Update vulnerable packages

[FreeFrags]

We installed antd and run npm audit.

And found that these dependencies have vulnerablabilities.

d3-color  <3.1.0
Severity: high
d3-color vulnerable to ReDoS - https://github.com/advisories/GHSA-36jr-mh4h-2g58
fix available via `npm audit fix`
node_modules/d3-color
  @antv/g-lite  *
  Depends on vulnerable versions of d3-color
  node_modules/@antv/g-lite
    @antv/g  >=5.8.9
    Depends on vulnerable versions of @antv/g-lite
    node_modules/@antv/g
      @ant-design/plots  >=2.0.0-alpha.0
      Depends on vulnerable versions of @antv/g
      Depends on vulnerable versions of @antv/g2
      Depends on vulnerable versions of @antv/g2-extension-plot
      node_modules/@ant-design/plots
      @antv/component  >=1.0.0-beta.1
      Depends on vulnerable versions of @antv/g
      node_modules/@antv/component
        @antv/g2  >=5.0.17
        Depends on vulnerable versions of @antv/component
        Depends on vulnerable versions of @antv/g-plugin-dragndrop
        node_modules/@antv/g2
          @antv/g2-extension-plot  *
          Depends on vulnerable versions of @antv/g2
          node_modules/@antv/g2-extension-plot
    @antv/g-camera-api  *
    Depends on vulnerable versions of @antv/g-lite
    node_modules/@antv/g-camera-api
    @antv/g-canvas  >=1.9.0
    Depends on vulnerable versions of @antv/g-lite
    node_modules/@antv/g-canvas
    @antv/g-dom-mutation-observer-api  *
    Depends on vulnerable versions of @antv/g-lite
    node_modules/@antv/g-dom-mutation-observer-api
    @antv/g-plugin-canvas-path-generator  >=1.1.12
    Depends on vulnerable versions of @antv/g-lite
    node_modules/@antv/g-plugin-canvas-path-generator
      @antv/g-plugin-canvas-picker  <=1.0.0-alpha.32 || 1.1.8-alpha.0 - 1.6.0 || >=1.8.9
      Depends on vulnerable versions of @antv/g-lite
      Depends on vulnerable versions of @antv/g-plugin-canvas-path-generator
      Depends on vulnerable versions of @antv/g-plugin-canvas-renderer
      node_modules/@antv/g-plugin-canvas-picker
      @antv/g-plugin-canvas-renderer  1.1.8-alpha.0 - 1.6.0 || >=1.7.15
      Depends on vulnerable versions of @antv/g-lite
      Depends on vulnerable versions of @antv/g-plugin-canvas-path-generator
      node_modules/@antv/g-plugin-canvas-renderer
    @antv/g-plugin-dom-interaction  >=1.7.12
    Depends on vulnerable versions of @antv/g-lite
    node_modules/@antv/g-plugin-dom-interaction
    @antv/g-plugin-dragndrop  >=1.6.12
    Depends on vulnerable versions of @antv/g-lite
    node_modules/@antv/g-plugin-dragndrop
    @antv/g-plugin-html-renderer  >=1.7.12
    Depends on vulnerable versions of @antv/g-lite
    node_modules/@antv/g-plugin-html-renderer
    @antv/g-plugin-image-loader  >=1.1.13
    Depends on vulnerable versions of @antv/g-lite
    node_modules/@antv/g-plugin-image-loader
    @antv/g-web-animations-api  *
    Depends on vulnerable versions of @antv/g-lite
    node_modules/@antv/g-web-animations-api

18 high severity vulnerabilities

[xiaoiver]

I'll upgrade d3-color from 1.x to 3.x asap. https://security.snyk.io/vuln?search=d3-color

But actually I have tried this a few months ago and failed. https://github.com/antvis/G/issues/1282

But now maybe I can use Victory charts instead of d3 deps. https://github.com/recharts/recharts/commit/bcb199c0d60b79fa09704413ed9a440cc0a7b1c9

[FreeFrags]

Thanks! looking forward to the update