chore: Upgrade xlsx version to fix security vulnerability

[kagol]

English | 简体中文

经过验证：

• 执行 pnpm build:plugin / pnpm build:alpha 命令成功
• 构建设计器成功

由于xlsx在npm仓最新版本只有 0.18.5（https://www.npmjs.com/package/xlsx）

通过SheetJS官网了解到：

xlsx 新版本已经迁移到 https://cdn.sheetjs.com/

[email protected] 之前的版本都是有安全漏洞的，需要升级到 0.20.2

有以下两个方案：

1. 方案一：按照 SheetJS 官网提供的命令进行安装：pnpm --filter @opentiny/tiny-engine-plugin-datasource install --save https://cdn.sheetjs.com/xlsx-0.20.2/xlsx-0.20.2.tgz，安装成功后 package.json 中增加依赖声明："xlsx": "https://cdn.sheetjs.com/xlsx-0.20.2/xlsx-0.20.2.tgz"，这样的话在构建设计器时会报错，提示： ETIMEDOUT  request to https://cdn.sheetjs.com/xlsx-0.20.2/xlsx-0.20.2.tgz failed, reason: connect ETIMEDOUT xxx:443。结论：该方案不可行。
2. 方案二：将[email protected]版本的tgz包下载到本，放到src平级的xlsx目录，pacakge.json 中增加依赖声明："xlsx": "file:./xlsx/xlsx-0.20.2.tgz"，经过验证此方案可以正常构建设计器。结论：该方案可行，本PR采用此方案。

PR

PR Checklist

Please check if your PR fulfills the following requirements:

• [x] The commit message follows our Commit Message Guidelines
• [ ] Tests for the changes have been added (for bug fixes / features)
• [ ] Docs have been added / updated (for bug fixes / features)
• [x] Built its own designer, fully self-validated

PR Type

What kind of change does this PR introduce?

• [ ] Bugfix
• [ ] Feature
• [ ] Code style update (formatting, local variables)
• [ ] Refactoring (no functional changes, no api changes)
• [ ] Build related changes
• [ ] CI related changes
• [ ] Documentation content changes
• [x] Other... Please describe:

Background and solution

What is the current behavior?

Issue Number: N/A

What is the new behavior?

Does this PR introduce a breaking change?

• [ ] Yes
• [x] No

Other information