[SECURITY] Prototype Pollution in @umijs/deps@3.5.43 via bundled immer@9.0.5

`@umijs/deps@3.5.43` bundles `immer@9.0.5` at `compiled/immer/index.js`,
which is vulnerable to Prototype Pollution (GHSA-33f9-j839-rf8h / CVE-2021-23436).

**Vulnerable versions:** `immer < 9.0.6`  
**Patched version:** `immer@9.0.6`  
**Advisory:** https://github.com/advisories/GHSA-33f9-j839-rf8h

Please rebuild with immer@9.0.6 or later as soon as possible.

@sorrycc