The last pentest was two years ago
Since then you've shipped new features and extended your APIs, and the kinds of attacks people run have moved on. That old report describes a system that no longer exists. It says nothing useful about where you stand today.