We discussed about the vulnerability that scanned by npm audit here with developer of node-java library that uses async dependency. So, there is a vulnerability that a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution. JFROG vulnerability scan also picked this up with the info above.
The issue in async before 2.6.4 and 3.x before 3.2.2.

Could you please publish a new release with this vulnerability fixed?
Thank you in advance!

This would be on the node-java project to update their dependency. The bug is already fixed here.