🐛[BUG] [Security] Deprecated dependencies on @ant-design/plots

[sabelaV]

🐛 bug 描述 [详细地描述 bug，让大家都能理解]

I want to notice that the latest version of "@ant-design/plots": "^2.3.2" has a deprecated dependency, it´s rollup, it depends on [email protected]. This dependency: [email protected] depends on [email protected]. This is a very old version of this library and this means introducing vulnerabilities in the project. Theese libraries has been installed also with npm install --omit=optional command. Could you review this issue, please? Thanks in advance.

📷 复现步骤 [清晰描述复现步骤，让别人也能看到问题]

🏞 期望结果 [描述你原本期望看到的结果]

💻 复现代码 [提供可复现的代码，仓库，或线上示例]

© 版本信息

• ant-design-charts 版本: [e.g. 0.9.0]
• 浏览器环境
• 开发环境 [e.g. mac OS]

🚑 其他信息 [如截图等其他信息可以贴在这里]

[archisvaze]

rollup  <2.79.2
Severity: high
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS - https://github.com/advisories/GHSA-gcx4-mw62-g8wm
fix available via npm audit fix
node_modules/rollup
  fmin  *
  Depends on vulnerable versions of rollup
  node_modules/fmin
    @antv/g2plot  2.3.33 - 2.4.32
    Depends on vulnerable versions of fmin
    node_modules/@antv/g2plot

18 high severity vulnerabilities

[lxfu1]

benfred/fmin#13 ?

[alii13]

Any possible fix for this? facing the same issue

[allisonphillips]

Might want to add [Security] after bug in your issue title for more visibility, like in #1930