xml2js pin is to a version with a security vulnearbility

**Describe the bug**
The pinned version of xml2js is vulnerable to [this vulnerability](https://github.com/advisories/GHSA-776f-qx25-q3cc) which dependabot will flag.

**To Reproduce**
Steps to reproduce the behavior:
1. Install podcast-feed-parser
2. Enable dependabot

**Expected behavior**
Upgrade to >0.5.0