version written in the file.
The issue was found when trying to run the tool on the https://github.com/nrwl/nx repo.

Version of dependency-check used
The problem occurs using version 6.5.0 of the cli

To Reproduce
Steps to reproduce the behavior:
Real life scenario:

1. clone the nx repo (https://github.com/nrwl/nx)
2. remove the existing yarn.lock file and create a package-lock.json file instead
3. run dependency-check cli
4. in the report, we see only version 6.0.1 of ansi-regex library although this version has no vulnerability.
   In the lock file, we may see lots of occurrences of ansi-regex with different versions (some vulnerable and some not).

** when running on the existing yarn.lock file, the tool reports about version 2.0.1 (also has no vulnerability), and it's the first in the file

Smaller example:

1. create a node project with the following package.json file

{
  "dependencies": {
    "string-width": "2.1.1",
    "strip-ansi-stream": "2.0.1"
  }
}

2. run npm i
3. run the cli tool
4. in the report, we see only version 6.0.1 of ansi-regex library although this version has no vulnerability.
   In the lock file, we may see lots of occurrences of ansi-regex with different versions (some vulnerable and some not).

Expected behavior
Report only the ansi-regex versions with vulnerability