Debian LTS: DLA-3760-1: node-xml2js security update Prototype pollution has been fixed in node-xml2js, an XML to JavaScript object converter. For Debian 10 buster, this problem has been fixed in version