[Snyk] Fix for 3 vulnerabilities

[ahnan]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - src/leaflet/package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ASYNCVALIDATOR-2311201](https://snyk.io/vuln/SNYK-JS-ASYNCVALIDATOR-2311201) | Yes | Proof of Concept  | **484/1000**
**Why?** Has a fix available, CVSS 5.4 | XML External Entity (XXE) Injection
[SNYK-JS-XMLDOM-1084960](https://snyk.io/vuln/SNYK-JS-XMLDOM-1084960) | Yes | No Known Exploit  | **469/1000**
**Why?** Has a fix available, CVSS 5.1 | Prototype Pollution
[SNYK-JS-ZRENDER-1586253](https://snyk.io/vuln/SNYK-JS-ZRENDER-1586253) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ant-design-vue

The new version differs by 250 commits.

• 6d14732 release 3.1.0
• 6222e43 release 3.1.0
• 272430b fix: selectoption empty error
• 3274896 release 3.1.0-rc.6
• a154ecd fix: mentions cannot select, close #5432
• fa76f5c fix: blur & focus lose argumnet, close #5434
• 0d06ce2 feat: Modify the warning in the conductutil file for attention (#5424)
• a298b00 fix: sticky scrollbar show when init
• 9004644 perf: table hover & stickyScroll
• 797a1c6 doc: update next to main
• ec17787 fix: select option tootip error, close #5307
• 669b22a fix: tabs auto overflow error for addIcon
• 80342f4 release 3.0.0-rc.5
• afd74c9 fix: table sticky scroll bar not reactive
• 8e37ffb doc: update demo
• def6a72 fix: form scrollToField not work form nest field, close #5404, #5407
• 00dc2ad chore: update ts type (#5408)
• 790f83f release 3.1.0-rc.5
• 3613ece fix: select deep watch options, close #5398
• e146b48 fix: menuItem custom icon lose custom class, close #5390
• e9ba9fe doc: update changelog
• 1258825 release 3.1.0-rc.3
• b0042ab feat: support change base-primary for cssvar
• e7fb72c fix: Dropdown not auto adjust placement, close #5391

See the full diff

Package name: canvg

The new version differs by 100 commits.

• 98a12cb Merge pull request #712 from canvg/2.0.0
• 9eb51a5 rm beta
• 435d906 npm audit
• 4b9dee3 build
• 088abbe wip
• d04bb60 Merge pull request #710 from IronGeek/issue_709
• c2b43c6 fix build
• 67e33ec Merge pull request #711 from canvg/fix_build
• 4a9c313 lock node version
• 4eb5337 Parse number with scientific notation
• fbebf8e Merge pull request #707 from fargyriou/702-font-parsing
• 55d67f0 Issue 702: Fixed font parsing when defined as "font" and not through font properties
• cef40f0 Merge pull request #689 from canvg/2.0.0-beta.1
• aa8e62e 2.0.0-beta.1
• 4497122 Merge pull request #684 from bz2/browser_optional
• 2d75e00 Update docs for 2.0 dependency changes
• a98c42d Support browser dist without canvas dependency
• f79c146 Merge pull request #687 from canvg/dgorbash_master
• d9a772e adding test
• fe49c3b Merge branch 'textPath_support'
• fecc100 Backport upstream/master, minor code format fix
• 79c85e5 Sync master with upstream
• f236319 Merge pull request #678 from canvg/beta_readme
• b9c9223 spacing

See the full diff

Package name: echarts

The new version differs by 250 commits.

• 1c70026 Merge pull request #15745 from apache/release-dev
• 21d6317 release 5.2.1
• 5ff6216 Merge pull request #15735 from apache/series-type-register
• a11d9af feat(type): provide ability to extend series option
• b29726d Merge pull request #15732 from apache/master
• 6384acf Merge pull request #15731 from apache/fix-line-animation
• 4824ada fix(line): fix animation is not stopped when direct update points.
• 26e9a95 Merge pull request #15720 from apache/fix-legend-symbol-keep-aspect
• 5d667ec Merge pull request #15722 from williamorim/ptBRlang
• add3f76 chaging double quotes for single quotes
• b98affc Adding pt-BR lang file
• 6641951 Merge pull request #15683 from apache/fix-tooltip
• 35e3511 fix(legend): add back symbolKeepAspect. optimize code logic.
• 233d2a1 Merge pull request #15715 from apache/fix-test
• 3bea75a test: optimize test cases for visual regression test
• bdafcbc Merge pull request #15711 from apache/fix-line-gradient
• fde66ec Merge pull request #15589 from apache/fix-polar
• fc507c0 test(polar): update test case
• d88f7cb Merge pull request #15712 from apache/axis-hide-overlap
• 7dbf36c fix(time): add `axisLabel.hideOverlap`
• 344b648 fix(line): soft clipping gradient.
• 01bf5f1 Merge pull request #15706 from apache/fix-sunburst
• dd1890b fix(sunburst): improve code
• c5fcf82 fix(sunburst): radius in levels

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/ahnan/project/b57a4e35-b2c8-4839-aaa5-aa0eee71a604?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/ahnan/project/b57a4e35-b2c8-4839-aaa5-aa0eee71a604?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"e08215de-34a7-4f48-80aa-fa787663de00","prPublicId":"e08215de-34a7-4f48-80aa-fa787663de00","dependencies":[{"name":"ant-design-vue","from":"1.7.2","to":"3.1.0"},{"name":"canvg","from":"1.5.3","to":"2.0.0"},{"name":"echarts","from":"4.9.0","to":"5.2.1"}],"packageManager":"npm","projectPublicId":"b57a4e35-b2c8-4839-aaa5-aa0eee71a604","projectUrl":"https://app.snyk.io/org/ahnan/project/b57a4e35-b2c8-4839-aaa5-aa0eee71a604?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-ASYNCVALIDATOR-2311201","SNYK-JS-XMLDOM-1084960","SNYK-JS-ZRENDER-1586253"],"upgrade":["SNYK-JS-ASYNCVALIDATOR-2311201","SNYK-JS-XMLDOM-1084960","SNYK-JS-ZRENDER-1586253"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[586,484,469]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr) 🦉 [XML External Entity (XXE) Injection](https://learn.snyk.io/lessons/xxe/javascript/?loc=fix-pr) 🦉 [Prototype Pollution](https://learn.snyk.io/lessons/prototype-pollution/javascript/?loc=fix-pr)

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.